Key takeaways

Terms of Reference for the Review of the Online Safety Act 2021

• The Review has been brought forward one year earlier than the prescribed statutory review period.
• The Terms of Reference include a review of the operation and effectiveness of current OSA schemes, as well as consideration of whether further functions and powers should be granted to the eSafety Commissioner and whether penalties should apply in a broader range of circumstances.
• The Government also intends to undertake public consultation on the second stage reforms to the National Classification Scheme during the first half of 2024.

Doxxing and hate speech

• As a result of an increase in doxxing activity, the Government has indicated that anti-doxxing laws will be introduced as part of planned changes to the Privacy Act.
• Laws addressing hate speech will also be strengthened as part of the Religious Discrimination Bill package.
• Harmful online activities such as doxxing and hate speech are examples of the increasing potential for overlap between different regulatory regimes in Australia. For instance, whilst anti-doxxing laws are being considered as part of privacy reform due to the role of personal information in such activities, the Attorney-General has acknowledged that the eSafety Commissioner also has a role to play in addressing the online harms caused by doxxing.

In depth

Terms of Reference for the Review of the Online Safety Act 2021

The Terms of Reference set out a broad range of considerations for the Review, with a focus on the following areas:

• Operation and effectiveness of the OSA:
  • The appropriateness of the objects of the Act in achieving the Government's current online safety policy intent.
  • The operation and effectiveness of selected statutory schemes concerning cyber-bullying and cyber-abuse material, non-consensual sharing of intimate images, the Online Content Scheme, and material depicting abhorrent violent conduct.
  • The operation and effectiveness of the Basic Online Safety Expectations (BOSE) regime in the Act. See our previous alerts here and here for information regarding the BOSE regime.
• Statutory and regulatory arrangements to address online harms:
  • Whether additional arrangements are warranted to address online harms not explicitly captured under the existing statutory schemes, including in relation to online hate and abuse, volumetric (pile-in) attacks, technology-facilitated abuse and gender-based violence, and harms arising from emerging technologies including artificial intelligence and end-to-end encryption
  • Whether the regulatory arrangements, tools and powers available to the eSafety Commissioner should be amended and/or simplified, through consideration of the introduction of a duty of care requirement towards users and ensuring industry acts in the best interests of the child
• Enforcement powers under the OSA:
  • Whether penalties should apply to a broader range of circumstances
  • Whether the current scope of the eSafety Commissioner's roles and responsibilities and the information gathering powers, investigative powers, enforcement powers, civil penalties or disclosure of information provisions should be amended
  • Potential cost recovery from industry for eSafety’s regulatory activities

The Final Report of the Review is expected to be provided to the Minister for Communications by 31 October 2024.

The accelerated timing of the Review indicates that online safety remains a key area of focus for the Government given evolving technologies and changes in patterns of malicious online activity between end users. The Terms of Reference suggest that a key focus of the Review will be on further strengthening the OSA with the possibility of increased powers for the eSafety Commissioner, broadening of penalties and the addition of new schemes and requirements. 

The Review provides a significant and important opportunity for industry participants and other interested parties to share their views with regard to the operation of the OSA to date, and the various other matters within the scope of the Terms of Reference.

It also appears that the long-awaited second stage reforms to the National Classification Scheme will be progressed in the coming months – a key reform process that also underpins the operation of the Online Content Scheme in the OSA.

Doxxing and hate speech reforms

• Doxxing refers to the malicious release of personal information on online platforms without permission. While legislation is yet to be drafted, the Government has suggested that it intends to introduce laws against doxxing as soon as possible.
• Doxxing activities have the potential to fall within the ambit of both the Privacy Act and the OSA.  This provides a good example of the increasing potential for overlap between different regulatory regimes aimed at digital platforms and other online activity. While invasion of privacy and use of people's personal information are issues governed under the Privacy Act, online harms are more broadly regulated under the OSA.
• Hate speech provides another key example of potential regulatory intersection. The Government has announced its intention to strengthen laws addressing hate speech and to bring them forward as a package with a planned Religious Discrimination Bill. At a State and Territory level, New South Wales is conducting a review into its laws on threats and incitement to violence and Victoria consulted in 2023 on strengthening its own anti-vilification laws. Additionally, stronger hate crime laws will be in effect in Queensland from late April 2024. In parallel, changes are also currently under consideration to the BOSE to specifically regulate hate speech under that instrument.
• Both of these developments highlight the growing need for coordination across reform processes to ensure that a consistent and effective approach is taken on key issues that fall across multiple regulatory regimes and multiple regulators.

* * * * *

With thanks to Alison Chen, Fiona Liu and Liz Grimwood-Taylor for their assistance with this alert.