United Kingdom
A Obstacles to Access | 24 25 |
B Limits on Content | 30 35 |
C Violations of User Rights | 25 40 |

The internet remained free for users in the United Kingdom (UK), with widespread availability and few major constraints on access or content. Following the lead of its European counterparts, however, the government did restrict access to two Russia-backed media outlets and asked platform operators to restrict access to their content. Policymakers also proposed or passed new or revised legislation seeking to further regulate online platforms and internet service providers (ISPs).
The UK—which includes the constituent countries of England, Scotland, and Wales along with the territory of Northern Ireland—is a stable democracy that regularly holds free elections and is home to a vibrant media sector. While the government enforces robust protections for political rights and civil liberties, recent years have seen concerns about increased government surveillance of residents, as well as rising Islamophobia and anti-immigrant sentiment. In a 2016 referendum, UK voters narrowly voted to leave the European Union (EU), through a process known colloquially as “Brexit,” which will have political and economic reverberations both domestically and across Europe in the coming years.
- Internet access continued to expand during the coverage period, and the government has continued to propose initiatives to address persisting digital divides. In October 2021, for instance, the government announced the £5 billion ($6.7 billion) Project Gigabit to bring faster and more reliable broadband internet to 570,000 rural premises (see A2).
- The Telecommunications (Security) Act 2021 received royal assent in November 2021, amending the Communications Act 2003 and empowering the government to restrict market entry on national security concerns. The act was criticized by legal scholars for potentially limiting market diversity (see A4).
- In April 2022, Michael Grade, a former British Broadcasting Corporation (BBC) chairman, was named chairman of Ofcom, the country’s primary telecommunications regulator. His four-year term started in May. Politicians and civil society questioned Grade’s independence from the ruling Conservatives along with his expertise (see A5).
- Websites for Russia-backed outlets Sputnik News and RT both presented signs of blocking in the UK and several other European countries around March 2022. Also that month, Nadine Dorries, then the culture secretary, requested that Facebook, Twitter, and TikTok block access to those outlets’ content in the UK (see B1 and B2).
- While inauthentic coordinated behavior was identified in the UK’s online information landscape during the coverage period, misleading online content and efforts to manipulate the online sphere seen around Brexit and the 2019 election did not recur (see B5).
- Reporting from October 2021 detailed the recent expansion of the Metropolitan Police Service’s (MPS) social media monitoring operations between September 2020 and July 2021 (see C5).
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? | 6.006 6.006 |
Access to the internet is considered a key element of societal and democratic participation in the UK. Broadband access is almost ubiquitous, and nearly 100 percent of households are within range of ADSL (asymmetric digital subscriber line) connections. All national mobile service providers offer fourth-generation (4G) network technology, and the four largest—EE, O2, Vodafone, and Three—offer 5G service.
The Digital Economy Act 2017 obliges service providers to offer minimum connection speeds of 10 megabits per second (Mbps).1 Access to “superfast” broadband connections, with advertised speeds of at least 30 Mbps, continues to expand, covering 96 percent of UK premises as of December 2021.2 Fiber-optic coverage reached 28 percent of UK homes as of that month, a 10 percent increase since 2020.
Mobile telephone penetration is extensive. Ofcom estimates that 5G connectivity is available from at least one mobile service provider outside at least 42 to 57 percent of premises. The country’s four major service providers report they provide 4G outdoor coverage to approximately 99 percent of premises and 79 to 86 percent of the nation’s landmass.
In July 2020, the government banned the purchase of 5G technology from Chinese telecommunications company Huawei beginning in 2021 and ordered existing Huawei equipment removed by the end of 2027 due to security concerns (see A4).3 Major service providers, including EE, Three, and Vodafone, all use Huawei equipment in their 5G infrastructure; the cost of that removal was estimated at over £500 million ($667 million) in 2020.4 Huawei has since, however, partnered with three UK companies to build a private 5G network at the Cambridge Wireless 5G Testbed.5
- 1United Kingdom, Digital Economy Act 2017, http://www.legislation.gov.uk/ukpga/2017/30/contents/enacted; Jamie Rigg, “How the Digital Economy Act will come between you and porn and everything else you need to know about the new legislation,” Engaget, May 3, 2017, https://www.engadget.com/2017/05/03/digital-economy-act-explainer/
- 2Ofcom, “Connected Nations 2021: UK Report,” December 16, 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0035/229688/connected-n…
- 3Department for Digital, Culture, Media & Sport, “Huawei to be removed from UK 5G networks by 2027,” July 14, 2020 https://www.gov.uk/government/news/huawei-to-be-removed-from-uk-5g-netw…
- 4Jim Pickard and Nic Fildes, “UK draws up 3-year plan to remove Huawei from 5G networks,” Financial Times, May 23, 2020, https://www.ft.com/content/1c226144-a3a9-4533-ab14-88d65142ba05
- 5Joe O’Halloran, “Huawei teams with UK innovators to create 5G futures,” Computer Weekly, October 25, 2021, https://www.computerweekly.com/news/252508601/Huawei-teams-with-UK-inno…
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? | 3.003 3.003 |
Score change: The score improved from 2 to 3 because of the affordability of internet connectivity and the lack of a significant digital divide.
Internet access continues to expand, gradually reducing regional and demographic disparities.
The UK provides a competitive market for internet access, and prices for communications services compare favorably with those in other countries. The Economist’s Inclusive Internet Index 2022 ranks the UK fifth overall out of 100 countries surveyed, and first for affordability, defined by cost of access relative to income and the level of internet-market competition.1
According to analytics company Cable, the average cost of 1 gigabyte (GB) of mobile data in 2022 was £0.67 ($0.89).2 In July 2021, Ofcom reported that the average monthly price for mobile use (excluding handset cost) dropped from £12.23 ($15.81) in 2019 to £10.96 ($14.62) in 2020.3 Ofcom also reported that the average monthly household spend on communications services was £122.51 ($163.41) in 2020, a 1 percent increase compared to 2019.4
Meanwhile, the average monthly broadband cost in 2022 was £29.66 ($39.89).5 Several fixed-line broadband providers offer low-cost packages, however, including five that offer targeted tariffs for £10 ($13.31) or £15 ($19.97) a month.6 Ofcom’s expenditure analysis shows that 3.3 million households with the country’s lowest incomes spend over 4 percent of their disposable income on fixed-line broadband service, almost four times as much as the average household.7
Despite the positive trends in the UK, 6 percent of households remain offline. In an April 2021 report, Ofcom noted lower-income households (representing 11 percent of the total), and the most financially vulnerable (10 percent) were the least likely to have internet access.8
In October 2021, the UK government announced the £5 billion ($6.7 billion) Project Gigabit to bring faster and more reliable high-speed services to 570,000 rural premises.9
According to 2020 data from the Office of National Statistics, virtually all residents between the ages of 16 and 44 are internet users, with most accessing the internet through their mobile device.10 There is almost no gender gap in internet use as of 2020—93 percent of men used the internet compared to 91 percent of women.11
- 1The Economist Intelligence Unit, “The Inclusive Internet Index 2022,” accessed September 13, 2022, https://impact.economist.com/projects/inclusive-internet-index/2022/cou…
- 2“Worldwide Mobile Data Pricing 2022,” Cable.co.uk, 2022, https://www.cable.co.uk/mobiles/worldwide-data-pricing/
- 3Ofcom, “Pricing trends for communications services in the UK,” July 22, 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0013/222331/Pricing-tre…
- 4Ofcom, “Pricing trends for communications services in the UK,” July 22, 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0013/222331/Pricing-tre…
- 5“Global broadband pricing league table 2022,” Cable.co.uk, 2022, https://www.cable.co.uk/broadband/pricing/worldwide-comparison
- 6Ofcom, “Pricing trends for communications services in the UK,” July 22, 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0013/222331/Pricing-tre…
- 7Ofcom, “Pricing trends for communications services in the UK,” July 22, 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0013/222331/Pricing-tre…
- 8Ofcom, “Digital divide narrowed by pandemic, but around 1.5m homes remain offline,” April 28, 2021, https://www.ofcom.org.uk/about-ofcom/latest/media/media-releases/2021/d…
- 9Gov.uk, “Building Digital UK to become executive agency of DCMS,” December 3, 2021, https://www.gov.uk/government/news/building-digital-uk-to-become-execut…; Gov.uk, “Better broadband for 500,000 rural homes in UK gigabit revolution,” October 29, 2021, https://www.gov.uk/government/news/better-broadband-for-500000-rural-ho…
- 10Office for National Statistics, “Internet users, UK: 2020,” 2020, https://www.ons.gov.uk/businessindustryandtrade/itandinternetindustry/b…
- 11Office of National Statistics “Internet users in the UK 2020,” 2020, https://www.ons.gov.uk/businessindustryandtrade/itandinternetindustry/b…
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? | 6.006 6.006 |
The government does not exercise control over the internet infrastructure and does not routinely restrict connectivity.
The government does not place limits on the amount of bandwidth ISPs can supply, and the use of internet infrastructure is not subject to direct government control. ISPs regularly engage in traffic shaping or slowdowns of certain services, such as peer-to-peer (P2P) file sharing and television streaming. Mobile service providers have cut back on previously unlimited access packages for smartphones, reportedly because of network congestion concerns.
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? | 5.005 6.006 |
There are few obstacles to the establishment of service providers in the UK, allowing for a competitive market that benefits users.
Major ISPs include Virgin Media with a 24 percent market share, BT (formerly British Telecom) with 23 percent, Sky with 17 percent, TalkTalk with 9 percent, and others constituting the remaining 27 percent.1 Ofcom continues to use regulations to promote the unbundling of services so that incumbent owners of infrastructure invest in their networks while also allowing competitors to make use of them.2
ISPs are not subject to licensing, but they must comply with general conditions set by Ofcom, such as having a recognized code of practice and being a member of a recognized alternative dispute-resolution scheme.3
Among mobile service providers, EE, which has been owned by BT since 2016, leads the market with 22 percent of subscribers, followed by O2 with 19 percent, Vodafone with 15 percent, Three with 10 percent, and Tesco with 7 percent.4 Mobile virtual network operators (MVNOs) including Tesco provide service using the infrastructure owned by one of the other companies.
