eSafety Commissioner’s new powers to help combat online child sexual exploitation, and the ESG impact on business

Danielle Crowe, Mariam Azzo, Samy Mansour and Elizabeth Forbes
16 Sep 2022
Time to read: 2 minutes

Some of the world’s largest tech companies have been the first to be served with world-first legal orders by Australia’s eSafety Commissioner. These orders aim to lift the hood on what the companies are doing (or, are not doing) to protect their users from harm caused by online child exploitation and abuse.

The widespread issue of child sexual exploitation material online is a global disaster, with 29.1 million reports made to the National Centre for Missing and Exploited Children last year alone. Since 2015, eSafety has handled more than 61,000 complaints about illegal and restricted content – the majority of these involving child sexual exploitation material (CSAM). Australia’s eSafety Commissioner, Julie Inman Grant, has said that eSafety has seen a surge in reports about CSAM since the start of the pandemic, “as technology was weaponised to abuse children” and that the harm experienced by victim-survivors is perpetuated when platforms and services fail to detect and remove the content.  

The Online Safety regime

On 23 January 2022, the Online Safety Act 2021 (Cth) came into effect, the objects of which are to improve and promote online safety for Australians. The Act gives eSafety improved powers to help protect all Australians from the most serious forms of online harm.

Under the new Basic Online Safety Expectations (the Expectations), a key part of the Act, eSafety can issue legal notices requiring providers of social media services, messaging services, gaming services, file-sharing services and other apps and certain other sites accessible from Australia as defined in the Act (Relevant Providers) to report on how they are meeting any or all of the Expectations. eSafety can also publish statements about the extent to which services are meeting the Expectations.

On 29 August 2022, in an initial information-gathering exercise, eSafety issued notices to a number of the world’s largest tech companies as part of the implementation of the Expectations – requiring them to report on the measures that they are taking (or not taking) to address the creation and spread of CSAM on their platforms and services. eSafety decided on this first batch of companies based on considerations such as the number of complaints to eSafety, the company’s reach, and how much information is already public.

Under the Act, companies who fail to comply and respond to a notice within 28 days risk facing civil penalties of up to $555,000 a day.

Importantly, eSafety plans to issue further notices to additional Relevant Providers in due course to build a comprehensive picture of online safety measures across a wide range of services.

So, what should providers be doing now?

It has been a long time coming, but Relevant Providers must be upfront on the steps they are taking so that eSafety can understand the full picture of online harms occurring and collectively focus on the best way to combat them.

Given eSafety’s announcement that it will be issuing more notices, Relevant Providers should get ahead of the curve and put the “Social” pillar in the ESG agenda to work by taking greater responsibility for material on their platforms. As a first step, Relevant Providers should review and consider:

  • the Expectations’ regulatory guidance;
  • eSafety’s Safety by Design principles and assessment tools (these resources will enable Relevant Providers to audit and improve their current safety practices and position themselves to meet the Expectations); and
  • a summary of the information provided by eSafety at session with industry on 21 June 2022, outlining key aspects of our regulatory approach to the Basic Online Safety Expectations.

Even if a party is not a Relevant Provider, eSafety has commenced a public and industry consultation on the draft mandatory codes which were released on 1 September 2022. This public consultation closes on 2 October 2022 and eSafety and encourages all stakeholders (including consumers) to provide their views and lodge a submission here.

Get in touch

Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.