Letter - Minister for Sustainable Economic Development to CEHA (Online Harms) - 31 March 2025

19-21 Broad Street | St Helier Jersey | JE2 4WE

By email

31st March 2025 Dear Chair,

Online Harms

Thank you for your letter of 17th March in which you ask a number of questions relating to the your Panel's ongoing review into the protections from online harms available to children in Jersey. We have set out answers to each of your questions below in turn:

Digital Economy policy

1. Please can you outline the priorities and objectives of the Digital Economy Programme?

In the digital space, the 2025 Business Plan for the Department for the Economy [1]includes the intention to explore options to provide Islanders with the necessary legislation to remove unlawful or intimidating content from online spaces; the implementation of a proportionate telecoms security framework for Jersey and the development and delivery of the draft Cyber Security (Jersey) Law.

2. Can  you  describe  how  the  policy  development  for  the  Digital  Economy  Programme considers online safety for citizens in Jersey?

Online safety is currently being addressed by legislative projects in three areas:

With view to the growing use of social media, we consider the effective and fast removal of intimidating content and pictures, an area of increasing importance. We are committed to providing Islanders with a robust legislative protection. This is a major concern of legislators from around the world and several other jurisdictions have recently adopted legislation addressing this issue. We are looking to build our local legislation on the best examples from around the world and combine that with an enforcement system that provides faster relief to victims of online harms. For example, we are looking at this through amends to the data protection framework for Jersey.

The implementation of a proportionate telecoms security framework for Jersey, following the adoption of the Telecommunications Law (Jersey) Amendment Regulations 2024, will ensure Jersey maintains and enhances its reputation as a globally connected and trusted place when it comes to online connectivity.

The development of the draft Cyber Security (Jersey) Law 202- which formally establishes the cyber emergency response capability for the Island, the Jersey Cyber Security Centre (JCSC), integral to strengthening Jersey's national cyber resilience and international reputation.

3. Please could you describe any work that has been done, or is planned, as part of the Digital Economy Programme to consider suitable protection for the public, particularly children, from online harms?

Generally, laws are written to be universally applicable to all citizens. In areas of particular relevance to children, special attention is being paid that reflect the needs of children. In this respect, the Data Protection (Jersey) Law 2018 has strengthened the rights of young people, as it allows all Islanders to withdraw previously given consent to the processing of personal data concerning them.

That right is relevant, in particular where the data subject has given his or her consent as a child and was not, at the time, fully aware of the risks involved by the processing, and later wants to remove such personal data, especially on the internet. The data subject is able to exercise that right notwithstanding the fact that he or she is no longer a child.

We are looking at ways of using this legislative framework to better exercise the rights of data subjects, including those of children, providing further protection in an increasing digital world.

4. Minister, in the public hearing with the Panel on 4th October 2024 you highlighted the importance of freedom of expression on the internet. In your opinion, how should the right to access information be balanced with protection from harmful information or materials?

Freedom of expression is a fundamental human right and a precondition for a functioning free and democratic society. Digital media, including social media, have primarily contributed to guarantee this right, as they allow citizens to acquire information and different opinions.

As part of the discussions on how to counter hate speech, the United Nations has concluded that freedom of expression must be the norm. Therefore, any restrictions must be an exception and seek to prevent harm and ensure equality or the public participation of all. We have criminal laws in place that determine which material is forbidden to be viewed online.

a.  Should there be any additional protection in place for children and young people and, if so, how could this be achieved?

We are following current activities in the UK and in the EU who are looking for ways to introduce a robust age verification of users, that cannot be easily circumvented and does not oblige internet users to give away unnecessary personal information when they are online.

5. Minister, in the public hearing with the Panel on 4th October 2024 you confirmed that the Government of Jersey undertakes regular consultation and receives representations from external parties and industry about digital policy and the digital economy strategy. To what extent has feedback been provided about how the Government should approach further legislation or regulation of online spaces or digital technologies?

Both Ministers and the Department for the Economy engage with key stakeholders in the form of regular meetings and discussions.

As an example, in preparation for the upcoming Digital Economy Strategy, we have reached out to a broad range of associations and businesses. This included six roundtable discussions with stakeholders and a six-week public consultation period with further individual and small group consultations. Amongst those who attended were representatives of Digital Jersey, Jersey Business, regulators, businesses, investors, and educators. Topics included: support for digital adoption, digital skills & training, support for start-ups and scale-ups, support for Jersey business, making the most of Jersey's data assets, and the future regulatory environment for technology.