The Telecommunications (Security) Act 2021, which received royal assent that November, to amend the Communications Act 2003, places stronger legal obligations on telecommunications service providers to identify and reduce the risk of cybersecurity breaches and prepare for their occurrence.5 The law empowers the government to regulate and issue codes of practice for service providers to this effect via secondary legislation, which had not been finalized by the end of the coverage period. Draft measures have been described as onerous by some legal scholars.6 Providers who do not comply could receive sanctions of up to 10 percent of global turnover. Consultation on draft regulations and an associated draft code of practice closed in May 2022.7
The act also allows the government to issue Designated Vendor Directions (DVDs) regarding high-risk vendors that are deemed threats to national security. The government produced a DVD for Huawei, for instance, when it previously banned the purchase of Huawei equipment and mandated its eventual removal by service providers (see A1). The act legally enshrines these measures and has been criticized by some legal scholars for potentially limiting market diversity.8
- 1Ofcom, “Technology tracker 2021,” “QE7,” 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0015/219102/technology-…
- 2Ofcom, “Wholesale Local Access Market Review: Statement–Volume 1,” March 28, 2018, https://www.ofcom.org.uk/__data/assets/pdf_file/0020/112475/wla-stateme…
- 3Ofcom, “Consolidated Version of General Conditions of Entitlement,” December 16, 2013, https://web.archive.org/web/20140717212346/http://stakeholders.ofcom.or…
- 4Ofcom, “Technology tracker 2021,” “QD10,” 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0015/219102/technology-…
- 5The Telecommunications (Security) Act 2021, https://www.legislation.gov.uk/ukpga/2021/31/contents/enacted
- 6Julian Cunningham-Day and David Martin, “ UK: Telecommunications (Security) Act 2021 heralds a step change in cyber laws,” Linklaters, November 25, 2021, https://www.linklaters.com/it-it/insights/blogs/digilinks/2021/november…
- 7DCMS, “Telecoms security: proposal for new regulations and code of practice,” March 22, 2022, https://www.gov.uk/government/consultations/proposal-for-new-telecoms-s…
- 8Martyn Landi, “Government powers to strip Huawei equipment from 5G networks come into force,” Evening Standard, November 18, 2021, https://www.standard.co.uk/news/uk/huawei-government-chinese-b967049.ht…; Julian Cunningham-Day and David Martin, “ UK: Telecommunications (Security) Act 2021 heralds a step change in cyber laws,” Linklaters, November 25, 2021, https://www.linklaters.com/it-it/insights/blogs/digilinks/2021/november…
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? | 4.004 4.004 |
The various entities responsible for regulating internet service and content in the UK generally operate impartially and transparently.
Ofcom, the primary telecommunications regulator, is an independent statutory body. It has broadly defined responsibility for the needs of “citizens” and “consumers” regarding “communications matters” under the Communications Act 2003.1 It is overseen by Parliament and also regulates the broadcasting and postal sectors.2 Ofcom has some authority to regulate content with implications for the internet, such as regulating video content in keeping with the EU Audiovisual Media Services Directive.3 Ofcom will enforce the Online Safety Bill, which existed in draft form as of April 2022 (see B3, B5, and B6).4 The most recent appointment of the Ofcom chair sparked controversy during the coverage period. 5 Michael Grade, a former BBC board chairman, was confirmed as Ofcom’s chairman in April 2022 and his four-year term began in May. His independence from the government and ruling Conservative Party, as well as his expertise, was questioned by politicians and civil society.6
Nominet, a nonprofit company operating in the public interest, manages access to the .uk, .wales, and .cymru country domains.
Other groups regulate services and content through voluntary ethical codes or coregulatory rules under independent oversight. In 2012, major ISPs published a Voluntary Code of Practice in Support of the Open Internet, which commits ISPs to transparency and confirms that traffic management practices will not be used to target and degrade competitors’ services.7 Amendments to the code clarify that signatories could deploy content filtering for public Wi-Fi access.8 Ofcom also maintains voluntary codes of practice related to internet speed provision, dispute resolution, and the sale and promotion of internet services.9
Criminal online content is addressed by the Internet Watch Foundation (IWF), an independent self-regulatory body funded by Nominet and industry associations (see B3).10 The Advertising Standards Authority and the Independent Press Standards Organisation regulate newspaper websites.
The Digital Regulation Cooperation Forum (DRCF), formed in July 2020 by the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO), and Ofcom, and later joined by the Financial Conduct Authority, was created to promote greater cooperation between entities on online regulatory matters.11
- 1Communications Act 2003, Part 1, Section 3 http://www.legislation.gov.uk/ukpga/2003/21/contents
- 2Ofcom, “What is Ofcom?” https://www.ofcom.org.uk/about-ofcom/what-is-ofcom
- 3DigitalTV Europe, “Ofcom to take over VoD regulation from ATVOD,” October 14, 2015, http://www.digitaltveurope.net/443191/ofcom-to-take-over-vod-regulation…
- 4Department for Digital, Culture, Media, and Sport, “Draft Online Safety Bill,” May 12, 2021, https://www.gov.uk/government/publications/draft-online-safety-bill.
- 5Jim Waterson, “Michael Grade emerges as favourite to become new Ofcom chair,” The Guardian, March 22, 2022. https://www.theguardian.com/media/2022/mar/22/michael-grade-emerges-as-…
- 6Dan Milmo, “Michael Grade confirmed as Ofcom chair despite MPs’ warning,” The Guardian, April 1, 2022, https://www.theguardian.com/media/2022/apr/01/mps-voice-fears-over-mich…
- 7Broadband Stakeholder Group, “ISPs launch Open Internet Code of Practice,” July 25, 2012, http://www.broadbanduk.org/2012/07/25/isps-launch-open-internet-code-of…
- 8Broadband Stakeholder Group, “Open Internet Code of Practice,” May 2013, http://www.broadbanduk.org/wp-content/uploads/2013/06/BSG-Open-Internet…
- 9Ofcom, “Codes of Practice,” https://www.ofcom.org.uk/phones-telecoms-and-internet/information-for-i…
- 10The Internet Watch Foundation https://www.iwf.org.uk/; The Internet Watch Foundation, “EU co-funding,” https://www.iwf.org.uk/partnerships/eu-consortium; https://www.iwf.org.uk/members
- 11Gov.uk, “The Digital Regulation Cooperation Forum,” March 10, 2021, https://www.gov.uk/government/collections/the-digital-regulation-cooper…
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? | 4.004 6.006 |
Score Change: The score declined from 5 to 4 because the websites of Russia-backed outlets Sputnik News and RT presented signs of blocking in March 2022, amid broader European efforts to restrict the outlets’ reach across the continent.
Blocking generally does not affect political and journalistic content or other internationally protected forms of online expression. Service providers do block and filter some content that falls into one of three categories: copyright-infringing material, the promotion of terrorism, and depictions of child sexual abuse. Optional filtering can be applied to additional content, particularly material that is considered unsuitable for children.
According to measurements conducted by the Open Observatory for Network Interference (OONI), Sputnik News and RT both presented signs of blocking around March 2022 in several European countries, including the UK. The EU officially banned the outlets, including downloading their apps and sharing their content on social media, on March 2, in a stance against Moscow’s “continuous and concerted propaganda actions” around the invasion of Ukraine (see B2).1 Both sites continued to present signs of blocking through the end of the coverage period.2
In October 2019, the government dropped plans for automated age verification for online pornography, set to enter into force in April 2019, 3 deeming it technically infeasible.4 The Digital Economy Act 2017 includes provisions that allow blocking of “extreme” pornographic material, setting standards that critics said were poorly defined and could be unevenly applied.5 In May 2021, the BBC reported that the draft Online Safety Bill did not include an age-verification system (see B3, B5, and B6);6 the government announced in February 2022 that the legal duty requiring age-verification controls, with threat of blocking in cases of noncompliance, would be introduced in the latest version. 7
ISPs are required to block domains and URLs found to be hosting material that infringes copyright when ordered to do so by the High Court (see B3).8
Overseas-based URLs hosting content that has been reported by police for violating the Terrorism Act 2006, which prohibits the glorification or promotion of terrorism, are included in the optional child filters supplied by many ISPs.9 “Public estates” like schools and libraries also block such URLs.10 The content can still be accessed on private devices.11
ISPs block URLs containing photographic or computer-generated depictions of child sexual abuse or criminally obscene adult content in accordance with the Internet Services Providers’ Association’s voluntary code of practice (see A5). Mobile service providers also block URLs identified by the IWF as containing such content.
All mobile service providers and some ISPs that provide home service filter legal content that is considered unsuitable for children. Mobile service providers enable these filters by default, requiring customers to prove that they are over age 18 to access the unfiltered internet.12 Content considered suitable for adults only includes the promotion of illegal drugs, sex education, and discriminatory language. Website owners can check whether their sites are filtered under one or more category, or report overblocking, by emailing the industry-backed nonprofit group Internet Matters,13 though the process and timeframe for correcting mistakes varies by provider.
These optional filters can affect a range of legitimate content pertaining to public health, LGBT+ topics, drug awareness, and even information published by civil society groups and political parties (see B3).14 A 2014 Ofcom report found that ISPs include “proxy sites, whose primary purpose is to bypass filters or increase user anonymity, as part of their standard blocking lists.”15
Blocked, a site operated by the Open Rights Group, allows users to test the accessibility of websites and report excessive blocking and optional filtering by both home broadband and mobile internet providers.16 As of March 2021, the number of blocked and filtered sites was reported to be over 775,000; more than 21,000 of which are suspected to be blocked inadvertently.17 This includes sites related to advice for abuse victims, addiction counseling, LGBT+ subjects, and school websites.18
- 1Jillian Deutsch, “RT, Sputnik Content Officially Banned Across European Union,” Bloomberg, March 2, 2022, https://www.bloomberg.com/news/articles/2022-03-02/rt-sputnik-content-o…
- 2OONI Explorer, “Web Connectivity Test: United Kingdom,” accessed September 14, 2022, https://explorer.ooni.org/search?since=2022-07-12&until=2022-08-12&fail…; OONI Explorer, “OONI Measurement Aggregation Toolkit (MAT),” accessed September 14, 2022, https://explorer.ooni.org/chart/mat?test_name=web_connectivity&domain=w…
- 3Department for Digital, Culture, Media & Sport, “Age-verification for online pornography to begin in July”, April 17, 2019, https://www.gov.uk/government/news/age-verification-for-online-pornogra…; Matt Burgess, “It's official. The UK's porn block is delayed for at least 6 months,” Wired, June 20, 2019, https://www.wired.co.uk/article/uk-porn-block-delayed
- 4Matt Burgess, “The UK's porn block is officially dead,” Wired, October 16, 2019, https://www.wired.co.uk/article/uk-porn-block-law-cancelled
- 5Damien Gayle, “What, how and why? The UK’s new online porn restrictions explained,” The Guardian, November 25, 2016, https://www.theguardian.com/culture/2016/nov/25/what-how-and-why-the-uk…
- 6David Malloy, “Porn blocker 'missing' from Online Safety Bill prompts concern,” BBC, May 18, 2021, https://www.bbc.com/news/technology-57143746
- 7Gov,uk, “World-leading measures to protect children from accessing pornography online,” February 8, 2022, https://www.gov.uk/government/news/world-leading-measures-to-protect-ch…; Open Rights Group, “Government’s new proposal could force people to age verify before using Google for Reddit,” February 8, 2022, https://www.openrightsgroup.org/press-releases/governments-new-proposal…
- 8Sections 17 and 18 of the Digital Economy Act (DEA) of 2010 separately allowed for the courts to order websites containing “substantial” violations of copyright to be blocked. In August 2011, the government announced that the DEA’s blocking provisions would be dropped, in part because it was already authorized under another law. See: “Government drops website blocking,” BBC News, August 3, 2011, http://www.bbc.com/news/technology-14372698
- 9Patrick Wintour, “UK ISPs to introduce jihadi and terror content reporting button,” The Guardian, November 13, 2014 https://www.theguardian.com/technology/2014/nov/14/uk-isps-to-introduce…
- 10Open Net Initiative, “United Kingdom,” December 18, 2010, https://opennet.net/research/profiles/united-kingdom#footnote47_syc8fbo; Terrorism Act 2006, http://www.legislation.gov.uk/ukpga/2006/11/pdfs/ukpga_20060011_en.pdf
- 11What do they Know, “attachment to the Freedom of Information request ‘Current status of terrorist internet filtering’,” June 28, 2013, https://www.whatdotheyknow.com/request/160774/response/404100/attach/ht…
- 12Mobile UK was formerly the Mobile Broadband Group. Mobile UK, “Who we are,” https://www.mobileuk.org/about-mobile-uk; Mobile Broadband Group, “UK Code of practice for the self-regulation of content on mobiles,” version 3, July 1, 2013, https://uploads-ssl.webflow.com/5b7ab54b285dec5c113ee24d/5d5d4f65228753…; Ofcom, “Ofcom report on internet safety measures,” https://www.ofcom.org.uk/research-and-data/internet-and-on-demand-resea…
- 13Internet Matters, “Advice for website owners,” https://www.internetmatters.org/parental-controls/info-site-owners/
- 14Thomas Brewster, “O2 blocks BNP website as ‘hate site’,” Silicon.co.uk, May 18, 2012, https://www.silicon.co.uk/workspace/o2-blocks-bnp-website-as-hate-site-…; Steven Mackenzie, “Internet Access: Are You Being Subjected To 'Private Sector Censorship?'” The Big Issue, September 10, 2014, http://www.bigissue.com/features/4323/internet-access-are-you-being-sub…
- 15Ofcom, “Ofcom report on internet safety measures,” July 22, 2014, https://www.ofcom.org.uk/__data/assets/pdf_file/0019/27172/Internet-saf…
- 16Blocked!, “Is your website blocked?”, https://www.blocked.org.uk/
- 17Blocked!, “Is your website blocked?”, https://web.archive.org/web/20200512051558/https://www.blocked.org.uk/
- 18Blocked!, “Internet Filtering Statistics, Not only adult content is being blocked,” https://www.blocked.org.uk/stats
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? | 3.003 4.004 |
Political, social, and cultural content is generally not subject to forced removal, though excessive enforcement of rules against illegal content can affect protected speech (see B1). The government continues to develop regulations that would compel platforms to restrict content that is deemed harmful but not necessarily illegal (see B3, B5, and B6).
