Seven online compliance trends to expect in 2022

If you consider that evidence of people drinking alcohol dates back to 7000 BC, but the law to prevent under 18s drinking it in the UK wasn't introduced until 1923, we've come a long way when it comes to policing the web, in a fairly short space of time.

Less than 30 years since the mass adoption of the internet, legislation to clean it up and keep users safe has been a significant priority for global governments, but not until now have we seen significant shifts in the way we access the net.

Teach ‘em young - the authorities desperately need more bums on seats

Rishi Sunak's 2021 Autumn budget addressed the need for more skilled people in the area of cybersecurity, announcing a significant investment to get youngsters trained up in the subject to police the web. I saw this coming - you only need to watch the Queen's speech to get a good idea on the priority for public spending - online safety is close to the royals' hearts, and 2021 has seen even more devastating events that increase demand for improved safety.

When it comes to cybersecurity, arguably, a lot of what's needed is effective technology, but you need real people who understand real people to teach that technology. It's bums on seats. Last week, I spotted that Ofcom and the Information Commissioner's Office (ICO) are recruiting an additional 400 staff to extend their remit into online safety. This will only increase over the next 18-months with all the new online safety legislation in place.

Age against the machine

As a result of the new online safety legislation, anyone who owns a publicly-accessible internet-enabled business can't get away with not knowing how old their users are anymore. Asking users their age is going to be 'all the rage'.

Several new laws introduced in the UK and Europe now mean that websites, apps, games owners (aka Information Society Services) must establish the age of their users. The first of these new laws is the Audio-Visual Media Services Directive which is being progressively introduced across Europe and was transposed into UK domestic law last year, just prior to Brexit. This move is to protect children under 18 from content that may harm their mental, physical or moral development - a major focus here is video sites.

So what can we expect to see? Will age verification become the new 'cookies accept all'?

Several new laws introduced in the UK and Europe now mean that websites, apps, games owners (aka Information Society Services) must establish the age of their users. The first of these new laws is the Audio-Visual Media Services Directive which is being progressively introduced across Europe and was transposed into UK domestic law last year, just prior to Brexit. This move protects children under 18 from content that may harm their mental, physical or moral development - a major focus here is video sites.

Access all ages - Tick, tick, tok  

Like we don't have enough tick boxes on the web already - we're about to get a few more. As a result of the General Data Protection Regulations, which dictate that it is only possible to give your permission for your personal data to be processed if you are over the age of 16 (or as young as 13 in the UK), we're going to see more' data processing' permissions boxes and age verification pop-ups in 2022. This means that one website may offer users varying access levels, depending on their age or the permissions granted.

The ICO's office has recently published the Age-Appropriate Design Code, also known as the Children's Code, which further argues that children of different age ranges below 18 should only be exposed to appropriate material for their generation. So, some sites must determine not only if a user is under 18 but whether they are 5 or 15, and adapt what they can access accordingly.

Parents will need to brace themselves for a significant shift. Even more, time will be spent over the shoulders' of their screen-enabled children, as those aged 12 or younger will need to secure the consent of their parents before they can legally share data with a website. And before long, the UK's Online Safety Bill will further extend these provisions to search engines and any sites which offer 'user to user services', in other words, user-generated content. The law is particularly demanding, requiring individual consent for each and every data controller and for parents to be advised of exactly how their children's data is going to be used before that permission can be regarded as effective. Exhausting just thinking about it.

Set an example, or be the example - it’s fine time

With threats of fines to the tune of 4% of the perpetrating company's worldwide turnover for the preceding financial year, the new legislations have set hares racing, making 'compliance' as much of a buzzword as 'content' has been for the last decade. Who will be the first company to fall foul and be made an example of?

My guess is that it'll be a major brand or at least a division of one. I also wouldn't rule out it being a brand that, by being seen as giving it an eye-wateringly large rap on the knuckles, the Government could win votes by taking action against it.

Who said that? The end of online anonymity

Don't get me wrong, I'm not saying 2022 will be the end of online anonymity - in fact, I'm not sure we'd achieve that by 2032 or that we'd want to, but I am sure that this will be one of the major debates in 2022 and beyond, caused by the latest catalyst - the horrific murder of MP David Amess, after receiving anonymous death threats from his killer.

There is already a lively debate ahead of the parliamentary scrutiny of the Online Safety Bill about whether the law should go further and require identity verification before users can publish their views about the world and other people in it online. For many, this is a step too far and would seriously inhibit the rights of individuals to access and share information safely online without fear of reprisal. But for others, including those in the public eye, subject to anonymous trolling, identifying an individual online is a prerequisite for applying the rule of law, for example, when considering libellous comments or death threats.

I am sure that we could end online anonymity if we needed or wanted to. I know that online verification is simple to apply from our own technology solutions, but whether the world is ready is a whole different matter.

No more sweets at the checkout - advertisers will be stopped targeting kids  

2022 will see improved transparency on data use, especially for children. The analysis, often by complex algorithms based on extensive data sets gathered from a whole range of our activities online, that is then used to target us with advertising for products we are likely to buy, is already the subject of multiple campaigns for its outlawing.

Where this machine learning targets children, regulators already have very strong signals that this is entirely unacceptable. For this reason, we expect to see some changes here, where advertising content is more generic and based on the platform's content - just like broadcast TV advertising.

Suppose you consider the changes I've outlined in trends 2 and 3, with so much more clarity on the user's age. In that case, any new legislation will leave little room for error, as platform owners will know exactly who they are targeting based on their age verification requirements.

Ching, ching - steady hand on the tiller

2022 will mark the biggest crackdown on online financial scams. Why? Because it needs to. Since the start of the pandemic, consumers have relied more than ever before on the web. In the interest of the country operating effectively in the event of another lockdown, consumers need to feel safe to pay for items or make financial transactions online without the fear of being scammed. The 'buyer beware' advice of the financial regulators will no longer cut the mustard, with calls already being made for the Online Safety Bill to be widened to address these financially crippling traps.