The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?
From Queen Elizabeth II’s death to interest rate rises to Liz Truss’s short-lived tenure at the top, the past year in the UK has seen its fair share of high-profile stories.
But masked by this headline-hogging news, the past few months have seen several other developments inch their way into the public conversation. Stories that stand to have a far more dramatic and long-standing impact on the way we send messages and use the internet – and that raise serious questions about how we interact with each other and the online world.
We’re talking about two things: the Online Safety Bill’s introduction to parliament after years in the wilderness, and proposed changes to the Investigatory Powers Act 2016 (also known as the snoopers’ charter).
Combined, these happenings stand not only to build on existing legislation that dictates what access the UK government and its agencies have to our data and online activity – but to introduce even more measures to surveil and store what the UK public does on the internet.
So, below, we’re unpacking exactly what the Online Safety Bill and snoopers’ charter are and what they mean for you in 2023. We’ll explain what they do, who’s implementing them, and why it matters – as well as, most importantly, what you can do to stay safe online.
We’ll also be regularly updating this page with the latest movements on these breaking, ongoing developments, so you can stay in the know as events unfold.
The Online Safety Bill (also known as the Online Harms Bill) began life as a whitepaper, published in April 2019. It was penned as a response to the array of online harms – such as hate speech, cyberbullying, and disinformation – for which the internet can be a breeding ground.
The UK government sums up the bill as “a new set of laws to protect children and adults online. It will make social media companies more responsible for their users’ safety on their platforms.”
It adds that: “These laws will require all social media companies to assess how their platforms could allow abusers to create anonymous profiles, and take steps to ban repeat offenders, preventing them from creating new accounts and limiting what new or suspicious accounts can do.”
Among the measures the whitepaper recommended back in 2019 were:
Essentially, the whitepaper laid the foundations for a heavily regulated online space – albeit one, in theory, that would make browsing the internet much safer for its users. The document became a draft bill first published in May 2021, and which landed in parliament in March 2022.
Since then – put on the backburner, perhaps, by events such as the Covid-19 pandemic and the UK’s exit from Europe – the bill has ballooned: almost doubling from its 145 pages in 2021 to 262 pages in 2023.
So, what happened?
The new measures contributing to the bill’s blow-up include:
All in all, the harmful online behaviours the bill plans to put a stop to include, as per the UK government’s website:
So, where is the bill now?
Slowly but surely, the Online Safety Bill has been making its way through the bureaucracy of British government – adding new clauses and conditions along the way like the wings of an already sprawling mansion.
The Online Safety Bill was passed to the House of Lords in January 2023, and – as of August 2023 – it’s still being debated in parliament. However, the bill is expected to receive royal assent sooner rather than later – and its passing into UK law is seen as simply a case of when, not if.
While all this is happening, the UK government has been going about updating a much older piece of UK legislation – the Investigatory Powers Act (IPA). The IPA isn’t to be confused with the Online Safety Bill – although the two operate in a similar space, and will have comparable effects on the average UK internet user.
The IPA first received royal assent in November 2016, and – despite a growing petition of more than 130,000 signatures against it – came into force the following month.
But, because of the intrusive, wide-ranging surveillance powers it represented, the act is now better-known under the nickname given to it by its critics: the ‘snoopers’ charter’.
Its remit? To significantly expand the power of the British government’s ability to ‘snoop’ on its subjects’ emails, calls, texts, internet history, and location data – whether or not they’re suspected of any wrongdoing. The Charter requires web and phone companies to retain their customers’ information for 12 months – and provide security services, official agencies, and the police with unprecedented access to this data.
The much-maligned legislation also enables government agencies to hack into the British public’s personal devices – their phones, computers, and tablets – without any criminal intent suspected. On top of this, the hacking is not necessarily performed in a targeted way that singles out specific offenders, but in bulk – applied to huge numbers of UK residents, at any given time.