On March 3, 2022, the day after the EU banned broadcasts, the sharing of social media content, and app downloads from RT and Sputnik, then culture secretary Nadine Dorries requested that Facebook, Twitter, and TikTok block access to the outlets’ content via UK services (see B1).1 Meta reported that it would restrict access to both outlets across the UK.2 Ofcom revoked RT’s broadcasting license later that month.3
The Terrorism Act calls for the removal of online material hosted in the UK if it “glorifies or praises” terrorism, could be useful to terrorists, or incites people to carry out or support terrorism. As of April 2019, the police’s Counter-Terrorism Internet Referral Unit (CTIRU), which compiles lists of such content, reported that 310,000 pieces of material had been taken down since 2010.4
When child sexual abuse images or criminally obscene adult materials are hosted on servers in the UK, the IWF coordinates with police and local hosting companies to have it taken down. For content that is hosted on servers overseas, the IWF coordinates with international hotlines and police to have the offending content taken down in the host country. Similar processes exist under the oversight of True Vision, a site that is managed by the National Police Chiefs’ Council (NPCC), for the investigation of online materials that incite hatred.5
In 2019, the European Court of Justice (ECJ) ruled that search engines do not have to apply the right to be forgotten—the removal of links from search results at the request of individuals if the stories in question are deemed to be inadequate or irrelevant—for all global users after receiving an appropriate request to do so in Europe.6 In April 2018, the UK’s High Court ordered Google to delist search results about a businessman’s past criminal conviction in its first decision on the right to be forgotten. In another case, the court rejected a similar claim made by a businessman who was sentenced for a more serious crime.7
Despite ending membership in the EU, the British government and data protection regulator, the ICO, committed to implementing the EU’s General Data Protection Regulation (GDPR),8 which came into force in May 2018 (see C6). Under the GDPR, the right to be forgotten, along with other rights enshrined in the GDPR, will continue to apply in the UK under the Data Protection Act 2018.
During the COVID-19 pandemic, the Cabinet Office Rapid Response Unit (RRU) began an aggressive campaign to address “misinformation narratives” concerning the virus.9 The RRU has worked with social media platforms to remove certain content identified as “misinformation.” In some cases, the RRU flags the content or posts a rebuttal.
- 1Council of the EU, “EU imposes sanctions on state-owned outlets RT/Russia Today and Sputnik's broadcasting in the EU,” Press release, March 2, 2022, https://www.consilium.europa.eu/en/press/press-releases/2022/03/02/eu-i…; Jennifer Ryan and Thomas Seal, “U.K. Asks Meta and TikTok to Block RT and Sputnik After EU Ban,” Bloomberg, March 3, 2022, https://www.bloomberg.com/news/articles/2022-03-03/u-k-asks-meta-tiktok…; Natali Helberger and Wolfgang Schulz, “Understandable, but still wrong: How freedom of communication suffers in the zeal for sanctions,” June 10, 2022, https://blogs.lse.ac.uk/medialse/2022/06/10/understandable-but-still-wr…
- 2“UK asks Meta, Tik Tok to prevent access to RT,” Reuters, March 3, 2022, https://www.reuters.com/business/media-telecom/uk-asks-meta-tik-tok-pre…
- 3Ofcom, “Ofcom revokes RT’s broadcast licence,” Press release, March 18, 2022, https://www.ofcom.org.uk/news-centre/2022/ofcom-revokes-rt-broadcast-li…
- 4UK Counter Terrorism Policing, “Neil Basu Welcomes Online Safety Measures,” April 8, 2019 https://www.counterterrorism.police.uk/neil-basu-welcomes-online-safety…
- 5True Vision, “Internet Hate Crime” http://www.report-it.org.uk/reporting_internet_hate_crime
- 6Leo Kelion, “Google wins landmark right to be forgotten case,” BBC, September 24, 2019, https://www.bbc.com/news/technology-49808208
- 7Jamie Grierson, Ben Quinn, “Google loses landmark 'right to be forgotten' case,” The Guardian, April 13, 2018, https://www.theguardian.com/technology/2018/apr/13/google-loses-right-t…
- 8Max Metzger, “ICO sets out international vision and route to GDPR compliance,” SC Media, July 5, 2017, https://web.archive.org/web/20181116041144/https://www.scmagazineuk.com….
- 9Gov.uk. “Government cracks down on spread of false coronavirus information online,” March 30, 2020, https://www.gov.uk/government/news/government-cracks-down-on-spread-of-…
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? | 3.003 4.004 |
The regulatory framework and actual procedures for managing online content are largely proportional, transparent, and open to correction. However, the optional filtering systems operated by ISPs and mobile service providers—particularly those meant to block material that is unsuitable for children—have been criticized for a lack of transparency, inconsistency between providers, and excessive application that affects legitimate content.
In May 2021, the government published the Online Safety Bill (see B5 and B6), which proposes a new regulatory framework to compel search engines and online platforms to address and remove illegal and harmful content under the statutory duties of care, defined as an obligation “to moderate user-generated content in a way that prevents users from being exposed to illegal and harmful content online.”1 A revised draft was introduced in March 2022 after a period of parliamentary scrutiny.2 The bill had not been approved by the end of the coverage period.
The bill would apply to illegal content, “content that is harmful to adults,” and “content that is harmful to children.” Illegal content includes child sexual exploitation and abuse (CSEA) offenses, terrorist content, and additional content specified in Schedule 7 of the bill. The bill broadly defines “content that is harmful to adults” and “content that is harmful to children” as content that presents a “material risk of significant harm to an appreciable number of [users] in the United Kingdom.” While the bill does not expressly require the use of automated content-moderation tools, online services would be required to use “accredited technology” to remove terrorist and CSEA content, and to “swiftly take down content.” The revised bill grants Ofcom the power to issue relevant notices.3
The proposed legislation targets services including search engines and “user-to-user” services, defined as an internet service that hosts user-generated content or facilitates public or private interaction between at least two people. Under the bill, the culture secretary may designate some services as “Category 1,” based on their function and number of users, to take additional action to combat harmful content.4 Those services would also be required to protect “journalistic content,” which seemingly includes independent journalists, and “content of democratic importance,” broadly defined as content that “appears to be specifically intended to contribute to democratic political debate in the United Kingdom or a part or area of the United Kingdom.” Protections for “journalistic content” would include an expedited content-removal appeals process for journalists.5 A proposed change to the bill announced in July 2022, after the coverage period, would bar platforms from removing news content until an appeals process concludes.6
For noncompliant services, Ofcom would be empowered to issue notices and fines up to £18 million ($24 million) or 10 percent of global turnover, whichever is higher. In a December 2020 response to the consultation of the white paper, the government noted that these fines would make it “less commercially viable” for services to operate in the UK, thus forcing companies to comply.7 Additionally, Ofcom would have the ability to order a suspension of service for noncompliant platforms, and an interim suspension of service in extreme cases. If the suspension orders are deemed ineffective, Ofcom would then be empowered to order interim and long-term access restriction orders. Ofcom would also be responsible for drafting relevant codes of practice for the management of harmful content.8
Under the Digital Economy Act 2017, ISPs are legally empowered to use both blocking and filtering methods, if allowed by their terms and conditions of use.9 Civil society groups have criticized the default filters used by ISPs and mobile service providers to review content deemed unsuitable for children, arguing that they lack transparency and affect too much legitimate content, which makes it difficult for consumers to make informed choices and for content owners to appeal wrongful blocking (see B1).
ISPs block URLs using content-filtering technology known as Cleanfeed, which was developed by BT in 2004. The process involves deep packet inspection (DPI), a granular method of monitoring traffic that enables blocking of individual URLs rather than entire domains.
ISPs are notified about websites hosting content that has been determined to violate or potentially violate UK law under at least three different procedures. The IWF compiles and distributes a list of specific URLs containing photographic or computer-generated depictions of CSEA or criminally obscene adult content to ISPs;10 the CTIRU compiles an unpublished list of URLs—which are filtered on public-sector networks—hosted overseas that contain material considered to glorify or incite terrorism under the Terrorism Act 2006;11 and the High Court can order ISPs to block websites found to be infringing copyright under the Copyright, Designs, and Patents Act 1988.12 Copyright-related blocking has been criticized for its inefficiency and opacity.13
In some cases, mobile service providers’ filtering activity may be outsourced to third-party contractors, further limiting transparency.14 Child-protection filters are enabled by default in mobile internet browsers, though users can disable them by verifying that they are over the age of 18. MVNOs are believed to be capable of using their parent service’s filtering infrastructure.15 O2 allows its users to check how a particular site has been classified.16 The filtering is based on a classification framework for mobile content published by the British Board of Film Certification (BBFC), the designated age-verification regulator.17 The BBFC adjudicates appeals from content owners and publishes the results quarterly.18
Website owners and companies that knowingly host illicit material and fail to remove it may be held liable, even if the content was created by users, according to EU Directive 2000/31/EC (the E-Commerce Directive).19 Updates to the Defamation Act effective since 2014 limit companies’ liability for user-generated content that is considered defamatory. However, the Defamation Act offers protection from private libel suits based on third-party postings only if the plaintiff is able to identify the user responsible for the allegedly defamatory content.20 The act does not specify what sort of information the website operator must provide to plaintiffs, but it raised concerns that websites would register users and restrict anonymity in order to avoid civil liability.21
- 1Edina Harbinja, “U.K.’s Online Safety Bill: Not That Safe, After All?”, Lawfare, July 8, 2021, https://www.lawfareblog.com/uks-online-safety-bill-not-safe-after-all
- 2Online Safety Bill, March 17, 2022, https://publications.parliament.uk/pa/bills/cbill/58-02/0285/210285.pdf
- 3Edina Harbinja, “U.K.’s Online Safety Bill: Not That Safe, After All?”, Lawfare, July 8, 2021, https://www.lawfareblog.com/uks-online-safety-bill-not-safe-after-all
- 4Department for Digital, Culture, Media, and Sport, “Draft Online Safety Bill,” May 12, 2021, https://www.gov.uk/government/publications/draft-online-safety-bill.
