The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?

The Online Safety Bill and Investigatory Powers Act (snoopers’ charter) update: What you need to know

Verified by Molly Dyson

From Queen Elizabeth II’s death to interest rate rises to Liz Truss’s short-lived tenure at the top, the past year in the UK has seen its fair share of high-profile stories.

But masked by this headline-hogging news, the past few months have seen several other developments inch their way into the public conversation. Stories that stand to have a far more dramatic and long-standing impact on the way we send messages and use the internet – and that raise serious questions about how we interact with each other and the online world.

We’re talking about two things: the Online Safety Bill’s introduction to parliament after years in the wilderness, and proposed changes to the Investigatory Powers Act 2016 (also known as the snoopers’ charter).

Combined, these happenings stand not only to build on existing legislation that dictates what access the UK government and its agencies have to our data and online activity – but to introduce even more measures to surveil and store what the UK public does on the internet.

So, below, we’re unpacking exactly what the Online Safety Bill and snoopers’ charter are and what they mean for you in 2023. We’ll explain what they do, who’s implementing them, and why it matters – as well as, most importantly, what you can do to stay safe online.

We’ll also be regularly updating this page with the latest movements on these breaking, ongoing developments, so you can stay in the know as events unfold.

What is the Online Safety Bill?

The Online Safety Bill (also known as the Online Harms Bill) began life as a whitepaper, published in April 2019. It was penned as a response to the array of online harms – such as hate speech, cyberbullying, and disinformation – for which the internet can be a breeding ground.

The UK government sums up the bill as “a new set of laws to protect children and adults online. It will make social media companies more responsible for their users’ safety on their platforms.”

It adds that: “These laws will require all social media companies to assess how their platforms could allow abusers to create anonymous profiles, and take steps to ban repeat offenders, preventing them from creating new accounts and limiting what new or suspicious accounts can do.”

Among the measures the whitepaper recommended back in 2019 were:

  • Requiring online platforms to enable their users to filter out objectionable content: including that which promotes self-harm.
  • Introducing age verification measures for websites hosting pornographic content.
  • Demanding that sites continually enforce their terms of services.
  • Providing parents and children with clear, accessible reporting lines to flag issues online as and when they arise.
  • Imposing hefty fines – either 10 per cent of a company’s revenue, or £18 million; whichever is higher – for non-compliant websites.

Essentially, the whitepaper laid the foundations for a heavily regulated online space – albeit one, in theory, that would make browsing the internet much safer for its users. The document became a draft bill first published in May 2021, and which landed in parliament in March 2022.

Since then – put on the backburner, perhaps, by events such as the Covid-19 pandemic and the UK’s exit from Europe – the bill has ballooned: almost doubling from its 145 pages in 2021 to 262 pages in 2023.

So, what happened?

The new measures contributing to the bill’s blow-up include:

  • Requiring that websites provide the option for users to verify their identity to clamp down on anonymous ‘trolls’.
  • Clamping down on scam advertisements online.
  • Criminalising cyberflashing (the act of sending unsolicited nude images through dating apps or social media).

All in all, the harmful online behaviours the bill plans to put a stop to include, as per the UK government’s website:

  • Child sexual abuse
  • Coercive or controlling behaviour
  • Extreme sexual violence
  • Fraud
  • Hate crime
  • Inciting violence
  • Illegal immigration and people smuggling
  • Promoting or facilitating suicide
  • Promoting self-harm
  • Revenge porn
  • Selling illegal drugs or weapons
  • Sexual exploitation
  • Terrorism

So, where is the bill now?

Slowly but surely, the Online Safety Bill has been making its way through the bureaucracy of British government – adding new clauses and conditions along the way like the wings of an already sprawling mansion.

The Online Safety Bill was passed to the House of Lords in January 2023, and – as of August 2023 – it’s still being debated in parliament. However, the bill is expected to receive royal assent sooner rather than later – and its passing into UK law is seen as simply a case of when, not if.

What is the Investigatory Powers Act?

