The social media policy ratchet | Open Rights Group

Blog The social media policy ratchet

Digital Privacy

The social media policy ratchet

For more than a decade, UK governments have introduced successive child safety measures, responding to public concern about the availability of content that is either unsuitable or harmful to children, or due to harmful interactions ranging from bullying. Yet at each stage, the measures have delivered far less than was expected. Meanwhile, as online problems appear to escalate, the measures imposed seem more and more extreme, and even politicians admit that they’re likely to be less than fully effective. What is going on?

This blog aims to be an in-depth analysis, using some analytical tools that you may not be familiar with. They should be reasonably intuitive, but take your time if you can, as I try to bring some new ways of looking at the Online Harms policy space, that government itself says it uses when dealing with complex policy problems.

How it started

To recap what measures have been imposed so far: This began with the UK persuading ISPs and mobile providers to have Internet filters on by default in 2013 The expectation was that these would largely restrict access to adult and harmful content for children and teens. In practice, users in households did not want filters installed across all adults and children. For mobile users, providers found it impractical to block much more than pornography. Most importantly, over-blocking has caused a lot of legitimate and entirely harmless material to be blocked, including advice for people at risk, as highlighted by ORG’s Blocked tool.

The Online Safety debate and then Act was a response to the limited impact of filters, with the policy process starting in 2017. The measures announced in 2019 centred around a ‘duty of care’ and attempted to impose restrictions on harmful content for adults as well as children. The Online Safety Act, passed in 2023, has fuelled the use of age verification to allow adults to access content that might be unsuitable for children. Age Verification remains improperly regulated and largely US processed. Even the poster child of ‘doing it right’, Yoti, has been fined by the Spanish data protection authorities and criticised by privacy researchers.

The OSA is too complicated for us to summarise everything about it. But clearly, segregating categories of content like ‘violence’ (including UK police or Israeli military violence), ‘sexuality’ (including LGBTQ+ advice and social discussions), ‘drugs’ (including discussion of managing harms and avoiding risks), and so on, is problematic. Firstly, because the aim is to prevent teenagers from accessing this content, and secondly because adults are required to age verify and sacrifice privacy to access what can include political and socially important content. Future measures will include automated takedowns, and could even include breaking encryption to scan content.

Finally, the OSA has ended up with small but incredibly safe sites from shutting down or blocking UK access, due to compliance problems. The OSA is in this dimension preventing solutions to the problem of online safety.

Now there are proposals to remove children from social media and games’ chat systems, and for phones to scan for user created sexual images by default. These proposals also mean age verification for adults to access social media or to stop phones from scanning what they take photos of.

What the policy process is doing

Let’s take a step back and look at the way the policy process is designed, and why the measures seem less than effective. Firstly, I would like to introduce something about how government says it develops policy. It provides policy development guidance that is designed to ensure that unintended consequences are avoided, and that policy aims will deliver the intended results. To ensure this is done properly, the Government Office for Science provides an Introductory systems thinking toolkit for civil servants. Patrick Vallance explains:

The design of effective policies for citizens, communities and the UK requires policy makers to understand interconnected systems. For example, the role of transport in accessing healthcare. The most effective policy professionals across the UK Civil Service develop and deploy systems approaches in their work and I encourage all my colleagues to make full use of this toolkit.

What Vallance is pointing to is the problem of repeated policy failures like the War on Drugs, or the way that new roads generate new traffic and fail to stop traffic jams, or how the criminal justice system and longer sentences generate new crime. Highly complex systems and simplistic interventions really do not mix. Genuine solutions require careful thought to ensure that systems and policy goals actually align.

Online Safety is truly an “interconnected system” with a great deal of complexity. Following the government’s policy guidance, then, we can use some of their tools to describe at least some of their interconnections.

