+44 (0) 121 582 0192 [email protected]



The enactment of the UK Online Harms Bill has ushered in a new era of digital responsibility, demanding heightened vigilance from businesses worldwide. As the Owner and CEO of Formiti Data International Ltd, I recognise the criticality of understanding and adhering to these regulations for any enterprise processing data within the UK. This article explores the essential steps for compliance, especially focusing on the aspect of parental consent, and how these regulations align with the UK GDPR.


Decoding the UK Online Harms Bill

Enacted on 26th October 2023  the UK Online Harms Bill targets companies that manage user-generated content or enable online interactions. It’s designed to combat harmful online content, impacting a wide range of platforms from social media to e-commerce sites.


In-Depth Compliance Essentials for Companies

Complying with the Online Harms Bill entails:

  1. Rigorous Risk Assessments: Regular, detailed evaluations of potential risks posed by harmful content on your platforms are necessary. This involves analysing the type of content and the extent of its impact.
  2. Robust Safety Measures: Developing and implementing advanced technologies and procedures to identify, flag, and remove harmful content efficiently is key. This includes the use of AI-driven content moderation tools and human oversight.
  3. Clear and Transparent Policies: Your terms of service must clearly outline measures taken to combat online harms. This transparency extends to reporting mechanisms, ensuring users understand how to report harmful content and what actions will be taken.
  4. Parental Consent Protocols: For platforms accessible to children, the Bill underscores the importance of parental consent. Companies must establish verifiable methods to obtain consent from parents or guardians when processing the personal data of children, in alignment with UK GDPR’s requirements on children’s data.
  5. Responsive Complaints Procedure: Implement a user-friendly system for complaints related to online harms, ensuring prompt and effective responses.


Balancing with UK GDPR

The UK Online Harms Bill and UK GDPR intersect significantly, especially concerning data privacy and protection of minors. Parental consent under the GDPR is a critical aspect, requiring companies to take extra precautions when processing data of individuals under the age of 18. The Bill reinforces this, demanding stringent verification of age and consent, thus ensuring both online safety and data protection.


Scope for International Companies

For international companies, compliance isn’t just a local requirement but a global imperative. The Bill’s jurisdiction extends to any company serving UK users, meaning global operations must integrate these regulations into their international compliance strategies.

Steps Toward Full Compliance

  1. Educate and Train Staff: Ensure your team understands both the UK Online Harms Bill and UK GDPR, with a focus on areas like parental consent.
  2. Technology Investment: Invest in technology that can detect harmful content and verify age and consent where required.
  3. Expert Consultation: Seek guidance from data protection and legal experts to navigate the complexities of these regulations.



The UK Online Harms Bill represents a significant step in online safety and data protection. Understanding and integrating its requirements, especially regarding parental consent, is crucial for businesses operating globally. By embracing these regulations, companies not only comply with the law but also demonstrate a commitment to digital responsibility and user safety.