UK's New Online Safety Law will Restrict Internet Content
Xcina Blog

UK’s New Online Safety Law will Restrict Internet Content

In this issue of In Perspective, Jackie Barlow, Data Protection Senior Consultant at Xcina Consulting, discusses the questions every business should be asking. This month we look at why the new online safety law will restrict internet content, why the ICO are issuing new guidance for processing workers’ health information and why the ICO are favouring reprimands over fines.

We take a look at why this is important and the implications for both businesses and individuals.

Find out more below.

UK’s new online safety law will restrict internet content

What happened

  • The UK now has a law that governs the supervision and control of websites and their content. The law is primarily aimed at social networks like Meta, TikTok and content sites like YouTube
  • The law will require the removal of illegal content quickly or stop it being uploaded in the first place
  • It will prohibit content that is offensive or inappropriate to children and require websites to set up systems to ensure the age of the user is verified
  • Social networks will need to improve their transparency about the risks for minors when they use social networks
  • Websites will need to provide tools to allow users to filter offensive content
  • In addition, the new law makes it easier to charge abusers who share intimate photos and will put more offenders in prison and better protect the public. If found guilty, there is a maximum penalty of 6 months in custody
  • Ofcom is the main regulator of internet content and it will be able to impose fines for violations up to £18 million or 10% of global turnover, whichever is higher.

Why it matters

  • The new law takes a zero tolerance approach to protecting children and ensures that social media platforms are responsible for their content
  • Children will not be able to access harmful and age-inappropriate content
  • Parents and children will have clear and accessible ways to report problems quickly
  • If social media platforms do not act quickly to prevent or remove illegal content and stop children seeing harmful content, they face significant fines
  • Senior managers might also face prison
  • In anticipation of the new law, the biggest social media companies have already started to take action; Snapchat has removed accounts of its underage users and TikTok has implemented stronger age verification methods


Further information can be found at;

Britain makes internet safer, as Online Safety Bill finished and ready to become law – GOV.UK (

ICO issues new guidance on processing workers’ health information

What happened

  • The ICO has published new guidance for employers on how workers’ health information should be processed
  • The guidance includes advice on:-
    • sickness and injury records
    • information contained in occupational health schemes
    • information on medical examinations and testing
    • information on genetic testing
    • monitoring employees’ health
    • when workers’ health information can be shared
  • The guidance is in two parts; the first section is an overview about how data protection laws apply to health information and the second considers the main employment practices that process workers’ health information
  • The guidance aims to:-
    • Help provide greater regulatory certainty
    • Protect workers’ data protection rights
    • Help employers to build trust with workers
  • It is essential that health information is used fairly and lawfully, so employers must have justifiable reasons for collecting/processing it and provide evidence of these

Why it matters

  • Health information is some of the most sensitive personal information that is processed by organisations. It is classed as ‘special category data’ under data protection laws which means that it must be handled with a greater level of care than personal data
  • The new ICO guidance will assist employers in understanding their data protection obligations when handling individuals’ health information
  • The guidance will provide greater certainty about data protection laws, protect workers’ rights and help employers build trust with the individuals that work for them


Further information

The guidance and useful checklists, can be found at Information about workers’ health | ICO

Reprimands instead of fines – is the current ICO enforcement regime effective?

What happened

  • Currently, where data breaches occur, the ICO tends to issue reprimands instead of fines and these reprimands are usually published online
  • Concerns have been raised about a lack of consistency in the process of issuing reprimands. There is no process in the UK GDPR or the Data Protection Act 2018 governing how a reprimand must be issued
  • Additionally, there is no mechanism to appeal the receipt of a reprimand and this might mean that recipients of reprimands suffer reputational or legal risks unfairly
  • This means that an organisation might receive a reprimand with no warning and it will not have the right to make representations or be able to challenge it effectively, even if the ICO overlooks something or makes a mistake
  • Until a FOI request in 2021, revealed that a number of reprimands had been issued by the ICO since GDPR came into effect (May 2018), the use of reprimands was not well known. Now reprimands are usually published by the ICO (although not always)
  • The decision to publish reprimands was taken by the ICO as part of a drive to make it clear to organisations what the law requires
  • Without clear details about what triggers a reprimand and what the procedure for serving one or appealing against one should be, the current situation is not satisfactory

Why it matters

  • It has been surprising to see so few fines imposed by the ICO, whilst the use of reprimands has increased
  • More importantly, the current reprimand-only regime continues against a backdrop of serious data breaches
  • Concerns have been raised about the lack of consistency and clarity in the process of issuing reprimands
  • Concerns have also been raised that reprimands are not capable of effective appeal so there is a risk of reputational damage but no way to contest them
  • With no clarity in the process of issuing reprimands and no opportunity to challenge them, there might need to be a rethink!


Further information

Details of enforcement action by the ICO, including reprimands can be found at

Enforcement action | ICO

We’d love to hear from you

Jackie has over 14 years’ experience in providing advice and training on data protection, records management and electronic marketing, which she has gained from working in a number of different types of organisations. Prior to joining Xcina, she managed the data protection functions at an investment management firm, pensions provider and within the not-for-profit sector including a university and charity. She is experienced in identifying and overcoming complex information governance and data protection challenges.

To discuss how the areas highlighted in this post, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at We’d love to hear from you.

Jackie Barlow

Data Protection Senior Consultant and Group Privacy Officer

Speak to me directly by Email, or
Telephone: +44 (0)20 3745 7843

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>