This is a basic flow diagram using Systems Dynamics, as the GOS advises. Systems Dynamics is a tool made famous by Limits to Growth, which presented a model of world resource usage that lead to the environmental sustainability debates of the 1970s, and by Peter Senge in the business world, with his book The Fifth Discipline.

The graph describes the social media and online harms dynamics. In the diagram, each measurable part of the system, or “stock”, causes changes in other parts, or “stocks”. Where the relationship is positive, ie causing an increase, such as users creating more content, the arrow is marked with a plus (+). Where negative, a minus (-) shows a negative causal reduction.

This allows us to see the pattern of interactions. While the graphs are my view of the system, most of the relations are generally accepted by people in the debate, including safety campaigners.

The graph shows on the top right the “attention economy”, with attention and user interaction being reinforced by algorithms, and these also reinforcing profits. These are reinforcing loops, or “virtuous cycles” in the view of social media companies. However, from the perspective of safety campaigners and free expression organisations like ORG, Amnesty and others, these cycles also cause increases in harmful content, and illegal content. These are shown in the centre of the diagram.

On the left of the diagram, we see the policy results. Harmful content generates calls for age verification; this generates Evasion by users; this generates calls for tougher age verification, such as application to VPNs, in a reinforcing cycle. As the pipeline of harmful content is not reduced, calls for age restrictions are unlikely to reduce.

For illegal content, we see pressure for more and more content to be moved from Other illegal content, which is anything illegal that a platform must remove if reported, to the Priority illegal content bucket, starting with terrorism and child abuse material, where platforms must remove the content through scanning and algorithmic identification. Here, there may be a bit more policy resistance where too much content is removed.

What is also apparent is that the measures are mostly burdens on users, rather than platforms. They cause privacy and free expression costs, introduce age verification and other barriers that act on users.

The graph illustrates a policy system where the measures are not really acting on the production of problematic content. The engine of online harms, ie algorithmic prioritisation, remains essentially untouched. The attention-seeking goal of the social media system is not changed, and the policy interventions seem to work against rather than with the overall system. This ought to call into question whether the online safety policy approach is really trying to act systemically and effectively. Could other interventions make more sense than simply trying to restrict content and access to content?

In this graph, I have mapped out the basics of the user attention economy that we saw above in a bit more detail. Again, none of the relationships depicted are unknown or controversial. The main loops we see are that the Total active userbase increases Content production, which leads to content prioritisation due to the glut of content. Content production also increases User dependency, which increases the Total active userbase. Content production also increases User satisfaction, also increasing the Total active userbase. So far, all great for the social media company, which also uses the loop of Content prioritisation by algorithms to increase Ad revenue (and thereby Profits).

As before, we note that Illegal and lawful but awful content is also produced by the algorithms system, while Regulatory counter-measures seek to reduce this.

What is illustrated in the graph but appears forgotten in the policy debate however, is that the presence of lawful but awful content, and poor interactions, ought to lead to a decrease in User satisfaction, (illustrated by the long arrow at the foot of the graph) which would then break the reinforcement loop holding up the Total user base. Yet it doesn’t, presumably because of User dependency.

As is noted in many guides to Systems Dynamics, these kinds of graphs help show you where the intervention points really are. What we are looking for is places where there are lots of arrows flowing in. Here the obvious ones are Total active userbase and Content prioritisation by algorithms, and perhaps Content production. These seem central to the system we are illustrating.

In other words, if we could find ways to change how the social media companies retain their Total active userbase, by reducing User dependency, then social media companies might have to re-evaluate what was causing customers to leave. Or perhaps Content production could be less of a driver of User dependency, if people could interact with the content through third parties.

Similarly, if government introduced interventions that acted on the algorithms, like letting users choose any prioritisation engine they liked, then users might act to reduce the harmful content they receive.

Lastly, we should note that in these graphs I have narrowed the policy space that we are looking at. Social media is embedded in society, and wider economics. We have not looked at the role of social media in children’s lives, or their own offline social experiences. There are questions around the way that educators and parents are supported.

