Using ‘safety by design’ to address online harm may just turn out to be the silver bullet for policymakers around the world grappling with how to address the spread of harmful content and abuse online. An important paper by John Perrino, policy analyst at the Stanford Internet Observatory, details how this tool could help severely curtail if not eradicate the misinformation, child sexual abuse material (CSAM), harassment-stalking, and promotion of self-harm widely prevalent on the internet. He points out that recent rulemaking and legislative initiatives have seen a shift in how democratic states are holding social media companies accountable for the well-being of their users ~ from the United States of America to Europe and India. But it is the acceptance of the principles of “safety by design” which would place accountability, user empowerment, and transparency at the heart of the rules for online life.
Safety by design in practice, as it were, builds on the concept of “choice architecture”, which describes how the daily choices we make are shaped by how they are presented to us. Social media platforms have notoriously applied this concept to their product design to build applications that keep users engaged regardless of the benefits or harms of their experience ~ design choices that are often referred to as dark patterns, writes Perrino. As a consequence, policymakers are now taking a deep dive into the literature on behavioural science to understand online harms and place user safety at the heart of technical systems. Safety by design extends foundational concepts in online privacy and security, especially ‘privacy by design’, which was developed by the scholar Ann Cavoukian. She worked to integrate this concept into government regulation while serving as the information and privacy commissioner of Ontario, Canada, from 1997 to 2014.
Cavoukian’s seven privacy by design principles emphasised the need for default and embedded privacy protections as online services became more complex and ubiquitous. The principles include independent audits. By giving users easy control over privacy settings, Cavoukian aimed for a “user-centric” approach to design that offered strong privacy by default. Privacy by design has since been incorporated as the foundation for the European Union’s General Data Protection Regulation (GDPR) and countries around the world have introduced similar legislation. Safety by design, crucially, builds upon ‘security by design’ ~ a set of cybersecurity guidelines for building and maintaining secure systems. Perrino notes that an organisational security approach is based on anticipating and guarding against the misuse of data or cyberattacks with principles that include regular monitoring, user verification, and limiting permissions to users who need access to specific systems and data.
Safety by design similarly recognises the potential for misuse and abuse of social tools and the need to proactively address and adapt to protect against that behaviour. By providing users with greater control over their experiences online, safety by design can reduce harms in online spaces while protecting free speech. India needs to pay close attention to these developments as it prepares to put in place a new law to regulate digital platforms.