While all this is happening, the UK government has been going about updating a much older piece of UK legislation – the Investigatory Powers Act (IPA). The IPA isn’t to be confused with the Online Safety Bill – although the two operate in a similar space, and will have comparable effects on the average UK internet user.

The IPA first received royal assent in November 2016, and – despite a growing petition of more than 130,000 signatures against it – came into force the following month.

But, because of the intrusive, wide-ranging surveillance powers it represented, the act is now better-known under the nickname given to it by its critics: the ‘snoopers’ charter’.

Its remit? To significantly expand the power of the British government’s ability to ‘snoop’ on its subjects’ emails, calls, texts, internet history, and location data – whether or not they’re suspected of any wrongdoing. The Charter requires web and phone companies to retain their customers’ information for 12 months – and provide security services, official agencies, and the police with unprecedented access to this data.

The much-maligned legislation also enables government agencies to hack into the British public’s personal devices – their phones, computers, and tablets – without any criminal intent suspected. On top of this, the hacking is not necessarily performed in a targeted way that singles out specific offenders, but in bulk – applied to huge numbers of UK residents, at any given time.

Like the Online Safety Bill, the IPA is UK legislation. That means it affects users in the UK, as well as any website or service with users in the UK – even if that company is based elsewhere.

How is the Investigatory Powers Act being updated?

In 2023, the British government is looking to update the snoopers’ charter’s powers.

On 5 June 2023, the Home Office opened an eight-week consultation it claimed to discuss “possible outcomes for revised IPA notices…intended to improve the effectiveness of the current regimes.”

Ostensibly, it’s to bring the IPA’s powers in line with technology’s advancements over the seven years since the legislation was launched – though some see the proposed updates as simply a bid to extend the charter’s already far-reaching remit.

The move? To demand that companies offering messaging services – such as Apple behind FaceTime and iMessage, and Meta behind WhatsApp – seek government approval around these messaging tools’ security features.

The proposed updates to the snoopers’ charter (which would come into force immediately, if approved) would allow the Home Office to block or disable these apps’ security features – without having to let the public know. Once received from the Home Office, these demands would need to be actioned immediately by the likes of Apple, WhatsApp, and Signal – without allowing time for review or appeal.

The new rules will also enable Ofcom, the UK’s communications regulator, to force these companies to scan messages for child sex abuse material.

The two-month snoopers’ charter consultation ended on 31 July 2023 – and we’re yet to hear anything from the UK government as to its outcomes and next steps. The traditional secrecy the IPA has been shrouded in doesn’t help here, either. But we’ll continue to update this page as more information comes to light – so, be sure to check back in for further details.

Who is opposing the Online Safety Bill and Investigatory Powers Act updates?

Apple, Meta (which owns WhatsApp and Facebook) and Signal (an encrypted instant messaging service) have all vehemently opposed the Online Safety Bill, as well as the IPA – and its proposed expansions.

These companies argue that any attempt to scan messages undermines the security and integrity of the end-to-end encryption these apps offer.

Signal and WhatsApp have both threatened to remove their service from the UK altogether, while Apple has already weighed in on the current consultation, laying out that it wouldn’t make changes to its products’ security features for a specific country that would weaken its product for all users. 

Apple has also argued that it wouldn’t be possible to make changes to its messaging services’ security features without a software update required – so it couldn’t be done behind closed doors, as the IPA proposes. The company also stated, more broadly, that the IPA’s new additions “constitute a serious and direct threat to data security and information privacy” – not just for people who use Apple’s products and services only in the UK, but around the world (cited by the BBC).

Other notable companies that have spoken out against the Online Safety Bill and snoopers’ charter – and the UK government’s attempts at mass surveillance in general – include:

  • Twitter
  • Yahoo!
  • Microsoft
  • Google

Signal’s president Meredith Whittaker has been a particularly vocal critic. Speaking to the BBC, she said the Online Safety Bill’s powers would compel messaging providers to “run government-mandated scanning services on their devices”.

In addition to the tech companies it stands to negatively impact on most (a number estimated to be around 25,000), the snoopers’ charter has also met criticism from a range of UK-based and global human rights, civil liberties, and online privacy advocates, such as Open Rights Group, Privacy International, Electronic Frontier Foundation (EFF), and Liberty.

