Content moderation: the ICO’s guide

Content moderation: the ICO’s guide

On 16 February, the ICO issued guidance to help online platforms by setting out how data protection law applies to content moderation activities. We’ve seen increasing obligations on online platforms to proactively protect its users, especially in light of the UK’s Online Safety Act and the EU’s Digital Services Act, which has thrown a greater focus on the need for content moderation tools. In its guidance, the ICO (in collaboration with Ofcom) have brought to the attention of organisations that care must be taken in how personal data is being used as part of moderation processes and ensuring that data protection rules are respected.

The guidance and press release highlights concerns around the results of moderation processes causing potential harm if they incorrectly assess content as illegal, when the determination is based on inaccurate personal data. Individuals wrongly identified as being responsible for the illegal content mean that platforms are at risk of enforcement action and damages. To help assist platforms, the guidance clarifies:

  • how to mitigate data processing risks and to process on a lawful basis, fairly and transparently;
  • how to comply with principles around data minimisation and purpose limitations, and to respect the rights of individuals including access, accuracy and rectification;
  • the parameters of whether a moderation system involves solely automated decision-making and the rules which apply if so; and
  • how to comply with the ICO’s Children’s Code for any processing of children’s data.

The ICO plans to issue a series on online safety technologies in collaboration with Ofcom to ensure that data protection rights are respected whilst platforms take measures to ensure online safety. Online safety rules and data protection both need to be complied with and its clear from the recent guidance and the previous joint statement by the ICO and Ofcom that it is not the case of one or the other, but about a holistic approach to compliance with both.

If you would like to keep up to date on the latest in data protection, please get in touch to subscribe to our newsletter, The Data Download.

Recent posts

Previous
Next
The UK's data protection regulator publishes a new code of conduct for UK private investigators and litigation services
Read more
Unable to row the distance: No copyright in a rowing machine as a work of artistic craftsmanship (WaterRower v Liking)
Read more
The wait is over – Sky v SkyKick decision handed down today
Read more
Autumn Budget 2024: Headlines
Read more
The Final Word
Read more
The UK's new Data (Use and Access) Bill has been introduced into Parliament
Read more
New reforms but a long wait for change: government publishes Employment Rights Bill draft
Read more
The UK's Data Protection Regulator begins its modernisation plans
Read more
A cautionary tale of lessons learnt in cases involving crypto fraud from D'Aloia v Persons Unknown Category A & Ors [2024]
Read more
‘This is a true story’: A lesson learnt from ‘Baby Reindeer’ for shows dramatising the lives of real people
Read more

More from this author

Previous
Next
What businesses should consider before implementing monitoring
Read more
Take note: new guidance on the ICO’s penalties and fines
Read more
European Parliament issues negative opinion on the EU-US data transfer arrangement
Read more
ICO focusses on child protection in latest guidance to the games industry
Read more
Government to replace the UK GDPR
Read more

Share this page