In my last blogpost I sought to unpack the content of the UK government’s proposed duty of care for online harms, with a focus on the scope of online companies covered, the types of speech and activity implicated, and the role of the proposed sectoral regulator. Evidently, each of these pillars of the proposal is worthy of further scrutiny, particularly with respect to their impact on fundamental rights and the existing regulatory paradigm for online content.
Yet before we embark on that substantive assessment, it is first worth exploring how well the UK government’s proposal maps onto traditional understandings of duty of care in the common law tradition. Is the extension of a duty of care to ‘online harms’ a legitimate move on the part of the UK’s executive branch? The objective of this post is to answer that question.
Facebook the theme park; Twitter the bar
As I lamented last time around, the UK government’s Online Harms white paper is unfortunately lacking in a substantive rationale for why the duty of care model is the best candidate for the next generation of online content regulation laws. Thankfully, as they did with explaining how the duty of care model would practically work online, William Perrin and Lorna Woods provide an argument for why it could work online, by referencing ‘offline’ analogies.
In their testimony to the UK Parliament, Perrin and Woods argue inter alia that social media services should be understood as ‘quasi-public spaces’, similar in nature to an office, bar, or theme park. In the ‘offline world’ operators of public spaces are regulated by duties of care to their ‘users’, and in the interest of regulatory consistency a similar regime should apply to ‘public spaces’ where they exist online. As such, that the duty of care model is considered to be the optimum approach to regulating ‘offline’ public spaces is reason to apply the model to these ‘online’ counterparts too.
The annals of internet law and policy are riddled with arguments from analogy. As policymakers and lawyers have attempted over the years to mould emerging internet issues into more familiar conceptual frameworks, the internet’s apparent likeness to the public square, the bookshop, and the newspaper (amongst other stalwarts of the analogue era) have been invoked to advance an argument for regulating online content in this or that way. Yet, the experience of 25 years of internet lawmaking and jurisprudence should make us wary of regulating by analogy. Indeed, to do justice to the unique technical architecture of the internet and the role it plays in economic and social life, a more thorough self-standing policy rationale is required for advancing any regulatory model. In my mind, there are two crucial reasons that undermine any such self-standing policy rationale for the duty of care model.
An empty analogy?
Firstly, we must acknowledge serious doubts as to whether, at the conceptual level, a duty of care is properly applicable to the internet intermediaries and ‘online harms’. For while one could argue at length about the intricacies of the tort of negligence, there is basic agreement in the literature that duties of care are outcome-orientated — compliance with a duty (or lack thereof) is assessed through the metric of harm or injury arising to individuals to whom the duty is owed. However, in the context of the internet sector this is not an appropriate metric. The nature of online services and the harms that arise through them are radically distinct from the ‘offline spaces’ that are traditionally subject to a duty of care. Indeed, to demand that the operator of an internet intermediary service ‘protect’ its users from ‘harm’ in the traditional negligence sense is an impossible task, lest the internet architecture be radically altered and fundamental rights protections be radically diminished. Indeed, the risk of some content-related harms is an inherent trade off in the provision and consumption of UGC services, and the best we can aim at as a policy objective is to sufficiently minimise them. Interestingly, it appears that the UK government is implicitly conscious of this problem, in that its white paper focuses extensively on the measures duty-bound intermediaries should undertake, rather than the typical outcome-oriented objective of a duty of care (effectively, to protect all users from all harm). It raises the question then as to why the UK government chose the duty of care approach to begin with, and not a dedicated procedural accountability framework.
Secondly, we are fortunate to be able to draw upon a useful heuristic for assessing the existence — actual or normative — of a duty of care, namely the three-step test established by the UK House of Lords in Caparo Industries PLC v Dickman. In Caparo, the court established that for a duty of care to exist: 1) harm must be reasonably foreseeable as a result of the defendant’s conduct; 2) the parties must be in a relationship of proximity; and 3) it must be fair, just, and reasonable to impose a liability. While the Caparo test has been superseded in some respects by subsequent court rulings, it remains a crucial touchstone for assessing the suitability of the duty of care approach, and for interrogating arguments from analogy used to advocate for an extension of the model to new domains.
In my view, the proposed duty of care would, at a minimum, fail the second Caparo test. This arises from the fact that a crucial feature of the so-called ‘online harms’ is the fact that they typically arise as a result of what users say (or in the case of ‘activities’, do) to one another. Unlike the situation for ‘offline’ spaces subject to a duty of care, it is rarely the case that the operator’s act or omission is the direct cause of harm accruing to a user — harm is almost always grounded in another user’s actions. In that context, it is difficult to see how an online intermediary could be said to hold a relationship of sufficient proximity with the affected party, at least if we wish to maintain some consistency with how proximity is understood in the body of negligence statute and case law. To turn the analogy on its head, it would be highly unusual for a court to consider a theme park operator to have a duty of care to protect its patrons from insulting each other in the roller-coaster queue.
In my view, to be confident that internet intermediaries meet the proximity test we would be obliged to ascribe to the view that the online intermediary heavily contributes to and compounds the arising harm through its actions and omissions. For me, this is simply too divorced from how the overwhelming majority of online intermediary services actually function. After all, there is a reason why the law purposely limits their liability and refrains from defining them as publishers of third party content. While I am nonetheless sympathetic to the argument that certain content recommendation engines satisfy the second Caparo test on the basis of their aggressive micro-targeting and algorithmic curation, the scope of the government proposal is far broader than simply content recommendation engines, and so should be critiqued as such. Moreover, even if one accepts that content recommendation engines satisfy the Caparo tests, there are still compelling reasons why a duty of care is not the appropriate policy instrument to achieve the regulator’s aims with respect to those services (an issue that I will take up in later posts).
Ultimately then, I believe the theoretical conditions for establishing a duty of care for online intermediaries vis-à-vis their users is not met. To do so would twist the law of negligence in a wholly new direction; an extremely risky endeavour given the context and precedent-dependent nature of negligence and the fact that the ‘harms’ under consideration are so qualitatively different than those subject to ‘traditional’ duties. Yet, since it is likely that the UK government will nonetheless proceed with a statutory duty of care, it is prudent to explore how the model would intersect with, and potentially undermine, individuals’ rights and the existing regulatory paradigm.
With that in mind, my next post will advance a rights-based critique of the duty of care model, in view of the jurisprudence around the EU Court of Justice and the European Court of Human Rights.