The Albanese government has committed to legislating a “digital duty of care”, but what does that really mean and why do we want it?
Duty of care refers to the obligation that a business has to ensure that their actions, products, or services do not cause unreasonable harm to their customers. This concept has been well-established since 1932, thanks to Donoghue v Stevenson: the famous snail-in-the-bottle-of-ginger-beer case.
In terms of Internet companies, when their products cause unreasonable harm, we can use their legal duty of care to demand they stop. We have a variety of reasons for doing so.
From a feminist perspective, internet companies often fail to protect women from digital harms like deepfakes, sextortion, and cyberstalking. Meanwhile, the child-safety perspective raises alarm about how easily children can access inappropriate content or fall victim to online predators.
There is also a national security perspective to a digital duty of care. Far-right radicalisation is a global problem on many online platforms. Youtube’s algorithms in particular deserve scrutiny over their ability to lead individuals towards hateful content. A study by Reset Tech Australia found that it took under 30 minutes for Youtube’s algorithm to pack a new user’s feed with misogynistic and racist content.
A legislated digital duty of care has a strong argument behind it, but it carries practical risks too;
Implementation is complicated.
One major challenge is figuring out with whom the duty of care rests. For example, suppose a tech platform uses mandatory abuse material detection technology but it performs poorly and harms users as a result. Who’s responsible for that breach of a duty of care? The platform? The third-party provider of the detection software? The government for mandating it? And equally importantly, how would they be held accountable.
What constitutes reasonable steps to meet a duty of care?
What denotes reasonable will depend on the nature of the organisation, the type of data it handles and its size. We should expect enormous internet platforms to take greater action to protect their users than small hobbyist sites.
Too much flexibility surrounding what constitutes reasonable steps can result in large platforms being able to wriggle-out of their obligations, whereas too much rigidity can result in smaller sites being unduly punished.
It could open the door to overreach.
Vitally, without strong privacy protections in place, Australians are vulnerable to censorship and surveillance under the banner of “care.” Companies could use the guise of fulfilling their duty of care to dig through user-data or behaviours. Germany’s Network Enforcement Act (Netzwerkdurchsetzungsgesetz, or NetzDG) is a cautionary tale here, it’s faced harsh yet reasonable criticism for enabling over-censorship and government surveillance in the name of protecting users.