The latter, Liberty, is embroiled in an ongoing legal battle with the charter’s dictates. In April 2018, it took a case – The People vs The Snoopers’ Charter, backed by more than £55,000 in public donations – to the High Court, and won. However, the case resurfaced in August 2019, when the High Court did a backflip and deemed that the IPA’s use of bulk warrants to collect and store data were, indeed, lawful. Liberty lost the case.

Liberty is appealing the decision, however, and is set to bring cases against other parts of the charter to court in the coming months and years.

Why is the UK implementing these measures?

The Home Office argues that the IPA is necessary for maintaining interests of national security. Amber Rudd, the home secretary when the bill was first passed in 2016, said: “The Investigatory Powers Act is world-leading legislation that provides unprecedented transparency and substantial privacy protection.

“The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight.”

Combating terrorism, then, appears to have been the IPA’s main goal. But the recent proposed changes – the ones subject to the consultation of June to July 2023 – indicate a refreshed approach focused on exposing the transmission of child sexual abuse material.

This renewed focus on the protection of children (as well as adults’ ability to protect their family’s younger members) is also a feature of the Online Safety Bill.

The government told the BBC that “companies should only implement end-to-end encryption if they can simultaneously prevent abhorrent child sexual abuse on their platforms. We will continue to work with them to seek solutions to combat the spread of child sexual abuse material while maintaining user privacy.”

These comments – and the UK government’s proposed cybersecurity measures at large – appear to place the onus on companies like WhatsApp and Apple.

How does the Investigatory Powers Act affect UK internet users?

When it was first passed, the IPA’s critics accused the UK government of introducing the legislation while the public was preoccupied with the Brexit debacle. Well, whether true or not, it passed – affecting anyone in the UK who’s used the internet since.

So, how does the IPA affect internet users? Let’s sum up its impact on online searches:

  • More surveillance: the IPA grants UK authorities – including intelligence and law enforcement agencies – the ability to collect and store a wide range of data on internet users, including their browsing history, emails, text messages, and more.
  • Data retention: the IPA also means the UK government can store this data for up to 12 months. This data doesn’t include the communications content, but it does include information about who you contacted, and when.
  • Bulk data collection: the IPA allows the UK authorities to gather and analyse large amounts of data en masse – indiscriminately invading the privacy of suspected and innocent internet users alike.
  • A ‘chilling effect’: in the long-term, the perceptions of increased surveillance and scrutiny the IPA’s presence and proposed updates will cause may lead to a ‘chilling effect’. This happens when internet users, afraid of expressing themselves online without retribution, become more cautious of what they say online – affecting freedom of expression and speech.
  • An increased technological and financial burden: the IPA’s ongoing influence may lead Internet Service Providers (ISPs) and other technology companies (such as Signal, WhatsApp, and Apple) to invest in new infrastructure to comply. This could lead to increased costs for them – costs that would almost certainly end up getting passed on to consumers.
  • Heightened cybersecurity concerns: the IPA’s critics argue that the more stringent data retention and collection requirements it imposes may make personal and sensitive information more vulnerable to breaches and malicious cyberattacks.

How to get around these bills with a VPN

It’s fair to say that no one likes being spied on.

The snoopers’ charter got its nickname for a reason, and the idea of our phones, tablets, and desktop computers being fair game for the government – to be hacked into and viewed, without our consent, even when we’ve done nothing wrong – isn’t a palatable one.

But, sadly, it’s already a reality – and, depending on the outcome of the Home Office’s recent consultation, it’s a situation of surveillance that will only become more demanding. Which begs the question – what can you do about it?

A VPN is a good place to start. VPNs (virtual private networks) protect you online by masking your IP address – the unique digital identifier assigned to your device when you browse the internet. 

Through creating an encrypted and secure tunnel between your device and a remote server, VPNs hide your data from the eyes of your ISP and other interested third parties – including the UK government. Some VPN users around the world are already harnessing them to get around the TikTok ban, for instance.