- 5Edina Harbinja, “U.K.’s Online Safety Bill: Not That Safe, After All?,” Lawfare, July 8, 2021, https://www.lawfareblog.com/uks-online-safety-bill-not-safe-after-all
- 6Dan Milmo, “Tech platforms face UK ban on blocking news providers before appeal,” The Guardian, July 7, 2022, https://www.theguardian.com/technology/2022/jul/07/tech-platforms-face-…
- 7Department for Digital, Culture, Media & Sport, “Online Harms White Paper: Full government response to the consultation,” December 15, 2020, https://www.gov.uk/government/consultations/online-harms-white-paper/ou…
- 8Department for Digital, Culture, Media, and Sport, “Draft Online Safety Bill,” May 12, 2021, https://www.gov.uk/government/publications/draft-online-safety-bill.
- 9“Digitial Economy Act 2017,” s. 104, http://www.legislation.gov.uk/ukpga/2017/30/section/104/enacted
- 10Internet Watch Foundation, “URL List Policy,” https://www.iwf.org.uk/members/member-policies/url-list; Internet Watch Foundation, “URL Blocking: Good Practice,” https://www.iwf.org.uk/become-a-member/services-for-members/url-list/ur…; Open Rights Group Wiki, “Cleanfeed,” https://wiki.openrightsgroup.org/wiki/Cleanfeed.
- 11Open Net Initiative, “United Kingdom,” December 18, 2010, https://opennet.net/research/profiles/united-kingdom#footnote47_syc8fbo; Terrorism Act 2006, http://www.legislation.gov.uk/ukpga/2006/11/pdfs/ukpga_20060011_en.pdf; “2010 to 2015 government policy: counter-terrorism,” May 8, 2015, https://www.gov.uk/government/publications/2010-to-2015-government-poli…; National Police Chiefs Council, “The Counter Terrorism Internet Referral Unit,” https://web.archive.org/web/20160426105626/http://www.npcc.police.uk/NP…
- 12Sections 17 and 18 of the Digital Economy Act (DEA) of 2010 separately allowed for the courts to order websites containing “substantial” violations of copyright to be blocked. In August 2011, the government announced that the DEA’s blocking provisions would be dropped, in part because it was already authorized under another law. See: “Government drops website blocking,” BBC News, August 3, 2011, http://www.bbc.com/news/technology-14372698
- 13Ofcom, “Site blocking” to reduce online copyright infringement,” May 27, 2011, https://assets.publishing.service.gov.uk/government/uploads/system/uplo…
- 14Blocked! “Personal Stories,” https://www.blocked.org.uk/personal-stories
- 15Blocked! “Frequently Asked Questions,” https://www.blocked.org.uk/faqs
- 16O2, “Site Checker,” http://urlchecker18plus.o2.co.uk/
- 17BBFC, “Mobile Content: Framework,” http://www.bbfc.co.uk/what-classification/mobile-content/framework. In 2013, the British Board of Film Classification took over this function from the Independent Mobile Classification Body. See, BBFC, “BBFC replaces the Independent Mobile Classification Board (IMCB) as the regulation framework provider for mobile internet content,” July 1, 2013, http://www.bbfc.co.uk/about-bbfc/media-centre/bbfc-replaces-independent…
- 18BBFC, “Quarterly Report,” http://www.bbfc.co.uk/what-classification/mobile-content/quarterly-repo…
- 19European Parliament, “Directive 2000/31/EC of the European Parliament,” http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX%3A32000L0031
- 20Mike Masnick, “Did UK Gov’t Already effectively Outlaw Anonymity Online With Its New Defamation Law?,” TechDirt, August 11, 2014, https://www.techdirt.com/articles/20140807/17234928145/did-uk-govt-alre…
- 21Eric Goldman, “UK’s New Defamation Law May Accelerate The Death of Anonymous User-Generated Content Internationally,” Forbes, May 9, 2013, http://www.forbes.com/sites/ericgoldman/2013/05/09/uks-new-defamation-l…; Mike Masnick, “Did UK Gov’t Already effectively Outlaw Anonymity Online With Its New Defamation Law?,” TechDirt, August 11, 2014, https://www.techdirt.com/articles/20140807/17234928145/did-uk-govt-alre….
Do online journalists, commentators, and ordinary users practice self-censorship? | 3.003 4.004 |
Self-censorship, though difficult to assess, is not understood to be a widespread problem in the UK. However, due to factors including the government’s extensive surveillance practices, it appears likely that some users censor themselves when discussing sensitive topics to avoid potential government intervention or other repercussions (see C5).1
- 1Nik Williams, “Writers silenced by surveillance: self-censorship in the age of big data,” Open Democracy, December 14, 2018, https://www.opendemocracy.net/en/opendemocracyuk/writers-silenced-by-su…
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? | 4.004 4.004 |
Score Change: The score improved from 3 to 4 because misleading online content and efforts to manipulate the online sphere did not significantly impact online information during the coverage period.
Concerns about content manipulation increased from 2016 through 2020, with foreign, partisan, and extremist groups allegedly using automated “bot” accounts, fabricated news, and altered images to shape discussions on social networks.
Though such concerns have somewhat abated since 2020, coordinated inauthentic behavior did occur during the coverage period. In November 2021, Meta reported removing a network of 524 Facebook accounts, 20 pages, 4 groups, and 86 Instagram accounts that originated in China and targeted English-speaking audiences in the UK and the United States. Meta found links to employees of a Chinese information-security firm and individuals associated with Chinese state-owned infrastructure firms.1 In December 2021, Meta reported removing a network of 8 Facebook accounts and 126 Instagram Iran-based accounts that primarily targeted Scotland and the UK as a whole. The accounts, which employed popular hashtags promoting Scottish independence, posed as English or Scottish citizens and produced and amplified political content including criticism of the UK government. They also tried to contact policymakers.2
During the December 2019 general election, the governing Conservative Party and opposition Labour Party spread misleading content and disinformation on social media, including doctored videos shared by the Conservative Party.3 Google banned eight Conservative ads for “violating Google’s advertising policy”; six related to a website created by Conservative Party officials that imitated Labour’s election manifesto.4 In July 2020, the UK government said that the Russian government had tried to influence the 2019 election by illicitly acquiring sensitive US-UK trade documents and distributing them on the social media platform Reddit.5
The online environment was allegedly manipulated surrounding the 2016 Brexit referendum and the June 2017 elections, adding to the polarization of online political discourse. In the lead-up to the referendum, targeted online ads distributed by Leave campaign groups on Facebook included misleading statistics and claims, with one even accusing the EU of seeking to ban teakettles.6 In May 2017, Facebook reported that it had removed tens of thousands of inauthentic accounts to limit the impact of deliberately misleading information disguised to look like news reports; such accounts had spread online prior to the elections.7
A parliamentary inquiry into social media interference intensified in March 2018, when Christopher Wylie, a former employee at the data analytics company Cambridge Analytica, claimed that the firm had illegally obtained information from Facebook on millions of accounts and had developed techniques for categorizing and influencing potential voters.8
The government runs a counterdisinformation campaign called SHARE—previously known as Don’t Feed the Beast—that provides users with a checklist of features to note before sharing posts and media online.9 The Online Safety Bill would empower Ofcom to create a disinformation-and-misinformation advisory committee to advise online services (see B3 and B6).10
- 1“November 2021 Coordinated Inauthentic Behavior Report,” Meta, November 2021, https://about.fb.com/wp-content/uploads/2021/12/November-2021-CIB-Repor…
- 2“December 2021 Coordinated Inauthentic Behavior Report,” Meta, December 2021, https://about.fb.com/wp-content/uploads/2022/01/December-2021-Coordinat…
- 3Danica Kirka, “UK election is full of dirty tricks and political clicks,” Associated Press, December 5, 2019, https://apnews.com/a0cd68b37bbf45de8df9a3175ee369e1
- 4Jon Strone, “Google bans eight different Tory election adverts as disinformation concerns mount,” Independent, December 1, 2019, https://www.independent.co.uk/news/uk/politics/tory-general-election-ad…
- 5Jack Stubbs, “Leak of classified papers ahead of UK election tied to Russian operation: Reddit,” Reuters, December 6, 2019, https://www.reuters.com/article/us-britain-election-foreign/distributio…
- 6“Facebook releases details of Leave campaign ads targeted at users,” The Scotsman, July 26, 2018, https://www.scotsman.com/news/uk/facebook-releases-details-of-leave-cam…
- 7Mark Scott, “Facebook Aims to Tackle Fake News Ahead of U.K. Election,” New York Times, May 8, 2017 https://www.nytimes.com/2017/05/08/technology/uk-election-facebook-fake…
- 8Parliament. UK, Commons Select Committee “Committee to push for Zuckerberg evidence after Facebook CTO fails to answer questions fully,” April 26, 2018, https://old.parliament.uk/business/committees/committees-a-z/commons-se….
- 9Share Checklist, “Be careful what you share. Things aren’t always what they seem online,” Gov.uk, https://sharechecklist.gov.uk/
- 10Online Safety Bill, March 17, 2022, https://publications.parliament.uk/pa/bills/cbill/58-02/0285/210285.pdf .
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? | 3.003 3.003 |
Online media outlets face economic constraints that negatively impact their financial sustainability, but these are the result of market forces, not political intervention.
Publishers have struggled to find a profitable model for their digital platforms, though more than half of the population reportedly consumes news online. In 2021, a survey conducted for Ofcom found that 73 percent of adults used the internet to access news, with social media being the most popular online source.1
Ofcom is responsible for enforcing the EU’s 2015 Open Internet Regulation, which includes an obligation for ISPs to ensure net neutrality—the principle that internet traffic should not be throttled, blocked, or otherwise disadvantaged on the basis of content. This regulation was revised slightly but largely preserved in UK law after the country's exit from the EU was finalized in 2020.2
The Online Safety Bill (see B3 and B5) would empower Ofcom to fine online services the greater of £18 million ($24 million) or 10 percent of a service’s global turnover if they do not comply with the bill’s provisions, which could impact their ability to operate in the UK.