Like the Online Safety Bill, the IPA is UK legislation. That means it affects users in the UK, as well as any website or service with users in the UK – even if that company is based elsewhere.
In 2023, the British government is looking to update the snoopers’ charter’s powers.
On 5 June 2023, the Home Office opened an eight-week consultation it claimed to discuss “possible outcomes for revised IPA notices…intended to improve the effectiveness of the current regimes.”
Ostensibly, it’s to bring the IPA’s powers in line with technology’s advancements over the seven years since the legislation was launched – though some see the proposed updates as simply a bid to extend the charter’s already far-reaching remit.
The move? To demand that companies offering messaging services – such as Apple behind FaceTime and iMessage, and Meta behind WhatsApp – seek government approval around these messaging tools’ security features.
The proposed updates to the snoopers’ charter (which would come into force immediately, if approved) would allow the Home Office to block or disable these apps’ security features – without having to let the public know. Once received from the Home Office, these demands would need to be actioned immediately by the likes of Apple, WhatsApp, and Signal – without allowing time for review or appeal.
The new rules will also enable Ofcom, the UK’s communications regulator, to force these companies to scan messages for child sex abuse material.
The two-month snoopers’ charter consultation ended on 31 July 2023 – and we’re yet to hear anything from the UK government as to its outcomes and next steps. The traditional secrecy the IPA has been shrouded in doesn’t help here, either. But we’ll continue to update this page as more information comes to light – so, be sure to check back in for further details.
Apple, Meta (which owns WhatsApp and Facebook) and Signal (an encrypted instant messaging service) have all vehemently opposed the Online Safety Bill, as well as the IPA – and its proposed expansions.
These companies argue that any attempt to scan messages undermines the security and integrity of the end-to-end encryption these apps offer.
Signal and WhatsApp have both threatened to remove their service from the UK altogether, while Apple has already weighed in on the current consultation, laying out that it wouldn’t make changes to its products’ security features for a specific country that would weaken its product for all users.
Apple has also argued that it wouldn’t be possible to make changes to its messaging services’ security features without a software update required – so it couldn’t be done behind closed doors, as the IPA proposes. The company also stated, more broadly, that the IPA’s new additions “constitute a serious and direct threat to data security and information privacy” – not just for people who use Apple’s products and services only in the UK, but around the world (cited by the BBC).
Other notable companies that have spoken out against the Online Safety Bill and snoopers’ charter – and the UK government’s attempts at mass surveillance in general – include:
Signal’s president Meredith Whittaker has been a particularly vocal critic. Speaking to the BBC, she said the Online Safety Bill’s powers would compel messaging providers to “run government-mandated scanning services on their devices”.
In addition to the tech companies it stands to negatively impact on most (a number estimated to be around 25,000), the snoopers’ charter has also met criticism from a range of UK-based and global human rights, civil liberties, and online privacy advocates, such as Open Rights Group, Privacy International, Electronic Frontier Foundation (EFF), and Liberty.
The latter, Liberty, is embroiled in an ongoing legal battle with the charter’s dictates. In April 2018, it took a case – The People vs The Snoopers’ Charter, backed by more than £55,000 in public donations – to the High Court, and won. However, the case resurfaced in August 2019, when the High Court did a backflip and deemed that the IPA’s use of bulk warrants to collect and store data were, indeed, lawful. Liberty lost the case.
Liberty is appealing the decision, however, and is set to bring cases against other parts of the charter to court in the coming months and years.
The Home Office argues that the IPA is necessary for maintaining interests of national security. Amber Rudd, the home secretary when the bill was first passed in 2016, said: “The Investigatory Powers Act is world-leading legislation that provides unprecedented transparency and substantial privacy protection.
“The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight.”
Combating terrorism, then, appears to have been the IPA’s main goal. But the recent proposed changes – the ones subject to the consultation of June to July 2023 – indicate a refreshed approach focused on exposing the transmission of child sexual abuse material.