Policy officers regularly meet with regulators on-Island, such as JOIC, and legislators and regulators off island. This includes the European Commission, the European Data Protection Board, the UK government, or Ofcom to keep our legislation up to date with international developments in this ever-evolving legislative field.

All such input is fed back into the policy development process to develop a balanced, yet business friendly, and trusted regulatory environment.

Legislation

6. Please can you provide the Panel with a copy of the analysis you received in November 2022 (and any other relevant documentation) which was used to inform your decision to reject the permissive extent of the UK's Online Safety Act for Jersey.

We strongly believe that as a self-governing dependency of the Crown, it is imperative that Jersey remains responsible for its own legal and regulatory frameworks and that the States Assembly develops, debates and provides oversight of legislation whenever it is able to do so. This ensure that legislation is proportionate and right-sized for Jersey and can be amended by the States Assembly.

7. In the public hearing with the Panel on 4th October 2024 you outlined the advantages of Jersey pursuing its own legislation for online safety. Can you outline what disadvantages, if any, have been identified?

The paramount issue is that Jersey retains the ability to adapt and adopt legislation focused on meeting the needs of Islanders and proportionate to Jersey. If we had adopted a permissive extent clause for the UK Online Safety Act 2023, the law would be enforced by Ofcom, the British regulator and thus beyond our sphere of influence and beyond oversight from the Government of Jersey or States Assembly.

Furthermore, it was foreseeable at the time that the UK Online Safety Act 2023 would become a very complex law and difficult to apply in practice. It would therefore have lacked the adequacy and proportionality necessary for Jersey, especially when it comes to providing concrete relief for individual Islanders.

8. At the public hearing on 4th October 2024 the Panel heard that Jersey would develop its own legislation relating to aspects of online safety. What can you tell us about Government progress to pursue legislation for online safety in Jersey?

Addressing online harms is a cross-ministerial issue, with policy and relevant legislative and regulatory amends cutting across four Ministerial portfolios. When it comes to legislation addressing online harms, the initiatives of the Department for the Economy and the Justice and Home Affairs Department are complementary. The Department for Justice and Home Affairs is focusing on criminal law that is focussed on avoiding clearly illegal activities, our ministry's responsibility is to set rules that make the usage of the internet safe and protect Islanders' rights.

a.  Please can you confirm if there will be a separate / specific piece of legislation, or if it will be solely dealt with through amendments to existing legislation, such as the Telecommunications (Jersey) Law 2002, etc?

The Department for the Economy's work will be updating Jersey's existing laws.

The Panel will recall that the telecoms security framework was lodged in the form of amendments to the Telecommunications (Jersey) Law 2002 and we are preparing legislation to empower citizens to more effectively request the removal of pictures and other personal data through amendments to the Data Protection (Jersey) Law 2018.

For the effective protection against various forms of cyber-attacks, however, new legislation is deemed necessary, which will be presented to the States Assembly as the draft Cyber Security (Jersey) Law 202-.

9. Will Jersey legislate to provide protection for children from harmful content that is not illegal (for example violence, hate speech, or requiring age assurance to prevent children accessing pornography)?

There is consensus across Government that children should not have access to material that is not age appropriate. This concerns, besides the issues mentioned by the Panel, areas such as online gaming, drugs and alcohol.

We are following current activities in the UK and in the EU who are looking for ways to introduce a more robust age verification process of users. Current age verification processes can be easily circumvented and provide parents with a false sense of security.

10. The Data Protection (Jersey) Law 2018 states that a child under the age of 13 may not give valid consent to the processing of their personal data by a controller for the purposes of an information society service. Please could you provide the Panel with some further details about this and explain what practical protection, if any, it provides Jersey children from online harms?

This provision requires that consent to the processing of a child's data is given by the holder of parental responsibility over the child if that child is under the age of 13. In practice this means that children under the age of 13 cannot dispose of their data rights on their own. The provision is in line with the corresponding provision in Art 8 of the EU's General Data Protection Regulation. [2]

The aim of this provision is not to alter contract law, such as the rules on the validity, formation or effect of a contract in relation to a child, or the rights stipulated in the Capacity and Self- Determination (Jersey) Law 2016.

Technology

11. We understand from the Minister for Justice and Home Affairs that the takedown and data management of on-line material relies on arrangements and discussions with service providers, and that this is in your area of responsibility. Please could you share some more information about how this works in practice?

The handling of a takedown request depends on the legal basis upon which such a request is being made.  

If the request is based upon the Data Protection (Jersey) Law 2018, an amicable resolution request, a complaint or an enquiry would be handled by the Jersey Office of the Information Commissioner (JOIC). JOIC can, as part of its investigations, require information from service providers, for example to obtain the IP address of an uploader.