However, the analysis above does show that there are a few immediately obvious interventions government could take to change the way the whole system works. They are not a silver bullet, and we do not claim they are the entire answer, nor necessarily politically easy; nor are they a replacement for content duties, but they could help better align the social media content system with the policy goal of safety. They are:

  • User switching rights: so users can leave Facebook, Instagram, X, Threads, etc, while retaining their contact networks, as you can with your phone number or your email account. This was identified by the Competition and Markets Authority, for example, as a potential intervention to create competition in social media.
  • Freeing user feeds: ensuring that users can control content on platforms, directly or by third parties, so that users can decide what makes them safer and what gives them value.
  • Creating competition by breaking up platforms: it is unclear why platforms should be able to own multiple social networks, or why tech giants should be able to use social media platforms as part of a wider business strategy.
  • Socially-driven social media: would these dynamics be wholly different if social media was socially owned and controlled? That seems to be the case for Mastodon and BlueSky, where user switching rights are central, and their communities power small environments, which appear to lead to much safer online spaces

That is plenty to think about for now. The UK can stick to a policy ratchet where failed policies lead to more of the same, without really causing anyone at a social media company to blink. Or it can engage in more effective policy design, by looking at the social media system in its fuller context, and then shifting the measures from costs on users, to user empowerment, directly tackling the market power of social media which is generating online harms.

Free expression online

Fix the Online Safety Act

Read more about the Fix the Online Safety Act

campaign

Related Blogs

Digital Privacy

14 May 2026 By Mariano delli Santi

The ICO isn’t doing its job – why the data watchdog needs to be reset

Digital Privacy

17 Mar 2026 By Mariano delli Santi

Break privacy to make privacy? Age verification isn’t the answer

Digital Privacy

18 Feb 2026 By James Baker

Online safety needs structural change, not more layers of control

Digital Privacy

11 Feb 2026 By Open Rights Group

To consent or pay?

Digital Privacy

03 Feb 2026 By Mariano delli Santi

How do advertisers track you online?

Digital Privacy

03 Feb 2026 By Open Rights Group

How to Stop Stalker Ads

Digital Privacy

28 Jan 2026 By Mariano delli Santi

Give a bit, they’ll take a megabyte: Data Protection Then and Now

Digital Privacy

14 Jan 2026 By Jim Killock

Techno-Permacrisis

Digital Privacy

14 Jan 2026 By Sara Alsherif

Saving time, risking lives: Government uses AI tools to inform asylum decisions

Digital Privacy

30 Sep 2025 By Mariano delli Santi

Digital Privacy

30 Sep 2025 By Mariano delli Santi

Digital Privacy

18 Jun 2025 By Alberico Ricci

Automated Hiring and Firing: How the Data Act will harm gig workers

Digital Privacy

13 May 2025 By Mariano delli Santi

Data Bill: First They Came for Trans People

Digital Privacy

30 Apr 2025 By James Baker

What Do Political Parties Really Know About You?

Digital Privacy

23 Dec 2024 By Pam Cowburn

ORG Review 2024

Digital Privacy

08 Oct 2024 By Mariano delli Santi

The ICO is leaving an AI enforcement gap in the UK

Digital Privacy

18 Sep 2024 By Jim Killock

e-Visas: The Next Digital Windrush Scandal

Digital Privacy

01 Aug 2024 By Mariano delli Santi

Light and Shadow of the Digital Information and Smart Data Bill

Digital Privacy

26 Jul 2024 By Mariano delli Santi

AI Regulation: Will Labour Promote Growth and Protect Rights?

