Social media platforms and other preventative measures
This chapter examines how cyberbullying could be addressed other than
through criminal offences. It examines the evidence the committee received
social media platforms, including their policies, procedures and
education and prevention initiatives.
The policies, procedures and practices of social media platforms
As discussed in Chapter 2, the committee heard a great deal of evidence
about the concerning prevalence of cyberbullying, and the significant harm it
can cause to victims and those around them.
Several submitters posited that social media platforms have a role to
play in addressing cyberbullying.
Some submitters also reported that social media platforms sometimes respond to
complaints slowly or inadequately.
For instance, Ms Jenna Price, Committee Member, Women in Media,
Sometimes you can complain about something that has happened
to you on social media and it takes days. It depends. If your group has a
strong connection with Facebook in Sydney, you can get help, but that's not
available to everybody and sometimes it's not available even to the people who
already have established that relationship...And then if they don't agree with
you then you have to appeal, and that takes more time, and in the meantime your
image, in whatever version it is, has been plastered all around the internet.
The committee heard evidence from Facebook, Instagram, and the Digital
Industry Group Incorporated (DIGI). Each of these organisations highlighted that
social media platforms operate under terms of service or 'Community Guidelines'.
DIGI further explained that:
...across the industry, we have:
policies that prescribe how old you must be to use our services
policies that outline what can and cannot be shared via our
tools that allow any of the millions of people who use our
services to flag content to us that may violate our policies;
we invest in tools that can provide additional protections for
we invest in a reporting infrastructure that allows us to
promptly review and remove any such content.
The Law Council of Australia (Law Council) raised a number of issues
with the operation of Facebook's 'Statement of Rights and Responsibilities'
(Statement). These included whether an Australian minor is capable of agreeing
to the Statement, and therefore whether the Statement is legally binding.
Facebook submitted that '[o]ur content policies have been developed with
the goal of allowing people to expressly themselves freely whilst also ensuring
that people feel safe and respected.'
Ms Nicole Buskiewicz, Managing Director at DIGI, argued:
We have an interest, as an industry, to ensure that the
online space is a safe and respectful place. We want to ensure that people who
are using our services are having a positive experience online.
The committee also heard that social media platforms are implementing
specific tools to improve safety for users. Ms Julie de Bailliencourt, Head of
Global Safety Outreach at Facebook, stated that '...the way technology is
evolving is exciting and offers a lot of possibilities that will help
complement the notice-and-take-down system...'.
Ms de Bailliencourt provided some examples, including that Facebook checks 80 data
points when a new account is created to identify whether or not it is a fake.
She also stated that:
...we have recently launched, in December, two anti-harassment
tools, one in Messenger and one on Facebook, that will basically leverage the
signal that we get from you. So, if you were blocking somebody on Facebook, and
if we had any indication that this person had created, let's say, a new account
or a similar, duplicate account, with the view to harass you, we have
established with high certainty that we can block those other accounts without
you having to do anything. We call this the super-block.
The role of the eSafety Commissioner
As discussed in Chapter 1, the eSafety Commissioner has various powers to
address cyberbullying material targeting an Australian child. The eSafety
Commissioner explained that:
[a]s an office, we also work closely with social media sites
to get the cyberbullying material taken down. Thus far, we've had a 100 per
cent compliance rate and so have not had to use our formal powers. And we are
reaching out proactively to a broad range of online services and app providers
to make sure that they're in compliance with the scheme.
The Office of the eSafety Commissioner (eSafety Office) submitted that
'[o]n balance, the Commissioner considers that the policies, procedures and
practices of the large social media services to address cyberbullying are working.'
However, it also submitted that its role '...is to offer a safety net when a
social media services does not consider a report made to them under their
As the eSafety Commissioner explained:
...it's written into the provisions that the child, or the
parent or guardian must report to the social media sites initially. As Nicole
[Buskiewicz, Managing Director at the Digital Industry Group Incorporated]
said, that's the most expeditious way of getting that down in the first
instance. But if the content doesn't come down within 48 hours, they can come
to us. The role we play as a safety net is that a lot of the moderators,
depending on the platform, may have 30 seconds or a minute to look at the reports
as they come in. They're dealing with huge volumes and they often miss context.
