Skip to main content

How should we tell people what we’re doing?

Contents

Data protection law requires you to inform people that you are processing their personal information. You must tell people about:

  • how you use their information;
  • what decisions you make using their information; and
  • how they can exercise their data protection rights.

Transparency in your use of people’s personal information is closely linked to fairness. Your processing is unlikely to be fair if you do not provide people with information about it. 

Regardless of the type of content moderation you use, if your systems are processing personal information, then you must tell users:

  • why you are using their personal information;
  • what lawful basis you are using for processing;
  • what types of personal information you are using;
  • what decisions you are making with the information and how it impacts their use of your service;
  • whether you keep personal information used or generated by your systems and for how long;
  • whether you share their personal information with other organisations; and
  • how they can exercise their data protection rights.

You must provide information to users in a way that is accessible and easy to understand. This is particularly important if your service is likely to be accessed by children.

If your content moderation involves solely automated decision-making based on personal information that has a legal or similarly significant effect on the people involved, then you must explain:

  • that you use automated decision-making processes;
  • what information you use;
  • why you use it; and
  • what the effects on them might be.

(See the section on ‘What if we use automated decision-making in our content moderation?’ for more information.)

Under the OSA, providers of regulated user-to-user services are required to include provisions in their terms of service giving information about any proactive technology they use for complying with the illegal content safety duties or the safety duties for the protection of children. This includes providing information about content identification technology.  

As well as complying with the information requirements of the OSA, you must comply with your transparency obligations under data protection law. Please consult Ofcom guidance for more information about your obligations under the OSA.

Further reading