Digital Privacy

16 Jul 2024 By Mariano delli Santi

Meta Wants to Make Us its AI Guinea Pigs

Digital Privacy

08 May 2024 By Mariano delli Santi

Smart meter data: the Government's at it again

Digital Privacy

23 Apr 2024 By Sara Alsherif

Why Migrants Need Digital Sanctuary

Digital Privacy

20 Mar 2024 By Mariano delli Santi

The ICO Must Toughen Up

Digital Privacy

19 Mar 2024 By Pam Cowburn

The Post Office Scandal and Data Protection

Digital Privacy

07 Mar 2024 By Sara Alsherif

Government does the bare minimum to update the Immigration Exemption

Digital Privacy

31 Jan 2024 By Jim Killock

Are British Data Rights falling behind our EU neighbours?

Digital Privacy

13 Dec 2023 By Alexander Dolphin

Government powers overdrawn

Digital Privacy

28 Jul 2023 By Mariano delli Santi

The CPTPP: trading away your privacy rights

Digital Privacy

14 Dec 2022 By Mariano delli Santi

Data Grab Bill from an EU perspective

Digital Privacy

21 Jun 2017 By Jim Killock

Queen's speech 2017 – threats to privacy and free speech

Digital Privacy

04 Jun 2017 By Jim Killock

The London Attacks

Digital Privacy

01 May 2017 By Jim Killock

Automated censorship is not the answer to extremism

Digital Privacy

08 Feb 2017 By Jim Killock

Just how much censorship will the DEBill lead to?

Digital Privacy

02 Nov 2016 By Jim Killock

Facebook is right to sink Admiral's app

Digital Privacy

19 Oct 2016 By Jim Killock

Fig leafs for privacy in Age Verification

Digital Privacy

18 Oct 2016 By Jim Killock

A database of the UK's porn habits. What could possibly go wrong?

Digital Privacy

28 Jan 2016 By Jason Kitcat

E-voting won’t solve the problem of voter apathy

Digital Privacy

19 Jan 2016 By Jim Killock

Does the government want to break encryption or not?

Digital Privacy

26 Feb 2015 By Jim Killock

GCHQ is damaging businesses and the digital economy – we need your help

Digital Privacy

20 Jan 2015 By Richard King

Default censorship is wrong and unfair to Sky's customers

Digital Privacy

13 Jan 2015 By Jim Killock

What does David Cameron want?

Digital Privacy

06 Jul 2014 By Jim Killock

What Google isn’t doing with requests for search redaction

Digital Privacy

02 Jul 2014 By Pam Cowburn

ORG's Blocked project finds almost 1 in 5 sites are blocked by filters

Digital Privacy

14 Apr 2014 By Richard King

Making progress on monitoring censorship

Digital Privacy

07 Apr 2014 By Ruth Coustick-Deal

We’re making web censorship more transparent – thanks to you!

Digital Privacy

10 Mar 2014 By Ruth Coustick-Deal

Support ORG's Censorship Monitoring Project

Digital Privacy

23 Jan 2014 By Peter Bradwell

What's happening to your medical records and how you can opt out

Digital Privacy

19 Dec 2013 By Peter Bradwell

Ten recommendations to ISPs for dealing with over-blocking

Digital Privacy

13 Dec 2013 By Peter Bradwell

BT answers our questions about parental controls

Digital Privacy

11 Dec 2013 By Peter Bradwell

Important opinion about data retention due tomorrow

Digital Privacy

15 Nov 2013 By Peter Bradwell

Sky's reply to ORG on default internet filters

Digital Privacy

09 Nov 2013 By Jim Killock

Now talking is treachery

Digital Privacy

06 Sep 2013 By Jim Killock

The security services are stripping us of basic Internet security

Digital Privacy

01 Aug 2013 By Jim Killock

Diane Abbott responds on web forum blocking

Digital Privacy

31 Jul 2013 By Jim Killock

Government wants default blocking to hit small ISPs

Digital Privacy

27 Jul 2013 By Jim Killock

Who exactly is responsible for ‘nudge censorship’?