- 1Ofcom, “News Consumption in the UK: 2021,” https://www.ofcom.org.uk/__data/assets/pdf_file/0025/222478/news-consum…
- 2Ofcom, “Monitoring compliance with the Open Internet Regulation,” November 1, 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0028/227485/Monitoring-…
Does the online information landscape lack diversity and reliability? | 4.004 4.004 |
The online information landscape is diverse and lively. Users have access to the online content of virtually all national and international news organizations. While there are a range of sources that present diverse views and appeal to various audiences and communities, the ownership of leading news outlets is relatively concentrated,1 and particular media groups have been accused of political bias.
The publicly funded BBC, which maintains an extensive online presence, has an explicit diversity and inclusion strategy, aiming to increase the representation of women and LGBT+ people, and the representation of different age ranges and ethnic and religious groups.2 Similar models have been adopted by other national broadcasters.3
The CMA endeavored to boost competition among digital platforms during the coverage period. In November 2021, the CMA ordered Meta to sell Giphy, a search engine for GIFs that Meta had acquired in 2020, because it would reduce competition.4 The Competition Appeals Tribunal quashed the ruling in June 2022; in July, CMA announced that it would conduct another review.5 In June 2022, after the coverage period, the CMA vowed to probe the dominance of Apple and Google’s mobile browsers, citing their “effective duopoly“ on the mobile environment.6
- 1Ed Jones, “Five reasons we don’t have a free and independent press in the UK and what we can do about it,” OpenDemocracy.org, April 18, 2019, https://www.opendemocracy.net/en/opendemocracyuk/five-reasons-why-we-do…
- 2BBC, “Diversity and Inclusion,” https://www.bbc.com/diversity/
- 3Channel 4, “Inclusion & Diversity” https://www.channel4.com/corporate/about-4/operating-responsibly/divers…
- 4CMA, “Completed acquisition by Facebook, Inc (now Meta Platforms, Inc) of Giphy, Inc.” November 30, 2021, chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://assets.publishing.service.gov.uk/media/61a64a618fa8f5037d67b7b5…; CAT, 1429/4/12/21 Meta Platforms, Inc. v Competition and Markets Authority, https://www.catribunal.org.uk/judgments/142941221-meta-platforms-inc-v-…
- 5Reuters, “UK tribunal quashes Meta-Giphy deal block, regulator to reconsider ruling,” July 18, 2022, https://www.reuters.com/markets/deals/uk-regulator-reconsiders-decision…
- 6Gov,uk, “Apple and Google duopoly limits competition and choice,” December 14, 2021, https://www.gov.uk/government/news/apple-and-google-duopoly-limits-comp…; Gov.uk, “Mobile ecosystems market study final report,” June 10, 2022, https://www.gov.uk/government/publications/mobile-ecosystems-market-stu…; “UK plans to probe Apple, Google's mobile browser dominance,” Reuters, June 10, 2022, https://www.reuters.com/technology/uk-plans-probe-apple-googles-mobile-…
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? | 6.006 6.006 |
Online mobilization tools are freely available and commonly used to organize offline,1 and collective action continues to grow in terms of both numbers of participants and numbers of campaigns. Some groups use digital tools to document and combat bigotry, including Tell MAMA (Measuring Anti-Muslim Attacks), which tracks reports of attacks or abuse submitted by British Muslims online.2 Petition and advocacy platforms such as 38 Degrees and AVAAZ have emerged, and nongovernmental organizations (NGOs) view online communication as an indispensable part of any campaign strategy.
- 1“Edward Colston statue: Protesters tear down slave trader monument,” BBC, June 8, 2020, https://www.bbc.co.uk/news/uk-52954305; “Sarah Everard: Women take to social media to express anger over 33-year-old's disappearance,” ITV, March 11, 2021, https://www.itv.com/news/2021-03-11/sarah-everard-women-take-to-social-…; Carlie Porterfield, “How Sarah Everard’s Disappearance Sparked A Social Media Movement,” Forbes, March 11, 2021, https://www.forbes.com/sites/carlieporterfield/2021/03/11/how-sarah-eve…
- 2CBS/AP, “Worrying rise in racist abuse linked to Brexit?,” June 29, 2016, http://www.cbsnews.com/news/brexit-increase-racist-anti-immigrant-musli…
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? | 5.005 6.006 |
The UK does not have a written constitution or similarly comprehensive legislation that defines the scope of governmental power and its relation to individual rights. Instead, constitutional powers and individual rights are addressed in various statutes, common law, and conventions. The provisions of the European Convention on Human Rights were adopted into law via the Human Rights Act 1998.
In December 2021, the government launched a consultation on reforming the Human Rights Act.1 In June 2022, after the coverage period, the government published the Bill of Rights Bill, which would repeal and replace the Human Rights Act.2 It includes significant changes to the UK’s human rights framework, requiring claimants to prove that they have suffered “significant disadvantage” and giving Parliament, rather than the courts, primacy in decision-making when competing rights and interests are at stake. The bill maintains that courts must give “great weight” to the importance of freedom of speech, but also establishes exemptions in areas including criminal proceedings and matters relating to immigration, citizenship, and national security.3
- 1Ministry of Justice, “Human Rights Act Reform: a Modern Bill of Rights,” December 14, 2021, https://consult.justice.gov.uk/human-rights/human-rights-act-reform/
- 2Gov.uk, “Bill of Rights: Bill documents,” June 22, 2022, https://www.gov.uk/government/publications/bill-of-rights-bill-documents
- 3Alice Donald, “The Bill of Rights Bill,” July 11, 2022, https://ukandeu.ac.uk/explainers/the-bill-of-rights-bill/
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? | 2.002 4.004 |
Political expression and other forms of online speech or activity are generally protected, but there are legal restrictions on hate speech, online harassment, and copyright infringement, and some measures—including a 2019 counterterrorism law—could be applied in ways that violate international human rights standards.
The Counter-Terrorism and Border Security Act, which received royal assent in February 2019, included several provisions related to online activity (see C5).1 Individuals can face up to 15 years in prison for viewing or accessing material that is useful or likely to be useful in preparing or committing a terrorist act, even if there is no demonstrated intent to commit such acts. The law includes exceptions for journalists or academic researchers who access such materials in the course of their work, but it does not address other possible circumstances in which access might be legitimate.2 “Reckless” expressions of support for banned organizations are also criminalized under the law. A number of NGOs argued that the legislation was dangerously broad, with unclear definitions that could be abused.3 In April 2021, the Countering Terrorism and Sentencing Act, which stipulates prison sentences of up to 14 years for anyone who “supports a proscribed terrorist organization,” received royal assent.4
Stringent bans on hate speech are encapsulated in a number of laws and some rights groups have said they are too vaguely worded.5 Defining what constitutes an offense has been made more difficult by the development of new communications platforms. One such ban is included in Section 127 of the Communications Act 2003, which punishes “grossly offensive” communications sent through the internet.6 The maximum penalty is an unlimited fine and six months in prison.
These communication offenses will likely be amended by the Online Safety Bill, which also labels knowingly false, persistent, and threatening communications and “cyberflashing,” when an individual sends an unsolicited intimate image to another, as offenses.7 Commentators have criticized these offenses due to the lack of certainty and standards used, which may impact speech.8
The Crown Prosecution Service (CPS) publishes specific guidelines for the prosecution of crimes “committed by the sending of a communication via social media.”9 Updates in 2014 placed digital harassment offenses committed with the intent to coerce victims into sexual activity under the Sexual Offences Act 2003, which carries a maximum of 14 years in prison.10 Revised guidelines issued in March 2016 identified four categories of communications that are subject to possible prosecution: credible threats; abusive communications targeting specific individuals; breaches of court orders; and grossly offensive, false, obscene, or indecent communications.11 In October 2016, the CPS updated its guidelines again to cover more abusive online behaviors, including organized harassment campaigns or “mobbing,” and doxing, the deliberate and unauthorized publication of personal information online to facilitate harassment.12
The Copyright, Designs, and Patents Act 1988 carries a maximum two-year prison sentence for offenses committed online. In 2015, the government held a public consultation regarding a proposal to increase the sentence to 10 years, which was ultimately incorporated into the Digital Economy Act 2017.
In March 2021, the Scottish parliament passed the Hate Crime and Public Order (Scotland) Bill, through which lawmakers aimed to extend and modernize existing hate crimes; it became law in April 2021. The law creates criminal offenses for speech and acts intentionally “stirring up hatred” against groups based on protected characteristics, including age, disability, race, religion, sexual orientation, and transgender identity.13 Violators of the law face up to 12 months’ imprisonment and a fine for summary conviction, and up to 7 years on a conviction by jury trial. Civil society groups, including the Open Rights Group, have raised concerns that the law has a wide remit and low threshold for prosecution,14 particularly noting that criteria for “insult” is not clearly defined and could make sharing online material that is offensive a crime.15
- 1Parliament.uk, “Counter-Terrorism and Border Security Act 2019,” https://services.parliament.uk/Bills/2017-19/counterterrorismandborders…
- 2Parliament.uk, “Counter-Terrorism and Border Security Act 2019,” http://www.legislation.gov.uk/ukpga/2019/3/section/3/enacted
- 3EDRi, “New UK counter-terrorism law limits online freedoms,” February 27, 2019, https://edri.org/new-uk-counter-terrorism-law-limits-online-freedoms/; “UK: Amend Flawed Counterterrorism Bill,” Human Rights Watch, October 15, 2018, https://www.hrw.org/news/2018/10/15/uk-amend-flawed-counterterrorism-bi…; Jamie Grierson, “Counter-terror bill is a threat to press freedom, say campaigners,” The Guardian, October 24, 2018, https://www.theguardian.com/media/2018/oct/25/counter-terror-bill-is-a-…
- 4Gov.uk, “Longer jail terms and stricter monitoring as new terror laws gain Royal Assent,” April 29, 2021, https://www.gov.uk/government/news/longer-jail-terms-and-stricter-monit….