What the young people that report to us can do is give us that context and we
can make a case on their behalf and advocate on their behalf. That's why we
have had success with the 700 cases we've brought down. There have been very
few times when the social media sites say 'You determined that this was serious
cyberbullying, we're going to contest you on this.'
Ms Buskiewicz highlighted that '...no civil penalties have been levied
under the scheme since it started'. She argued:
This is because the robust and well-established
report-and-take-down systems that members have had in place for over a decade
leading up to the establishment of the eSafety office allow them to effectively
and expeditiously resolve complaints. With or without civil and criminal laws,
we will continue to do this.
However, the eSafety Office also noted that there is room for
Social media services champion community standards, rules and
basic norms of behavior on their platforms. However, sometimes the services
fall short of evolving these policies in response to malfeasance they are
witnessing on their platforms, and in ultimately enforcing these norms. The
Commissioner would like to see better policing of conduct by providers, as a
clear demonstration that they intend to be held to their published policies.
The Office understands that safety is a journey – not a final destination – and
we will continue to work with social media providers to share online abuse
trends and to encourage them greater innovation and investment in safety
When asked whether legislative changes might make the eSafety Office
more effective in addressing cyberbullying, the eSafety Commissioner stated
that '[w]e found the act quite workable, and our discretionary powers are quite
The eSafety Office cited some challenges in applying its end user notice
scheme in cases where the perpetrator's identity cannot be established from
public records. It stated that in order to access social media account data
from a platform hosted in the USA, a formal court or treaty process is
generally required. This process is most effective if a request to the service
to preserve the relevant data has already been made. The eSafety Office stated
that there may be merit in the office being able to reach a formal arrangement
with the Australian Federal Police (AFP) in which the AFP makes preservation
requests on behalf of the Office. The eSafety Office could then manage the court
The Law Council expressed support for the eSafety Commissioner's two‑tier
scheme, but recommended some changes.
First, it recommended that the Tier 2 scheme be expanded to allow small
service providers to be declared as Tier 2. Second, it highlighted that a
social media platform's Tier 1 status can only be revoked (and replaced
with Tier 2 status) if 12 months has passed since it became a
Tier 1 service. The Law Council argued that '[t]his is a long period
in which serious consequences could occur from cyberbullying.' It recommended
...the eSafety Commissioner be given a discretion to remove a
service's 'tier 1' status after a shorter period of time, if the provider
has clearly failed to remove material that has potentially serious consequences.
The eSafety Office raised the possibility of increasing the basic online
safety requirements under the Enhancing Online Safety Act 2015 (Online
unequivocal community standards, and a proactive approach to dealing with
cyberbullying on the platform.'
The Australian Women Against Violence Alliance submitted that the work
of the eSafety Commissioner should be extended to focus not only on
cyberbullying directed at children but also on other groups at risk.
The eSafety Commissioner also stated that this idea may have merit, noting that
the eSafety Office has received a growing number of complaints from adults
since its remit was expanded to include all Australians.
The relevant groups of vulnerable adults could include people with disability,
Aboriginal and Torres Strait Islander people, people who identify as LGBTIQ, women
experiencing domestic violence, and people with a non-English speaking
The eSafety Commissioner noted that any extension of the scheme '...should come
with additional resourcing.'
Additionally, the eSafety Commissioner expressed concern that the
definitions of 'social media service' and 'relevant electronic service' under
the Online Safety Act are not sufficiently clear and do not adequately capture
gaming platforms or anonymous social interaction apps such as Sarahah.
The eSafety Office stated that it would be useful to amend these definitions so
that the eSafety Office could bring these kinds of platforms into the tier
A duty of care for social media platforms
Mr Josh Bornstein, Principal at Maurice Blackburn Lawyers, supported a
publicly funded regulator to monitor and investigate cyberspace issues and
safety breaches. But he also stated that the regulator would be unable to
manage all cyberbullying cases because '...cyberspace is enormous...'. He proposed:
...empowering individuals, whether they are journalists who are
targeted and trolled or whether they are the parents of children who are
bullied online, to take legal action against Google, against Facebook and
against Twitter for, in effect, breaching their duty of care.