Digital Privacy

23 Jul 2013 By Jim Killock

ISPs need to explain their filtering systems

Digital Privacy

22 Jul 2013 By Jim Killock

David Cameron is issuing bad advice to parents

Digital Privacy

19 Jul 2013 By Jim Killock

ORG asks court for web blocking documents

Digital Privacy

17 Jun 2013 By Jim Killock

Jargon File blocked by O2, Youtube by Orange

Digital Privacy

13 Jun 2013 By Jim Killock

Website filtering problems are a ‘load of cock’

Digital Privacy

07 Jun 2013 By Peter Bradwell

PRISM: The FISAAA smoking gun

Digital Privacy

31 May 2013 By Peter Bradwell

What mobile internet filtering tells us about porn blocks

Digital Privacy

26 Apr 2013 By Claudia Mateus

Digital Surveillance video

Digital Privacy

21 Mar 2013 By Jim Killock

Meeting Hacked Off

Digital Privacy

20 Dec 2012 By Peter Bradwell

Confusion over parental Internet controls

Digital Privacy

17 Dec 2012 By Peter Bradwell

Another church blocked by mobile networks

Digital Privacy

12 Dec 2012 By Peter Bradwell

How the Home Office let their Minister down

Digital Privacy

30 Nov 2012 By Jim Killock

Data protection debate at MoJ

Digital Privacy

17 Nov 2012 By Jim Killock

Victory in sight: government signals climb down from “default” filtering?

Digital Privacy

01 Nov 2012 By Peter Bradwell

Getting the facts straight in the parental controls debate

Digital Privacy

18 Jul 2012 By Jim Killock

Snooper's Charter: a Bill without a proposal

Digital Privacy

13 Jun 2012 By Peter Bradwell

Update on reported BT block of Black Triangle campaign website

Digital Privacy

28 May 2012 By Peter Bradwell

Reporting ‘over-blocking’ to mobile operators

Digital Privacy

18 May 2012 By Peter Bradwell

New reports of overblocking on mobile networks

Digital Privacy

04 May 2012 By Peter Bradwell

Peace advocates’ website is blocked as porn on UK mobile networks

Digital Privacy

01 May 2012 By Jim Killock

What they want is control

Digital Privacy

15 Feb 2012 By Alessandra Cappuccini and Gemma Craggs

Orange UK blocking La Quadrature du Net

Digital Privacy

31 Jan 2012 By Jim Killock

Protecting Internet users from tracking and profiling

Digital Privacy

23 Jan 2012 By Peter Bradwell

UK Mobile operators censor privacy tool ‘Tor’

Digital Privacy

01 Nov 2011 By Peter Bradwell

Joint letter to the Foreign Secretary

Digital Privacy

11 Oct 2011 By Jim Killock

ACTION: Repeal Web Censorship!

Digital Privacy

24 Jun 2010 By Jason Kitcat

ORG at Hansard debate: Why can’t I vote at my ATM?

Digital Privacy

17 Jun 2010 By Jim Killock

Summary Health Care records: failing and dangerous

Digital Privacy

20 May 2010 By Jason Kitcat

Changing the way we vote

Digital Privacy

08 Dec 2009 By Jason Kitcat

London e-counting: Boris doesn’t want to know

Digital Privacy

07 Jul 2009 By Michael Holloway

There's no excuse for industrial-scale snooping

Digital Privacy

06 Jul 2009 By Jim Killock

BT's decision to ditch Phorm is a victory for privacy

Digital Privacy

29 Jun 2009 By Jim Killock

Lobbying and public policy

Digital Privacy

28 Apr 2009 By Jim Killock

Phorm and the Home Office: cold comfort to citizens

Digital Privacy

17 Apr 2009 By Jim Killock

Goverment announces RIPA review in wake of EU threat

Digital Privacy

17 Apr 2009 By Jim Killock

Wikipedia blocks Phorm

Digital Privacy

15 Apr 2009 By Jim Killock

Open Rights Group welcomes decisions to block Phorm

Digital Privacy

14 Apr 2009 By Jim Killock

EU Commission moves against UK Government and Phorm

Digital Privacy

25 Mar 2009 By Jim Killock

Telecom Package in second reading – dangerous amendments?

