There has never been a clear and widely accepted definition for online safety that identifies what it is – and who (or what) it is for. As a result, there has a been a wide variation in practices under the online safety banner, and an equally wide variation in their quality. When you are trying to attract people to an industry or explain the cause, it is important to use a consistent explanation. This article provides a possible definition alongside an explanation and explores the foundations of a thriving community and profession.
An overview
As someone who has worked in the online safety space for nearly two decades, I have seen the full spectrum of what happens on the internet and I am often asked to explain what online safety is. Over the years, I’ve provided versions of the following:
“Internet safety, also known as online safety, cyber safety and electronic safety (e-safety), refers to the policies, practices and processes that reduce the harms to people that are enabled by the (mis)use of information technology.”
I recently added this definition to the Wikipedia page for Internet Safety – a page originally created in 2006.
I was motivated to do this as a starting contribution towards developing online safety industry standards, measuring the impact of our collective efforts, and coordinating activity – and building a community. This is activity that the OSX would like to focus more on in 2024, and we hope you’ll join us.
The New Definition
The Wikipedia page now opens with the aforementioned definition. The previous definition was “…the act of maximizing a user’s awareness of personal safety and security risks to private information and property associated with using the Internet, and the self-protection from computer crime.”
The existing definition didn’t reflect the multidisciplinary, multistakeholder nature of today’s online safety activities. You only need to look at the work undertaken by eSafety Australia, the growth of the safety technology industry, or Ofcom gearing up to implement the UK Online Safety Act to know that online safety has moved on significantly from a time when it was simply about “maximising user awareness”.
1: Start with people
The mission for the online safety community is surely to enable every person to be safe online. I say ‘enable’ and ‘every person’ very deliberately in that statement. Online safety should be done for, not to people. Every person has their own unique needs, experiences, skills and resources – and effectively supporting them to be safe requires us to recognise and respect that.
By specifying “to people”, we also help to differentiate online safety from its partner disciplines of cyber-security (protecting systems), cyber warfare defence (protecting states or organisations) and even trust and safety which is typically defined as the processes of creating trustworthy environments.
2: Add technology
At the end of the definition is the most obvious requirement. There must be some involvement of information technology for something to fall within the online safety remit.
3: Focus on harm reduction
Reducing harm is at the heart of online safety and it should be the key metric by which the effectiveness of online safety interventions are measured.
Harm can be experienced psychologically (emotionally), physically, and/or financially. It can also be experienced indirectly through a loss of opportunity or a reduction of rights which may not be immediately felt, and difficult to quantify. Nevertheless, if that harm is enabled by the use or misuse of technology – it should be included.
Some harms are the product of complex societal challenges that exist as much offline as online. This raises an interesting question about the remit of online safety. In some cases – safety online cannot be achieved if those bigger societal issues are not. Nevertheless, I do not think resolving those issues lies within the online safety remit. Rather, effective online safety recognises the way those challenges impact people’s lives and experiences, and then provides the right tools and support for that person in that context.
4: Use a range of tools
Online safety risks and challenges exist in a complex environment at the intersection of technology and society. That complex environment has multiple potential points of intervention. If there is a science of online safety, it is knowledge about which of those potential levers to pull, and when.
Harm can be reduced by proactively reducing the likelihood of harmful incidents occurring, building resilience in advance of incidents occurring, and by reactively reducing the impact of the harmful incidents that do occur.
At the OSX we categorise the various tools used in the practice of online safety into the Unify Framework of: Education, Enforcement, Engineering, Empowerment, Economics, Emergency, and Evaluation. I summarised that down to policies, practices and processes to keep the definition succinct.
5: Understand the role of technology
In one sense, every challenge we are addressing today in online safety existed before information technology. Things like bullying, misinformation, scams, and grooming clearly predate the internet. From another perspective – information technology has created a whole new set of ways to cause harm. For example, we now have cyber-bullying, online scams, misinformation via social media, and online grooming.
The thing that the online safety issues share in common is not simply that they exist on technology, it is the impact technology has on them. Understanding how technology evolves and empowers challenges (and therefore how we can respond) is at the core of online safety knowledge.
6: Mix in some Mis(use)
Online Safety is about the intersection of technology and people. Perhaps we’ll be reviewing this in a few years as AI advances – but for now the definition assumes that at some point it is a human that takes an action that causes harm. That action could be taken by a user of a platform, or during the design or development of a new product or system. At some point, somebody takes an action that results (directly or indirectly) in harm.
That misuse is not all deliberate. In many cases, harm is caused by mistake(s) rather than anything malicious. There may also be ways in which we are using technology as intended that we will later recognise to be harmful.
Join in
We’re keen to hear opinions or ideas on our definition of online safety. We’re also keen to help develop the online safety community, and on working with that community towards establishing an online safety profession. If that sounds like something you’d want to be a part of – join us.