Mr Bornstein argued that this would:
...provide a very strong financial incentive to the big social
media companies to clean up their act. In the same way that
we provide strong financial incentives to employers and to occupiers of
premises—to supermarkets—to make sure that their premises are safe when people
use them, we should require Facebook, Google and others to take all practicable
and reasonable steps to ensure that their sites are safe for users as well.
Some other witnesses agreed that this kind of model is at least worthy
Ms Van Badham of the Media, Entertainment & Arts Alliance stated:
I agree with Josh Bornstein's position, that there has to be
a duty of care. Coming from professional media anyway, if a publication, The
Guardian, The Australian, Fairfax, if any of the major media
organisations in this country were facilitating the harassment and abuse of
individuals, they would be held accountable. Social media are media
corporations. Facebook is effectively a modern newspaper. So is Twitter. It has
a pretty loose content policy, but those platforms exist as publication
vehicles, and they must take responsibility for the care of participants within
However, the submission from DIGI supported a contrary position:
Given the strong commitment of industry to promote the safety
of people when they use our services, we believe that no change[s] to existing
criminal law is required. If anything, we would encourage the Committee to
consider carve outs from liability for responsible intermediaries.
Additionally, Ms Mia Garlick, Director of Policy, Australia & New
Zealand, Facebook and Instagram, was asked about legal liability for social
media platforms. She stated that '...regulations are clearly a matter for the
government. But from our perspective, regulation isn't what motivates us; it's
the consumer experience.'
Facebook and Instagram also stated that:
[o]n Facebook, people choose who to be friend with, and which
Pages or Groups to follow. Consequently, people make a decision about the types
of content that they can see in their News Feed. News Feed then ranks the
stories based on how relevant a particular piece of content is that a person
has chosen to see. We do not write the posts that people read on our services.
While we are not in the business of picking which issues the
world should read about, we are in the business of connecting people and ideas
— and matching people with the stories they find most meaningful.
The Law Council clarified that existing positive obligations under the Telecommunications
Act 1997 '...will generally not be applicable to social networking sites, as
they are not carriage service providers.' However, the obligations may apply to
the direct messaging applications of social media platforms, because '...these
messaging applications...may be regulated carriage service providers and hence
caught by the Telecommunications Act obligations.'
Additionally, the Law Council referred to the civil penalty regime that
already exists under the Online Safety Act and is administered by the eSafety
Commissioner. The Law Council noted that civil penalties have not yet been
applied to social media platforms, and that the eSafety Commissioner reports
largely positive experiences with social media platforms. It submitted that it:
...does not consider that there has been a demonstrated need at
this time to impose a positive obligation by way of a criminal penalty on
social media services to remove cyberbullying content from their platform.
Safety by design
Safety by design is '...the notion that safety ought to be built-in to
social media services from the outset as a fundamental and core principle of
The eSafety Commissioner strongly supports this approach, and her office
[t]he Commissioner considers it is reasonable to expect that
large social media services should proactively adopt a 'safety first' approach
to engineering their platforms and features, much as they have already done
with 'security by design' and 'privacy by design'.
The eSafety Office provided some positive examples of this, including:
the Lego Life children's social networking app, which employed
'...trained moderators to enforce an extensive code of conduct for users'; and
Snap, Inc. requiring '...users to deliberately opt-in to the Snap
Map feature, rather than opt-out.'
The eSafety Commissioner also noted a negative example, Facebook Live:
When Facebook Live went live, it took about a dozen murders,
suicides and rapes on Facebook Live for them to say, 'We're going to hire 3,000
moderators,' yet Periscope and Meerkat had been out in the market for some
time, so they could have reasonably anticipated that there would be some safety
issues requiring moderation.