If the aim was to remove a homepage registered in Jersey, Channelisles.net, the responsible domain registration entity, would take that homepage down in accordance with the provision set out in Art 15 of their Terms and Conditions for Domain Name Registration [3](GG/JE).

12. What relationship does the Government of Jersey have, if any, with big tech companies (such as Google) or social media platforms and what confidence do you have that they would ensure their platforms were suitable for the domestic law in Jersey?

The Government of Jersey  has occasional meetings with bigger tech companies; JOIC has developed structured relations with these platforms, to facilitate enforcement of the Data Protection (Jersey) Law 2018.

Additionally, we are in regular contact with other legislators or enforcement bodies in other jurisdictions, to better understand how platform related legislation is being enforced in practice and how platforms ensure compliance.

13. Please could you describe the extent that the Government of Jersey has built relationships with law making and enforcement bodies in other jurisdictions (for example Ofcom)?

Policy officers have regular meetings with legislating and regulating bodies from various jurisdictions. More recently, the focus was on those bodies applying newly applicable legislation in data protection, digital services, digital markets regulation and privacy.

- For UK, this includes various departments of the UK Government and Ofcom, the UK online regulator;

- In the EU these included the Commissioner for Justice, the Directorate General Justice and Consumers of the European Commission responsible for data protection and data adequacy, the Directorate General Networks, Content and Technology, responsible for the application of the Digital Services Act and for the AI Act, the European Data Protection Board;

- In Australia the Office of the E-Safety Commissioner and the E-Privacy Commissioner.

Furthermore, we will continue to develop our conversations on various aspects of digital policy with the new Chair of the Data Protection Authority, a former data commissioner of Britain and British Columbia.

Relationships on behalf of the jurisdiction are also managed through JOIC, for example with the UK Information Commissioner and with the UK National Cyber Security Centre, through the Jersey Cyber Security Centre. The Channel Islands Brussels Office (CIBO) has built strong European links in the digital space, including with other data adequate third-party jurisdictions and with the EU Commission.

14. Other jurisdictions have brought in legislation to prevent illegal and harmful activities online (e.g. the Online Safety Act in the United Kingdom, or the Digital Services Act in the European Union). Is there a risk that Jersey-based users could be classed as a "rest of the world" category when accessing certain websites?

a.  Please could you provide the Panel with details about how this aspect has been assessed in your response.

Technically speaking, most platforms provide a generic product that is then adapted for the legislation in certain jurisdictions. In essence, that means that certain content gets blocked or additional provisions in the service agreements are required for the IP addresses of certain regions.

In some cases, however, platforms decide not to offer certain services in jurisdictions if they consider legal risks too high or do not consider it worth dealing with local laws if the market opportunities are too small.

The introduction of the Data Protection (Jersey) Law 2018, put Jersey in the same camp as the EU. We will continue this path by adapting Jersey's legislative framework to follow best practice in other jurisdictions. This helps maintain a workable environment for digital companies.

15. Please can you describe whether the Government of Jersey has undertaken any research or work to assess the impact of algorithms for internet users on Island?

There have not been studies undertaken specifically on this subject. It is worth mentioning that social media algorithms are not public. Such a study would require considerable resources and results would likely not differ greatly from studies conducted on behalf of other institutions in much larger jurisdictions, such as by the European Parliament. [4]

16. How is the Government of Jersey ensuring that it keeps pace with developments in other jurisdictions relating to digital technologies and cyber security?

As mentioned, policy officers are regularly meeting legislators and regulators from other jurisdictions in their respective fields, especially to collect best practices for effective digital legislation.

As previous mentioned, JOIC has developed relations with other data regulators from around the world in their respective field. For the new Jersey Cyber Security Centre, the draft Cyber Security Law  202-  specifically  addresses  international cooperation,  stating  that  JCSC  must  represent Jersey's  cyber  security  interests  in  Jersey  and  internationally,  including  by  participating  in international co-operation networks including the CSIRTs network.

We hope the above information provides clarity to the areas you have raised. Yours sincerely,  

Deputy Kirsten Morel   Deputy Moz Scott

Minister for Sustainable Economic Development  Assistant  Minister  for

Sustainable  Economic Development

[1] https://www.gov.je/SiteCollectionDocuments/Government%20and%20administration/Department%20for%20the%2 0Economy%20Business%20Plan%202025.pdf

[2] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679

[3] Registration Agreement :: Channel Isles: The Islands' Domain Names

[4] https://www.europarl.europa.eu/stoa/en/document/EPRS_STU(2019)624249