Digital Privacy

17 Dec 2008 By Becky Hogge

Who's been losing your data?

Digital Privacy

27 Oct 2008 By Becky Hogge

No e-voting in next year's elections

Digital Privacy

30 Sep 2008 By Becky Hogge

4 good reasons not to take part in the BT Webwise trial

Digital Privacy

19 Sep 2008 By Becky Hogge

What BERR want from Phorm – and what we think they’re missing

Digital Privacy

29 Jul 2008 By Becky Hogge

Next election for Mayor of London to be counted manually?

Digital Privacy

18 Jul 2008 By Jason Kitcat

London Assembly Elections Review Committee – who would want to steal an election?

Digital Privacy

25 Jun 2008 By Glyn Wintle

HMRC “Datagate” verdict: further data loss “a distinct possibility”

Digital Privacy

19 May 2008 By Glyn Wintle

Scottish Affairs Committee recommendation on e-Counting

Digital Privacy

06 May 2008 By Becky Hogge

Thanks to all ORG Election Observers!

Digital Privacy

28 Mar 2008 By Becky Hogge

ORG and FIPR meet with Phorm

Digital Privacy

17 Mar 2008 By Becky Hogge

Phorm update

Digital Privacy

22 Jan 2008 By Becky Hogge

Devote Your Day to Democracy #2: London elections

Digital Privacy

15 Nov 2007 By Becky Hogge

Electoral Commission: “e-voting not a mature technology”

Digital Privacy

13 Nov 2007 By Becky Hogge

Open Rights Group dismayed by Ministry of Justice response on e-voting

Digital Privacy

24 Oct 2007 By Jason Kitcat

Gould Review on Scottish Elections Published

Digital Privacy

03 Sep 2007 By Becky Hogge

Gordon Brown at the NCVO: e-Voting off the agenda?

Digital Privacy

29 Aug 2007 By Michael Holloway

Should we trust electronic elections?

Digital Privacy

02 Aug 2007 By Becky Hogge

ORG welcomes Electoral Commission recommendation to halt pilots

Digital Privacy

29 Jun 2007 By Becky Hogge

Watch launch of ORG's e-voting report

Digital Privacy

20 Jun 2007 By Jason Kitcat

ORG Election Report highlights problems with voting technology used

Digital Privacy

08 May 2007 By Jason Kitcat

A big ORG thank you to our Election Observers

Digital Privacy

04 Apr 2007 By Becky Hogge

ElectionWatch 2007 – ORG goes north of the border

Digital Privacy

23 Mar 2007 By Becky Hogge

Footage from February e-voting events now online

Digital Privacy

23 Mar 2007 By Becky Hogge

ORG Election Watch 2007: Registration Pack now online

Digital Privacy

07 Mar 2007 By Becky Hogge

Election Watch 2007 – Devote your day to democracy!

Digital Privacy

07 Feb 2007 By Becky Hogge

South Warwickshire clinicians sharing smart cards

Digital Privacy

29 Jan 2007 By Jason Kitcat

May 2007 e-Voting Pilots Announced

Digital Privacy

16 Jan 2007 By Michael Holloway

Taking the lid off e-voting

Digital Privacy

13 Aug 2006 By Glyn Wintle

Freedom of Expression – China's Internet

Digital Privacy

27 Jul 2006 By Glyn Wintle

Consultation on penalties for breaching the DPA

Digital Privacy

21 Jul 2006 By Glyn Wintle

Public meeting on RIPA consultations

Digital Privacy

13 Jul 2006 By Glyn Wintle

Information Commissioners annual report

Digital Privacy

06 Jul 2006 By Suw Charman Anderson

What do businesses know about you?