The Alannah & Madeline Foundation submitted that '...the
"start-up" (innovation) culture of the technology industry
prioritises "testing in the marketplace" and responding to user
feedback to improve their services – this takes precedence over "user
safety by design".'
Further, new start‑up platforms:
...can often have significant cyberbullying and harassment
issues, due to their lack of monitoring and reporting processes. Young people
are often the "play-testers" in this environment, as their age group
has a higher proportion of "early adopters".
The eSafety Commissioner stated that one role her office would like to
play is to '...encourage companies to put safety by design first' and to
'...develop and implement stronger policies and enforcement procedures.'
She also noted the difficulties of legislating on safety by design:
I think that would be very hard to implement. Technology is
always going to outpace public policy. I imagine any legislator would have a
hard time anticipating where the newest technology might be or where it might
go, and I don't think we want to stifle innovation.
However, as the eSafety Commissioner stated:
...if [social media platforms are] not responsive or don't
acquiesce and they're active in our market and young people are being abused on
them, that's when we can go to the minister's office and declare them a tier-2 player.
Social media platforms and data
Some submitters stated that it may be beneficial for social media
platforms to publish relevant data, including data about complaints received
and the platforms' responses to them.
The National Children's Commissioner at the Australian Human Rights Commission
stated that reporting on data:
...provides the social media providers an opportunity to
enhance their education by demonstrating what they're doing in this space. If
they've got a good story to tell, I think they should be telling it.
Ms Buskiewicz of DIGI said that the data on complaints vary, and stated:
The member company policies vary on whether they release
those numbers. The example I can give is YouTube, which receives 275,000 flags
a day for review across all types of content, and that is in the context of
having 400 hours of video content uploaded to YouTube every day. So there is a
real volume of content that goes up.
Ms Buskiewicz stated that she did not have this data for Australia only.
In answering questions on notice, Facebook and Instagram stated that '[w]e
understand the rationale behind your requests for us to provide more detail
around the data showing reporting trends, however, unfortunately at this stage,
we are not able to do so.'
However, Facebook and Instagram also highlighted methods of removing content
before users report it to them. For instance, they stated that:
...we use automation, image matching and other tools to
proactively identify and remove 99% of the terror-related content before anyone
in our community has flagged it to us, and in some cases, before it goes live
on the site.
Ms de Bailliencourt of Facebook also said that complaint wait times
vary, but '[t]he vast majority...' are reviewed within 24 hours, and '[s]ome
may go to 48 hours.' She explained that '[w]e try to go even faster on
very sensitive reports, such as bullying. Suicide prevention is the one we try
to get to in minutes—when we're very good.'
The eSafety Office told the committee that between
1 October 2017 and 31 January 2018, the '...average length of
time between the Office requesting removal of content from a social media
service, to the Office being informed that the material has been removed, was
39 hours.' It stated that '[i]n the majority of cases, material will have been
removed well before notification.' In addition, '[t]he fastest time for content
removal by a social media service following a request by the Office was
Facebook and Instagram informed the committee that:
[w]e now have around 14,000 people working across community
operations, online operations, and our security efforts. We are committed to
increasing this number across all of these teams to a total of 20,000 by 2018.
The eSafety Commissioner stated that, based on her industry experience,
social media moderators have a very short time to consider complaints:
It is 30 seconds to a minute. It may vary. You would have to
verify that with Facebook...Most of the social media sites have triaging
functions. So, depending on which boxes you tick, they'll be able to
determine—if it's image based abuse it may go to one queue, versus child sexual
exploitation versus bullying, or 'this comment was inappropriate'.
The eSafety Office submitted that from 1 October 2018 to
31 January 2018 it responded to 97 percent of all complaints about
cyberbullying within three hours and resolved complaints, on average, in 150
The social media representatives at the hearing on
9 February 2018 were asked whether they would object to a law requiring
platforms to publish data about complaints, broken down by category. Ms
Buskiewicz of DIGI said:
We need to ask: what are we trying to get from the numbers?
If we're talking about incentivisation, that's only one way. As Mia [Garlick of
Facebook and Instagram] said before, we are very much reliant on feedback and
we're continually striving to do better, and we will do that regardless of
whether we have to publish numbers.