- 5Section 5 of the Public Order Act 1986 penalizes “threatening, abusive or insulting words or behavior.” In 2013, the provision was amended to remove insults. The maximum penalty is an unlimited fine and six months in prison. Section 1 of the Malicious Communications Act 1988 criminalizes targeting individuals with abusive and offensive content online “with the purpose of causing distress or anxiety.” In 2015, it was amended to criminalize the sharing of sexual images without the subject’s consent and with the intent to cause harm. A violation of the Act is punishable with up to two years in prison. • Section 1 of the Terrorism Act 2006 prohibits the publishing of statements likely to encourage the commission, preparation, or instigation of terrorism. On indictment, violators face imprisonment for seven years and an unlimited fine. On summary conviction, violators face imprisonment for one year and an unlimited fine. See, Adam Wagner, “Public insults to be legalised but grossly offensive messages still criminal,” The UK Human Rights Blog, January 15, 2013, https://ukhumanrightsblog.com/2013/01/15/public-insults-to-be-legalised…; The Crown Prosecution Service, “Public Order Offences incorporating the Charging Standard” http://www.cps.gov.uk/legal/p_to_r/public_order_offences/#Section_5; Ministry of Justice and The Rt Hon Chris Grayling MP, “Internet trolls to face 2 years in prison,” October 20, 2014, https://www.gov.uk/government/news/internet-trolls-to-face-2-years-in-p…; ’Revenge porn’ illegal under new law in England and Wales,” BBC, February 12, 2015, http://www.bbc.co.uk/news/uk-31429026; “Internet trolls face up to two years in jail under new laws,” BBC, October 19, 2014, http://www.bbc.co.uk/news/uk-29678989
- 6Claire Overman, Andrew Wheelhouse, “Papa Don’t Preach (You May be Found Guilty of Hate Speech),” Oxford Human Rights Hub, March 22, 2016 http://ohrh.law.ox.ac.uk/papa-dont-preach-you-may-be-found-guilty-of-ha…
- 7Law Commission, “Modernising Communications Offences,” July 20, 2021, https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/up…
- 8Graham Smith, “Mapping the Online Safety Bill,” March 27, 2022, Cyberleagle, https://www.cyberleagle.com/
- 9The Crown Prosecution Service, “Guidelines on prosecuting cases involving communications sent via social media,” http://www.cps.gov.uk/legal/a_to_c/communications_sent_via_social_media/
- 10“Guidelines on prosecuting cases involving communications sent via social media,” Crown Prosecution Service, amended October 2014, https://web.archive.org/web/20190424160508/https://www.parliament.uk/do…; Owen Bowcott, “Revenge porn could lead to 14-year-sentence, new guidelines clarify,” The Guardian, October 7, 2014, www.theguardian.com/law/2014/oct/07/revenge-porn-14-year-sentence-cps-g…
- 11The Crown Prosecution Service, “New guidelines published on the prosecution of those who abuse victims online,” March 3, 2016, https://web.archive.org/web/20171120124500/http://www.cps.gov.uk/news/l…
- 12Crown Prosecution Service, “CPS publishes new social media guidance and launches Hate Crime consultation,” October 10, 2016, https://web.archive.org/web/20161013201133/www.cps.gov.uk/news/latest_n…
- 13The Scottish Parliament, “Hate Crime and Public Order (Scotland) Bill,” https://www.parliament.scot/bills-and-laws/bills/hate-crime-and-public-…
- 14“MSPs approve Scotland's controversial hate crime law,” BBC, March 11, 2021, https://www.bbc.co.uk/news/uk-scotland-scotland-politics-56364821; “Controversial hate crime bill passed at Holyrood,” Scottish Legal, March 12, 2021, https://www.scottishlegal.com/article/controversial-hate-crime-bill-pas…
- 15Open Rights Group Scotland, “RESPONSE TO PUBLIC ORDER AND HATE CRIME BILL,” August 5, 2020, https://scotland.openrightsgroup.org/publications/response-to-public-or…
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? | 5.005 6.006 |
Police have arrested internet users for promoting terrorism, issuing threats, or engaging in racist abuse. In some past cases, the authorities have been accused of overreaching in their enforcement efforts.1 The frequency of these cases appear to be declining, and prison sentences for political, social, and cultural speech remain rare.2
In March 2022, Twitter user Joseph Kelly was sentenced to 150 hours of community service and 18 months of supervision under Section 127 of the Communications Act 2003 for posting a “grossly offensive” tweet about a British Army officer. Kelly had said “the only good Brit soldier is a [dead] one” in February 2021, the day following the officer’s death.3
Local police departments have the discretion to pursue criminal complaints that would be treated as civil cases in many democracies. The NPCC operates True Vision, an online portal to facilitate the reporting of hate crimes to law enforcement.4 In May 2020, police in Newcastle arrested three teenagers who posted a Snapchat video mocking the death of George Floyd, who was killed by police officers in the United States earlier that month. The incident was reportedly being investigated as a hate crime;5 no updates were reported as of the end of the coverage period.
Cases of offensive humor have been prosecuted. For example, in May 2020, an officer of the Devon and Cornwall police force was arrested and charged with “sending an offensive, indecent, obscene or menacing image via a public electronic communications network” for sharing a meme about the death of George Floyd in a private WhatsApp group, contrary to the Communications Act 2003. However, in April 2021, the defendant was cleared as the judge felt that the prosecution had not made a strong enough case that the image had sufficiently malicious intent.6
- 1“Harry Miller: Police probe into 'transphobic' tweets unlawful,” BBC, February 14, 2020, https://www.bbc.com/news/uk-england-lincolnshire-51501202; Alexandra Topping, “Police who warned man about 'transphobic' tweet acted unlawfully,” The Guardian, February 14, 2020, https://www.theguardian.com/society/2020/feb/14/transgender-tweet-polic…
- 2Charlie Parker, “Police arresting nine people a day in fight against web trolls,” The Times, October 12, 2017, https://www.thetimes.co.uk/article/police-arresting-nine-people-a-day-i…
- 3James Vincent, “Twitter user sentenced to 150 hours of community service in UK for posting ‘offensive’ tweet,” March 31, 2022, https://www.theverge.com/2022/3/31/23004339/uk-twitter-user-sentenced-g…
- 4True Vision https://www.report-it.org.uk
- 5“Teens arrested for 'hate crime' photo of George Floyd death,” BBC, June 1, 2020, https://www.bbc.com/news/uk-england-tyne-52877886; Thomas Burrows, “Not Laughing Now Teenagers arrested after death of George Floyd in US mocked in sick Snapchat photo,” The Sun, June 1, 2020, https://www.thesun.co.uk/news/11756401/teenagers-arrested-after-death-g…
- 6“George Floyd: Torquay police officer cleared of sharing meme,” BBC, April 21, 2021, https://www.bbc.co.uk/news/uk-england-devon-56833484
Does the government place restrictions on anonymous communication or encryption? | 2.002 4.004 |
Users are not required to register to obtain a SIM card, allowing for the anonymous use of mobile devices.1 However, some laws provide authorities with the means to undermine encryption, and security officials have pushed for further powers.
There are several laws that could allow authorities to compel decryption or require a user to disclose passwords, including the Regulation of Investigatory Powers Act 2000 (RIPA), the Terrorism Act 2000, and the Investigatory Powers Act 2016 (IP Act) (see C5 and C6).2 Although such powers are seldom invoked in practice, some users have faced detention for failure to provide passwords.3
In October 2019, then home secretary Priti Patel and her counterparts in the United States and Australia wrote to Facebook opposing the company’s plans to implement end-to-end encryption across its messaging platforms.4 The letter followed communiques in July and October 2019 from the Five Country Ministerial, a Five Eyes consortium of which the UK is a member, criticizing technology companies that provide encrypted products that preserve anonymity and preclude law enforcement access to content.5 In October 2020, the Five Eyes along with the Indian and Japanese governments issued a statement requesting backdoor access to encrypted messages.6 In April 2021, Patel gave a speech at the National Society for the Prevention of Cruelty to Children in which she urged Facebook and other platforms to consider encryption’s impact on “public safety” and provide mechanisms for law enforcement to access encrypted conversations.7 In January 2022, the No Place to Hide campaign, backed by the UK government, was launched to raise awareness against the alleged danger of encrypted messaging to children and prevent Facebook from expanding its use of end-to-end encryption.8
In November 2021, the UK government announced five winning projects of the 2021 Safety Tech Challenge Fund, which aims to combat the sexual abuse and exploitation of children online in encrypted environments without impacting people’s rights to privacy and data protection.9
The Online Safety Bill, which would require age verification for access to online pornography, has ignited civil society concerns over its potential to compromise encryption (see B1).10 Under the bill, Ofcom can mandate online services to employ government-approved software to find images depicting CSEA.11 These orders, which can be issued to services that use end-to-end encryption and consequently cannot technically inspect user messages, has been criticized as an attempt to compel companies to abandon or compromise their encryption systems.12
- 1Privacy International, “Timeline of SIM Card Registration Laws,” June 11, 2019, https://privacyinternational.org/long-read/3018/timeline-sim-card-regis…
- 2Alex Hern, “UK government can force encryption removal, but fears losing, experts say,” The Guardian, March 29, 2017, https://www.theguardian.com/technology/2017/mar/29/uk-government-encryp…; Saunders Law, “Prosecuted for your password,” January 23, 2018, https://www.saunders.co.uk/news/prosecuted-for-your-password.html; Daniel Severson, “The Encryption Debate in Europe,” The Hoover Institute, March 21, 2017 https://www.hoover.org/sites/default/files/research/docs/severson_webre…
- 3Dell Cameron, “Why This Man Is Risking Jail by Refusing to Surrender Passwords at a London Airport [Updated],” Gizmodo, May 16, 2017 https://gizmodo.com/why-this-man-is-risking-jail-by-refusing-to-surrend…
- 4“Open letter from the Home Secretary - alongside US Attorney General Barr, Secretary of Homeland Security (Acting) McAleenan, and Australian Minister for Home Affairs Dutton - to Mark Zuckerberg,” Home Office https://www.gov.uk/government/publications/open-letter-to-mark-zuckerbe…
- 5“Joint meeting of Five Country Ministerial and quintet of Attorneys-General: communiqué, London 2019 (accessible version),” Attorneys General Office https://www.gov.uk/government/publications/five-country-ministerial-com…; “Joint Meeting of FCM and Quintet of Attorneys-General”https://assets.publishing.service.gov.uk/government/uploads/system/uplo…
- 6Catalin Campanu, “Five Eyes governments, India, and Japan make new call for encryption backdoors,” ZD Net, October 11, 2020, https://www.zdnet.com/article/five-eyes-governments-india-and-japan-mak….
- 7David Malloy, “Priti Patel: Facebook encryption plan ‘must not hamper child protection’,” BBC, April 21, 2021, https://www.bbc.com/news/technology-56795852.
- 8Joe Mullin, “The U.K. Paid $724,000 For A Creepy Campaign To Convince People That Encryption is Bad. It Won’t Work,” January 21, 2022 https://www.eff.org/deeplinks/2022/01/uk-paid-724000-creepy-campaign-co…; BBC News, “Encryption: UK data watchdog criticizes government campaign,” January 21, 2022, https://www.bbc.com/news/technology-60072191
- 9Gov.uk, “Government funds new tech in the fight against online child abuse,” November 17, 2021, https://www.gov.uk/government/news/government-funds-new-tech-in-the-fig…
- 10Callum Voge and Robin Wilton, “Internet Impact Brief: End-to-end Encryption under the UK’s Draft Online Safety Bill,” Internet Society, January 5, 2022, https://www.internetsociety.org/resources/doc/2022/iib-encryption-uk-on…
- 11Gov.uk, “New plans to protect people from anonymous trolls online,” February 25, 2022, https://www.gov.uk/government/news/new-plans-to-protect-people-from-ano…
- 12Joe Mullin, “The UK Online Safety Bill Attacks Free Speech and Encryption,” Electronic Frontier Foundation, August 5, 2022, https://www.eff.org/deeplinks/2022/08/uks-online-safety-bill-attacks-fr…
Does state surveillance of internet activities infringe on users’ right to privacy? | 2.002 6.006 |
UK authorities are known to engage in surveillance of digital communications, including mass surveillance, for intelligence, law enforcement, and counterterrorism purposes. A 2016 law introduced some oversight mechanisms to prevent abuses, but it also authorized bulk collection of communications data and other problematic practices. A 2019 counterterrorism law empowered border officials to search travelers’ devices, undermining the privacy of their online activity.