This renewed focus on the protection of children (as well as adults’ ability to protect their family’s younger members) is also a feature of the Online Safety Bill.
The government told the BBC that “companies should only implement end-to-end encryption if they can simultaneously prevent abhorrent child sexual abuse on their platforms. We will continue to work with them to seek solutions to combat the spread of child sexual abuse material while maintaining user privacy.”
These comments – and the UK government’s proposed cybersecurity measures at large – appear to place the onus on companies like WhatsApp and Apple.
When it was first passed, the IPA’s critics accused the UK government of introducing the legislation while the public was preoccupied with the Brexit debacle. Well, whether true or not, it passed – affecting anyone in the UK who’s used the internet since.
So, how does the IPA affect internet users? Let’s sum up its impact on online searches:
It’s fair to say that no one likes being spied on.
The snoopers’ charter got its nickname for a reason, and the idea of our phones, tablets, and desktop computers being fair game for the government – to be hacked into and viewed, without our consent, even when we’ve done nothing wrong – isn’t a palatable one.
But, sadly, it’s already a reality – and, depending on the outcome of the Home Office’s recent consultation, it’s a situation of surveillance that will only become more demanding. Which begs the question – what can you do about it?
A VPN is a good place to start. VPNs (virtual private networks) protect you online by masking your IP address – the unique digital identifier assigned to your device when you browse the internet.
Through creating an encrypted and secure tunnel between your device and a remote server, VPNs hide your data from the eyes of your ISP and other interested third parties – including the UK government. Some VPN users around the world are already harnessing them to get around the TikTok ban, for instance.
VPNs are typically billed on a subscription basis – so, like Netflix, you’ll pay a monthly or yearly fee for ongoing access. They’re typically simple to download, create an account, and set up on whatever device, or devices, you use to access the internet.
That said, not all VPNs are equal – and different providers come with varying levels of security and privacy. To brush up on the best VPNs on the market in 2023, our guide will help: we’ve tested and researched hundreds of providers, and compared the price points, privacy policies, and performance of each to bring you only the most reliable, reputable VPN suppliers.
The right VPN for you will also depend on which devices you do the majority of your browsing on – so be sure to dive into our breakdowns of the best VPNs for iPhone and the best VPNs for Android to safeguard your searches – and defend your data.
Just as the Online Safety Bill and the IPA’s proposed updates come with their share of impacts on internet users, so too do VPNs carry their own set of limitations and risks.
These include:
It’s also important to remember that, while the most reputable VPNs do help obscure your IP address and encrypt your data while you browse, they don’t make you completely anonymous online – though they’re an excellent place to start.
Outcry against the Online Safety Bill and the mooted updates to the Investigatory Powers Act – from both the public and the companies that stand to be most affected – has been staunch.
Yet you don’t have to look far to see the nuances of taking a black-and-white stance.
Yes, the proposed powers can easily be considered an overreach; an overzealous, covetous grasp at implementing what would quickly become one of the world’s most stringent online surveillance policies. The policies, at worst, can be seen as a manifestation of the Orwellian obsession of total government control; an all-seeing eye a mere single step removed from the worst egresses of online totalitarianism.
Yet, at its best, these new measures could also pave the way for an online space in which the seeds of the world’s most harmful behaviours – bullying, revenge porn, child sexual abuse, terrorism, people smuggling – have a more limited ability to germinate and grow.
The other question that remains is exactly how much the UK government – if and when these proposed measures are inscribed into law – actually use them. Just because this wide wealth of powers is available, doesn’t mean they’ll be unleashed on the internet’s innocent subsection of users en masse, or in a way that infringes their rights on a daily basis.
Whatever happens (and you’ll know, because you’ll continue to read it here as events unfold), you can at least take steps to safeguard your – and your family’s – privacy online.
A VPN is the quickest, easiest, and most convenient way of safeguarding your activity on the internet – and helping you feel at home in a shifting regulatory space that only stands to get more complicated.