VPNs are typically billed on a subscription basis – so, like Netflix, you’ll pay a monthly or yearly fee for ongoing access. They’re typically simple to download, create an account, and set up on whatever device, or devices, you use to access the internet.

That said, not all VPNs are equal – and different providers come with varying levels of security and privacy. To brush up on the best VPNs on the market in 2023, our guide will help: we’ve tested and researched hundreds of providers, and compared the price points, privacy policies, and performance of each to bring you only the most reliable, reputable VPN suppliers.

The right VPN for you will also depend on which devices you do the majority of your browsing on – so be sure to dive into our breakdowns of the best VPNs for iPhone and the best VPNs for Android to safeguard your searches – and defend your data.

Potential risks and limitations of VPNs

Just as the Online Safety Bill and the IPA’s proposed updates come with their share of impacts on internet users, so too do VPNs carry their own set of limitations and risks.

These include:

  • Slower internet speeds: due to the additional routing and encryption of data involved, VPNs can slow down your internet connection: hampering your ability to stream high-definition videos, for example, or partake in online gaming.
  • Data protection and privacy concerns: while many VPNs claim to have a “no-logs” policy, not all, in practice, adhere to it. Some VPN providers may still log your data, leaving the door open for third parties to access it.
  • Legal considerations and local regulations: depending on the country your VPN provider is located, they still may be compelled, legally, to cooperate with authorities and share their users’ data.

It’s also important to remember that, while the most reputable VPNs do help obscure your IP address and encrypt your data while you browse, they don’t make you completely anonymous online – though they’re an excellent place to start.

For better or for worse?

Outcry against the Online Safety Bill and the mooted updates to the Investigatory Powers Act – from both the public and the companies that stand to be most affected – has been staunch.

Yet you don’t have to look far to see the nuances of taking a black-and-white stance.

Yes, the proposed powers can easily be considered an overreach; an overzealous, covetous grasp at implementing what would quickly become one of the world’s most stringent online surveillance policies. The policies, at worst, can be seen as a manifestation of the Orwellian obsession of total government control; an all-seeing eye a mere single step removed from the worst egresses of online totalitarianism.

Yet, at its best, these new measures could also pave the way for an online space in which the seeds of the world’s most harmful behaviours – bullying, revenge porn, child sexual abuse, terrorism, people smuggling – have a more limited ability to germinate and grow.

The other question that remains is exactly how much the UK government – if and when these proposed measures are inscribed into law – actually use them. Just because this wide wealth of powers is available, doesn’t mean they’ll be unleashed on the internet’s innocent subsection of users en masse, or in a way that infringes their rights on a daily basis.

Whatever happens (and you’ll know, because you’ll continue to read it here as events unfold), you can at least take steps to safeguard your – and your family’s – privacy online.

A VPN is the quickest, easiest, and most convenient way of safeguarding your activity on the internet – and helping you feel at home in a shifting regulatory space that only stands to get more complicated.

Rob Binns

Writer

Rob is an experienced writer and editor, with a wide range of experience in many topics, including renewable energy and appliances, home security, and business software. He has written for Eco Experts, Home Business, Expert Market, Payments Journal, and Yahoo! Finance. . 

Rob has a passion for smart home technology, online privacy, as well as the environment and renewables, which leads him to the Independent Advisor where he writes about related topics, including cyber security, VPNs, and solar power.

Molly Dyson

Editor

After growing up with a passion for writing, Molly studied journalism and creative writing at university in her home country of the United States.

She has written for a variety of print and online publications, from small town newspapers to international magazines. Most of her 10-year career since relocating to the UK has been spent in business journalism, writing and editing for admin professionals at PA Life magazine and business travel managers at Business Travel News Europe and representing those titles at conferences around the world.

Now an Editor at the Independent Advisor, Molly is an expert in a broad range of consumer topics, that include solar panels and renewables, home improvements and home insurance, and consumer technology such as home security and VPNs.

In her free time, Molly can usually be found exploring the outdoors with her husband and their young son or gardening.