The Counter-Terrorism and Border Security Act (see C2) gives border agents the ability to search electronic devices at border crossings and ports of entry with the aim of detecting “hostile activity”—a broad category including actions that threaten national security, threaten the economic well-being of the country in a way that touches on security, or are serious crimes.1 Those stopped are required to provide information when requested by border officers, including device passwords.2
The IP Act codified law enforcement and intelligence agencies’ surveillance powers in a single omnibus law, whereas they previously existed in multiple statutes and authorities.3 It covers interception, equipment interference, and data retention, among other topics.4 The IP Act has been criticized by industry associations, civil rights groups, and the wider public, particularly regarding the range of powers it authorizes and its legalization of bulk data collection.5
The IP Act specifically enables the bulk interception and acquisition of communications data sent or received by individuals outside the UK, as well as bulk equipment interference involving “overseas-related” communications and information. When both the sender and receiver of a communication are in the UK, targeted warrants are required, though several individuals, groups, or organizations may be covered under a single warrant in connection with a single investigation.6 Part 7 of the IP Act introduced warrant requirements for intelligence agencies to retain or examine “personal data relating to a number of individuals” who are “unlikely to become of interest to the intelligence service in the exercise of its functions.”7
The IP Act established a new commissioner appointed by the prime minister to oversee investigatory powers under Section 227.8 The law includes other safeguards, such as “double-lock” interception warrants. These require approval from both the relevant secretary of state and an independent judge, though the secretary alone can approve urgent warrants.9 The act allows authorities to prohibit telecommunications providers from disclosing the existence of a warrant. Intercepting authorities that may apply for targeted warrants include police commissioners, intelligence service heads, and revenue and customs commissioners.10 Applications for bulk interception, bulk equipment interference, and bulk personal dataset warrants can only be made to the secretary of state “on behalf of the head of an intelligence service by a person holding office under the Crown” and must be reviewed by a judge.
Bulk surveillance is an especially contentious issue in the UK because intelligence agencies developed secret programs under older laws that bypassed oversight mechanisms and possible means of redress for affected individuals. These programs affected an untold number of people within the UK, even if they were meant to have only foreign targets. Tempora, a secret surveillance project documented in the Snowden leaks, is one example. A number of other legislative measures authorized surveillance,11 including RIPA.12 RIPA was not repealed by the IP Act, though many of its competences were transferred to the newer legislation. A clause within Part I of RIPA allowed the foreign or home secretary to sign off on bulk surveillance of communications data arriving from or departing to foreign soil, providing the legal basis for Tempora.13 Since the UK’s fiber-optic network often routes domestic traffic through international cables, this provision legitimized mass surveillance of UK residents.14 Working with telecommunications companies, The Government Communications Headquarters (GCHQ) installed interception probes at the British landing points of undersea fiber-optic cables, giving it direct access to data carried by hundreds of cables, including private calls and messages.15
In July 2016, the Investigatory Powers Tribunal found that bulk data collection by GCHQ, the Security Service (also known as MI5), and the Secret Intelligence Service (SIS, also known as MI6), was unlawful from March 1998 until the practice was disclosed in November 2015.16 The practice had been authorized under Section 94 of the Telecommunications Act 1984, which the interception of communications commissioner described in June 2016 as lacking “any provision for independent oversight or any requirements for the keeping of records” and which the tribunal declared incompatible with EU human rights standards in July 2021.17 The tribunal also said in 2016 that the use of bulk personal datasets by GCHQ and the Security Service, commencing in 2006, was likewise unlawful until disclosed in March 2015.18
In May 2021, the High Court ruled that security agencies cannot use “general warrants,” outlined in Section 5 of the 1994 Intelligence Services Act, to order the hacking of computers or mobile devices. For example, under a “general warrant,” a security agency could request information from “all mobile phones used by members of a criminal network” to justify the hacking of these devices without having to obtain a specific warrant for each individual in the network. The ruling came after Privacy International, a UK-based NGO, challenged a 2016 decision from the Investigative Powers Tribunal that held that the government could use these warrants to hack computers or mobile devices.19
UK authorities have been known to monitor social media platforms.20 The Online Hate Speech Dashboard, a joint project led by the National Online Hate Crime Hub of the NPCC and Cardiff University, received £1 million ($1.4 million) in 2018 to use artificial intelligence for real-time monitoring of social media platforms meant to identify hate speech and “preempt hate crimes.”21
Reporting from October 2021 detailed the recent expansion of the MPS’s social media monitoring operations between September 2020 and July 2021. A database used by the Project Alpha Team, which was created in 2019 and uses covert methods to monitor social media platforms, compiles information gathered from both public and private social media accounts; the number of categories of data being gathered more than doubled, from 16 to 34, during that time. While authorities claim that Project Alpha’s goal is to combat online gang-related content, civil society groups warned of potential privacy violations and online racial profiling.22 Similar concerns arose when in June 2022, after the coverage period, reports emerged that the MPS was gathering “children’s personal data” from social media, specifically 15-to-21-year-old males, as part of a broader profiling project.23
- 1Robbie Stern, “New U.K. Border Security Law: A Frightening Response to the Skripal Poisoning,” Just Security, March 20, 2019 https://www.justsecurity.org/63305/new-u-k-border-security-law-a-fright…
- 2Index on Censorship, “New UK counter-terrorism law limits online freedoms,” edri.org, February 27, 2019 https://edri.org/new-uk-counter-terrorism-law-limits-online-freedoms/
- 3UK Home Office, “Investigatory Powers Act,” March 1, 2016, https://www.gov.uk/government/collections/investigatory-powers-bill
- 4Investigatory Powers Act 2016, http://www.legislation.gov.uk/ukpga/2016/25/contents/enacted
- 5Andrew Griffin, “Investigatory Powers Act goes into Force, Putting UK Citizens under Intense New Spying Regime,” The Independent, December 31, 2016, https://www.independent.co.uk/life-style/gadgets-and-tech/news/investig…
- 6Moreover, the internet’s distributed architecture means that privacy protections based on an individual’s physical location are highly porous. Communications exchanged within the UK may be routed overseas, a fact that intelligence agencies have exploited in the past to conduct bulk surveillance programs like Tempora.
- 7Under Section 220, an initial examination of bulk datasets must occur within three months for information created in the United Kingdom and within six months otherwise. See, “Investigatory Powers Act 2016,” Part 7, http://www.legislation.gov.uk/ukpga/2016/25/part/7/enacted
- 8Prime Minister’s Office, “Investigatory Powers Commissioner appointed: Lord Justice Fulford,” March 3, 2017 https://www.gov.uk/government/news/investigatory-powers-commissioner-ap….
- 9Under Section 32, urgent warrants last five days; others expire after six months unless renewed under the same double-lock procedure.
- 10“Investigatory Powers Act 2016,” Section 18 http://www.legislation.gov.uk/ukpga/2016/25/section/18/enacted.
- 11“Surveillance Road Map: A Shared Approach to the Regulation of Surveillance in the United Kingdom,” ICO, February 14, 2014, https://assets.publishing.service.gov.uk/government/uploads/system/uplo…
- 12Regulation of Investigatory Powers Act 2000, http://www.legislation.gov.uk/ukpga/2000/23/contents; “Explanatory Notes” to Regulation of Investigatory Powers Act 2000, http://www.legislation.gov.uk/ukpga/2000/23/notes/contents
- 13Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies, James Ball, “GCHQ taps fibre‐optic cables for secret access to world’s communications,” The Guardian, June 21, 2013, http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-comm…
- 14Nick Hopkins, “NSA and GCHQ spy programmes face legal challenge,” The Guardian, July 8, 2013, http://www.theguardian.com/uk-news/2013/jul/08/nsa-gchq-spy-programmes-…
- 15Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies, James Ball, “GCHQ taps fibre-optic cables for secret access to world's communications,” The Guardian, June 21, 2013 https://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-com…
- 16Privacy International v Secretary of State of Foreign and Commonwealth Affairs [2016] UKIP Trib 15_110-CH, http://www.ipt-uk.com/docs/Bulk_Data_Judgment.pdf
- 17The Rt Hon. Sir Stanley Burnton, “Report of the Interception of Communications Commissioner,” 2016, https://assets.publishing.service.gov.uk/government/uploads/system/uplo…; Privacy International Secretary of State for Foreign and Commonwealth Affairs [2021] UKIPTrib IPT_15_110_CH (22 July 2021), https://www.ipt-uk.com/docs/Privacy%20International%20BCD%20EU%20judgme…
- 18Matt Burgess, “MI6, MI5 and GCHQ 'unlawfully collected private data for 10 years'” Wired, October 17, 2016, http://www.wired.co.uk/article/uk-collect-data-unlawful
- 19Privacy International, “Victory at the High Court against the government's use of 'general warrants',” January 8, 2021, https://privacyinternational.org/news-analysis/4359/victory-high-court-…
- 20In 2013, reporting revealed that in London, for example, police reportedly monitored nearly 9,000 activists from across the political spectrum—many of whom had no criminal background—using geolocation tracking and sentiment analysis of data scraped from Facebook, Twitter, and other platforms. See, Janus Kopfstein, “UK police secretly monitoring 9,000 political campaigners using social media surveillance,” The Verge, June 26, 2013, https://www.theverge.com/2013/6/26/4467056/uk-police-monitoring-9000-po…. See also, Privacy International, “How your social media activity is monitored by the police,” March 11, 2019, https://privacyinternational.org/long-read/2722/how-your-social-media-a…; Natasha Lomas, “UK spies using social media data for mass surveillance,” Tech Crunch, October 17, 2017, https://techcrunch.com/2017/10/17/uk-spies-using-social-media-data-for-…
- 21“Cardiff University to track hate speech and 'triggers',” BBC News, December 13, 2018, https://www.bbc.com/news/uk-wales-46552574; Cardiff University, “Rise in Brexit related hate crime to be focus of new research lab,” December 13, 2018, https://www.cardiff.ac.uk/news/view/1393983-rise-in-brexit-related-hate…
- 22Wil Crisp, “Tracking Without Transparency Met Police Expands Social Media Surveillance Operations,” Byline Times, October 25, 2021, https://bylinetimes.com/2021/10/25/tracking-without-transparency-met-po…
- 23Wil Crisp and Vikram Dodd, “Met police profiling children ‘on a large scale’, documents show,” The Guardian, June 3, 2022, https://www.theguardian.com/uk-news/2022/jun/03/met-police-project-alph….
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? | 3.003 6.006 |
Companies are required to capture and retain user data under certain circumstances, though the government issued regulatory changes in 2018 to address flaws in the existing rules. While the government has legal authority to require companies to assist in the decryption of communications, the extent of its use and efficacy in practice remains unclear.
The UK has incorporated the GDPR into domestic law through the Data Protection Act 2018.1 The GDPR was therefore envisioned to regulate data protection within the UK after the country’s exit from the EU. In September 2021, however, the government published a consultation outcome that envisioned a significant departure from the GDPR. 2 The Data Protection and Digital Information Bill was introduced in the House of Commons in July 2022, after the coverage period.3 The bill includes significant areas of departure from the GDPR, including listing examples of legitimate interest as a lawful basis for processing of personal data.4
Data retention provisions under the IP Act allow the secretary of state to issue notices requiring telecommunications providers to capture information about user activity, including browser history, and retain it for up to 12 months. The Data Retention and Investigatory Powers Act 2014 (DRIPA), the older law on which the IP Act requirement was modeled, was ruled unlawful in the UK and the EU in 2015.5 In January 2018, the Court of Appeal described DRIPA as being inconsistent with European law, since the data collected and retained were not limited to the purpose of fighting serious crime.6 In April 2018, the High Court ruled that part of the IP Act’s data retention provisions similarly violated EU law, and that the government should amend the legislation by November 2018.7
In response, the government issued the Data Retention and Acquiring Regulations 2018, which entered into force in October 2018. The regulations limited the scope of the government’s collection and retention of data and enhanced the transparency of the process.8 Furthermore, a newly created Office for Communications Data Authorisations would oversee data requests and ensure that official powers are used in accordance with the law.