Ms Garlick of Facebook and Instagram argued that published data '...might
not be clear as to what it's showing', and added:
It's up to you guys to make recommendations and decisions on
the law. From our perspective, that's not going to be what motivates us to make
sure we're doing the best we can to remove the content as fast as we can.
The eSafety Office stated that the publication of this kind of data
would be beneficial, but also acknowledged that the data's usefulness would be
Data about cyberbullying and other abuses collected by the
social media services would be useful to have. For example, the information
might be used to target resources, raise awareness, and provide education on
However, it is unclear how much weight we could place on this
type of information. There are two reasons for this. The first is that
user-flagging of objectionable material on a service will always rely on the
specific rules, guidelines or standards applicable to that service, rather than
the statutory thresholds employed by the eSafety Commissioner. The second is
that the data, being user-generated and unverified, may not reliably reflect
the actual incidence of cyberbullying on a platform.
Education and prevention
A large number of submitters and witnesses, including government
agencies responsible for children and education, emphasised the importance of
education in addressing cyberbullying.
As the Australian Government Department of Education and Training (Department
of Education) submitted:
In dealing with cyberbullying, the department supports a
whole-school, systemic approach that emphasises early intervention and provides
tiered levels of support for school children and young people affected by the
negative behaviour. Measures should be age-appropriate and child focused,
working with the person being targeted, their family and school, social media
services, the perpetrator and when appropriate the police to address the issue.
The Department of Education also provided details on how the Australian
Curriculum addresses cyber safety and security both explicitly and implicitly
from Foundation to Year 10.
However, the eSafety Commissioner stated that '...there isn't consistent
and comprehensive online safety education. Some schools do it really well; some
schools totally miss the boat.' She explained that the eSafety Office has:
...a certified online safety provider program, where I believe
there are about 127 presenters from 27 different organisations—everyone from
the Carly Ryan Foundation and the Alannah & Madeline Foundation to PROJECT
Additionally, Ms Lesley Podesta, Chief Executive Officer at the Alannah
& Madeline Foundation, posited that:
[o]verwhelmingly—and this distresses me so much—it is a
postcode lottery as to whether the teacher knows what to do. It's not because
they don't care; it's because they have absolutely no resources or support
about the most effective pathways to deal with it.
The committee heard evidence regarding many existing initiatives and
organisations offering education and support related to cyberbullying, including:
Carly Ryan Foundation;
eSmart schools and eSmart libraries;
Out of the Dark;
Student Wellbeing Hub;
various initiatives cited by the Tasmanian Government,
various initiatives cited by the Western Australia Department of
yourtown noted that children should not be the only focus of education
As with addressing other cyber safety concerns that confront
our children and young people on a daily basis, such as sexting and
pornography, government must recognise the importance, impact and potential
value of the behaviour and responses of not just cyberbullying victims and
perpetrators but also of bystanders, parents, teachers and wider support
Indeed, the Queensland Family and Child Commission submitted,
'[e]ducation initiatives must target adults as well as children and young
The Australian Human Rights Commission also stated that '...parents are a
critical target group for public awareness and support for children as they
navigate online spaces...'.
The committee heard that one important point for education and awareness
initiatives is to encourage help‑seeking behaviour. As Professor Barbara
Spears of the Australian Universities' Anti-bullying Research Alliance stated:
There's a stigma attached to seeking help. It means: 'I'm
weak.' It means: 'I can't fix it myself.' We need to remember that young
adolescents are of the age where they are trying to develop and identify as
young, autonomous adults, and so they want to be seen to be solving problems
themselves. So we have to give them the skills. We have to help them understand
what help seeking means and how to go about looking for help and coping with
The eSafety Commissioner cited her office's research, which '...tells us
that young people are much less likely to use formal channels to seek support.'
She stated that:
[o]nly 50 per cent of young people turn to the family for
assistance, around 13 per cent will involve their school and only 12 per cent
report to a social media website. Fewer still, two per cent, report to the
Navigation: Previous Page | Contents | Next Page