Photo courtesy of The Citizen

On September 18, the government gazetted a Bill titled Online Safety to establish the Online Safety Commission and to regulate certain contents from the online spaces. Amid the heightened attention, discourse and criticism on the Bill, it was tabled in parliament on October 3.

At this juncture it is pertinent to compare and contrast the essence and purpose of the Sri Lankan Bill with the Online Safety Billof the UK passed by their parliament last month and at the moment awaiting the royal assent. From the outset, the UK Bill is sponsored by the Department of Digital, Culture, Media and Sport while the line ministry for the Sri Lankan Bill is the Public Security Ministry although Sri Lanka has two separate ministries for mass media and digital technology. The removal of these two ministries from the picture is a questionable undertaking given that the Bill claims to ensure online safety. In the current context of the Sri Lankan Bill, the tasks assigned to the minister such as appointing experts on information technology to conduct investigations (Section 37), the retention and interception of data and information including traffic data for investigations (Section 39 (2)) and overall making of regulations under the Act (Section 54) will be executed by the Minister of Public Security without any involvement of the media and technology related ministries. As the UK Bill is an extensive document, few key features of it will be discussed in the article to embody how certain serious concerns highlighted in the Sri Lankan Bill can be addressed and tackled.


It is not wrong to consider the most perilous features of any law to be overbreadth and vagueness because of the lack of definitions. While many Sri Lankan legislations have faced this plight, the Online Safety Bill is yet another prime example. For an instance, Section 3 (a) of the Lankan Bill states that an objective of the Bill shall be “to protect persons against damage caused by communication of false statements or threatening, alarming or distressing statements”. These terms are used again in Section 22, which is part of the prohibited statements, to define harassment where it states; “Harassment means an act or behaviour which has the effect of threatening, alarming or distressing a person or violating a person’s dignity or creating an intimidating, degrading, hostile, humiliating or offensive environment or, which has all such effects”. The words threatening, alarming and distressing remain undefined, allowing for interpretation according to whims, fancies, political targeting and other agendas. Words such as intimidating and offensive are vague terms that cannot remain undefined in a legislation. A statement that is hilarious to one could be distressing and offensive to another and, thereafter in this case, to the Online Safety Commission. Aspects such as the context, intent and extent are paramount in determining whether certain online content should be prohibited and its publishers should be penalised.

Another example is in Section 36, which is on counteracting inauthentic online accounts and coordinated inauthentic behaviour. Coordinated inauthentic behaviour is defined to be “coordinated activity carried out using two or more online accounts, in order to mislead the end users in Sri Lanka of any internet intermediary service as to any matter but excludes any activity carried out using online accounts – (a) that are controlled by the same person; and (b) none of which is an inauthentic online account or is controlled by a bot”. In this context would using a filter to alter your appearance on Instagram and someone being distressed or offended by it become subjected to this provision? As such the Bill has several ambiguities and one cannot reasonably comprehend the legislative intention and positive purpose of incorporating them.

The UK Bill has been meticulous and precise in defining the terms used. Drawing parallels, while there is no indication of terms such as distressing, intimidating or offensive, the Bill has included the “threatening communications offence” in Section 162. The threshold of threatening requires the message conveyed to be a threat of death or serious harm, and at the time of sending it, the person – (i) intended an individual encountering the message to fear that the threat would be carried out, or (ii) was reckless as to whether an individual encountering the message would fear that the threat would be carried out. Serious harm under this section is defined to be (a) serious injury amounting to grievous bodily harm within the meaning of the Offences against the Person Act 1861, (b) rape, (c) assault by penetration within the meaning of section 2 of the Sexual Offences Act 2003, or (d) serious financial loss. It is apparent that the definition has set out an overt and a high threshold that cannot be misused in executing powers under the law. Thereby a commendable feature of the UK Bill is that clear definitions are consistently provided to terms that can be deemed to be vague or overbroad, minimising the space for abuse of power.

Duties towards human rights and democracy

The Online Safety Bill of Sri Lanka is completely silent on protecting rights and democratic freedoms, particularly the freedom of expression, when ensuring online safety. The very use of certain terminology such as offensive, distressing and intimidating and the lack of definitions inherently violate the freedom of speech and expression as it has conferred unfettered abilities to the Commission, appointed by the executive president, to penalise such publishers. The UK Bill, on the other hand, consists of certain prominent and necessary features to balance freedom and safety. The Office of Communications (OFCOM) that is the regulatory body under the Bill and defined types of service providers are conferred lengthy sets of duties including but not limited to duties about freedom of expression and privacy, duties to protect content of democratic importance, duties to protect news publisher content and duties to protect journalistic content in order to accept and ensure that rights and freedoms are not threatened when regulating online spaces. Under Section 18, duties about freedom of expression and privacy are identified as cross cutting duties where under this section, service providers are mandated to maintain impact assessments and publish them, noting the impact of their safety policy and measures on expression such as journalistic and news publisher content.

Several provisions direct the OFCOM to protect freedom of expression and privacy where in Section 69 OFCOM must consult individuals that OFCOM consider to have expertise in equality issues and human rights particularly freedom of expression and right to privacy when producing transparency report guides, which guide the service providers to produce a report about their service. Under Section 144, OFCOM’s report for each financial year must contain a statement about the steps they have taken and the processes they operate to ensure that their online safety functions have been exercised in that year compatibly with freedom of expression and right to privacy. While the UK Bill includes several other provisions in to serve this purpose, it is daunting but unsurprising to see the Sri Lankan Bill devoid of any imposing of duties and actively protecting democratic rights and freedoms.

Protection of the child

Including the press release issued by the Human Rights Commission of Sri Lanka on October 2, many entities have praised the Bill for its inclusion of child abuse through online means. However, the perusal of similar legislations including the UK Bill indicates that the Sri Lankan Bill has vast potential to enhance child protection, particularly to adopt preventative mechanisms. Section 22 of the Sri Lankan Bill has codified the child abuse by any person in or outside Sri Lanka, in online spaces to be an offense liable to imprisonment for a term not exceeding twenty years or to a fine, or to both such imprisonment and fine, and to compensate the children affected. In contrast, the UK Bill has in length catered to child protection with children’s risk assessments, safety duties to protect them, children’s access assessment and provisions on reporting child sexual abuse exploitation and abuse content. These preventative measures such as risk, access and safety assessments are critically important in ensuring overall online safety, as in the cyberspaces tracking perpetrators is a commonly faced hardship. Therefore when the Bill is titled Online Safety, it should proceed to these lengths and mechanisms in a holistic manner rather than providing surface level solutions.

The concentration of powers on the president particularly regarding the Online Safety Commission and its appointments, depriving the commission of its independence is another key issue under the Bill that has been brought to the attention by many entities repeatedly. It is evident that the proposed Online Safety Bill of Sri Lanka is miles behind from being an instrument truly aspiring to make the online spaces a safer place. It is predominantly a dangerous undemocratic tool that can hinder human rights, especially the freedom of expression, victimise individuals and unleash hidden agendas. This is not an attempt to praise the UK Bill as there are suggestions in place for this instrument as well. However being a contemporaneous legislation it is undeniably much advanced and multifaceted in its comprehension and mechanisms in place to ensure online safety both protectively and preventatively. Therefore, the Sri Lankan lawmakers should take all measure possible to provide a comprehensive and a well-founded instrument focused on protecting the public and not another Trojan horse.