According to a March 2021 report, the government issued orders under the IP Act to two service providers to install surveillance technology that would record users’ web history, creating an internet connection record (ICR).
Another problematic provision of the IP Act enables the government to order companies to decrypt content, though the extent to which companies would be willing or able to comply remains uncertain (see C4).9 Under Section 253, technical capability notices can be used to impose obligations on telecommunications operators both inside and outside the country “relating to the removal … of electronic protection applied by or on behalf of that operator to any communications or data,” among other requirements. The approval process for issuing a technical capability notice is similar to that of an interception warrant.10 In March 2018, after consultations with the industry and civil society groups,11 the government issued the Investigatory Powers (Technical Capability) Regulations 2018, which governs how the notices are issued and implemented.12 The regulations specify companies’ responsibilities in ensuring that they are able to comply with lawful warrants for communications data.
- 1Gov.uk, “Data Protection,” https://www.gov.uk/data-protection#targetText=The%20Data%20Protection%2…
- 2Department for Digital, Culture, Media & Sport, “Data: A New Direction,” September 10, 2021, https://www.gov.uk/government/consultations/data-a-new-direction
- 3Data Protection and Digital Information Bill 2022, July 18, 2022, https://commonslibrary.parliament.uk/research-briefings/cbp-9606.
- 4Jonathan Kirsop, “UK Data Protection and Digital Information Bill: in detail,” Out-law Analysis, July 20, 2022, https://www.pinsentmasons.com/out-law/analysis/uk-data-protection-digit…
- 5[2015] EWHC 2092 (Admin); Joined Cases C-203/15 and C-698/15 “Tele2 Sverige AB v Post- och telestyrelsen,” and “Secretary of State for the Home Department v Tom Watson,” http://curia.europa.eu/juris/liste.jsf?num=C-203/15
- 6Secretary of State for the Home Department v Watson & Others [2018] EWCA Civ 70, https://www.matrixlaw.co.uk/wp-content/uploads/2018/01/SSHD-v-Watson-Or…
- 7Liberty v Home Office [2018] EWHC 975 (Admin); Full judgement may be found at: https://www.judiciary.gov.uk/wp-content/uploads/2018/04/liberty-v-home-…
- 8Privacy International, “After Watson: Mandatory data retention by telecommunications operators,” August 19, 2019, https://privacyinternational.org/node/3170; Cynthia O’Donoghue, Katalina Bateman, “UK government introduces Data Retention and Acquisition Regulations 2018,” Technology Law Dispatch, December 4, 2018, https://www.technologylawdispatch.com/2018/12/regulatory/uk-government-…
- 9Natasha Lomas, “Could the UK be about to break end-to-end encryption?,” TechCrunch, May 27, 2017, https://techcrunch.com/2017/05/27/could-the-uk-be-about-to-break-end-to…
- 10“Investigatory Powers Act 2016,” Section 253 http://www.legislation.gov.uk/ukpga/2016/25/section/253/enacted
- 11Open Rights Group, “Home Office Consultation: Investigatory Powers (Technical Capability) Regulations 2017,” https://www.openrightsgroup.org/ourwork/reports/home-office-consultatio…
- 12The Investigatory Powers (Technical Capability) Regulations 2018 https://www.legislation.gov.uk/uksi/2018/353/made
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? | 4.004 5.005 |
There were no reported instances of violence against internet users in reprisal for their online activities during the coverage period, though cyberbullying and harassment against women are widespread.1 A June 2018 study found that one in three female members of Parliament (MPs) had experienced online abuse, harassment, or threats; research from September 2021 confirmed that women and minority MPs were at particular risk of receiving social media messages containing stereotypes about their identity or questioning their role as politicians.2 Online harassment of Muslims and other minorities is also a significant problem.3
Online harassment worsened during the COVID-19 pandemic, particularly for women and people of Chinese descent. Support services reported a surge in reports of cyberstalking and online harassment.4 Racist incidents involving people of Chinese or other Asian descent were reported throughout the UK, including several cases involving social media.5
A 2017 study found an increase in abusive comments targeting politicians on Twitter, which peaked on the day of the 2016 Brexit referendum.6 A June 2021 press report, meanwhile, revealed that English soccer players were targeted with racist messages during the Euro 2020 tournament.7 More than 2,000 abusive messages were directed at the team during the three group stage matches, 44 of which used explicitly racist language.8
- 1Sandra Laville, “Top tech firms urged to step up online abuse fightback,” The Guardian, April 11, 2016, https://www.theguardian.com/technology/2016/apr/11/facebook-twitter-goo…; LLSE British Politics and Policy, “Women and minority MPs are particularly at risk of experiencing certain forms of abuse on Twitter,” September 14, 2021, https://blogs.lse.ac.uk/politicsandpolicy/twitter-abuse-mps/
- 2University of Bradford, “Almost a third of UK MPs experience online abuse and threats,” June 13, 2018, https://www.bradford.ac.uk/news/2018/mp-online-trolling.php
- 3Sarah Marsh, “Record number of anti-Muslim attacks reported in UK last year,” The Guardian, July 20, 2018, https://www.theguardian.com/uk-news/2018/jul/20/record-number-anti-musl…
- 4Jamie Grierson, “Surge in stalking victims seeking help during UK lockdown,” The Guardian, May 8, 2020, https://www.theguardian.com/uk-news/2020/may/08/coronavirus-surge-stalk…
- 5Lucy Campbell, “Chinese in UK report 'shocking' levels of racism after coronavirus outbreak,” The Guardian, February 9, 2020 https://www.theguardian.com/uk-news/2020/feb/09/chinese-in-uk-report-sh…
- 6William Eichler, “Brexit vote marked ‘high point’ of online abuse to MPs, research reveals,” LocalGov, May 23, 2017 https://www.localgov.co.uk/Brexit-vote-marked-high-point-of-online-abus…
- 7Tobi Thomas, “Four arrested over online racist abuse of England footballers,” The Guardian, July 15, 2021, https://www.theguardian.com/uk-news/2021/jul/15/four-arrested-over-onli…
- 8Caelainn Barr, Paul MacInnes, Niamh McIntyre and Pamela Duncan, “Revealed: shocking scale of Twitter abuse targeting England at Euro 2020,” June 27, 2021, The Guardian, https://www.theguardian.com/football/2021/jun/27/revealed-shocking-scal…
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? | 2.002 3.003 |
NGOs, media outlets, and activists are generally not targeted for technical attacks by government or nonstate actors. Financially motivated fraud and hacking continue to present a challenge to authorities and the private sector. Cyberattacks have increased in recent years, and observers have questioned the security of internet-of-things (IoT) devices and appliances.1 In the government’s 2022 cybercrime survey, 39 percent of business respondents said they experienced a cyberattack; 83 percent of those respondents said they faced phishing attempts.2
In February 2022, Reuters reported that the Foreign, Commonwealth, and Development Office (FCDO) was the target of a “serious cybersecurity incident” earlier in the year, citing government tender documents. The government did not disclose details.3
In October 2021, an industry body reported that coordinated distributed denial-of-service (DDoS) attacks had been employed against several UK-based voice over internet protocol (VoIP) providers. Officials reported that the attacks, which had occurred over four weeks, appeared to be extortion attempts.4
During the COVID-19 pandemic, the UK saw an increase in cybercrime, particularly phishing and ransomware attempts, with victims up by one-third from previous years.5 In an assessment on the origin of the attacks, British intelligence agencies noted that Russian actors played a large role.6
In May 2022, the FCDO, citing the UK, US, EU, and other actors, accused the Russian government of orchestrating a cyberattack “with Europe-wide impact” immediately before launching its invasion of Ukraine.7 Cyberattacks against privately owned critical infrastructure increased by 72 percent as of May 2022.8
In July 2020, a report to Parliament stated that Moscow-affiliated actors had hacked into the UK national infrastructure and launched phishing attacks against various government departments.9 The government responded that while Moscow’s capabilities represented a threat, they noted that there was no evidence of Russian interference in the 2019 election.10
During the 2019 election, the opposition Labour Party was subject to multiple cyberattacks, including a denial of service and a leak of donor identities.11 These attacks were not attributed to state actors and the party received ongoing support from the National Cyber Security Centre.
- 1Andrew Meola, “How the Internet of Things will affect security & privacy,” Business Insider, August 24, 2016, https://www.insider.com/internet-of-things-security-privacy-2016-8.
- 2Department of Digital, Culture, Media, and Sport, “Cyber Security Breaches Survey 2022,” March 30, 2022, https://www.gov.uk/government/statistics/cyber-security-breaches-survey…
- 3“UK foreign ministry suffered serious cyber attack earlier this year – documents,” Reuters, February 8, 2022, https://www.reuters.com/world/uk/uk-foreign-ministry-suffered-serious-c…
- 4“Cyber-attack hits UK internet phone providers,” BBC, October 26, 2021, https://www.bbc.com/news/technology-59053876
- 5Dan Sabbagh, “Covid-related cybercrime drives attacks on UK to record number,” The Guardian, November 2, 2020, https://www.theguardian.com/technology/2020/nov/03/covid-related-cyberc…
- 6Dan Sabbagh and Andrew Roth, “ussian state-sponsored hackers target Covid-19 vaccine researchers,” The Guardian, July 16, 2020, https://www.theguardian.com/world/2020/jul/16/russian-state-sponsored-h…
- 7Gov.uk, “Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion,” May 10, 2022, https://www.gov.uk/government/news/russia-behind-cyber-attack-with-euro…
- 8Mehul Srivastava, “Prospect of Russian cyber war may have been ‘overhyped’, says UK spy chief,” Financial Times, May 10, 2022, https://www.ft.com/content/d5657df5-a962-4acf-b0bd-b892c6b15361
- 9Patrick Smith, “Russia launched cyberattacks and disinformation campaigns on U.K., study says,” NBC News, July 21, 2020, https://www.nbcnews.com/news/world/russia-launched-cyberattacks-disinfo…
- 10Intelligence and Security Committee, “Government Response to the Intelligence and Security Committee of Parliament Report ‘Russia’,” July 2020, p.11 https://assets.publishing.service.gov.uk/government/uploads/system/uplo…
- 11“General election 2019: Labour Party hit by second cyber-attack,” BBC, November 12, 2019 https://www.bbc.co.uk/news/election-2019-50388879


Country Facts
-
Global Freedom Score
93 100 free -
Internet Freedom Score
79 100 free -
Freedom in the World Status
Free -
Networks Restricted
No -
Websites Blocked
Yes -
Pro-government Commentators
No -
Users Arrested
No