The fine against Strictly Broadband was the first one Ofcom had issued under the ATVOD rules notwithstanding a number of determinations ATVOD had already issued against adult-content VOD services.
A few days ago (on 16 January), Playboy TV/Benelux Ltd also got hit by Ofcom with fines of £100K in total due to its VOD services “Playboy TV” (Ofcom decision here) and “Demand Adult” (Ofcom decision here) being found to breach Rule 11.
Rule 11 – Access Control
The ATVOD Rules reflect Part 4A of the Communications Act 2003 which came into force at the end of 2009 to implement the 2007 AVMS Directive.
Rule 11 reflects s.368E(2) of the Comms Act which states the following:
“If an on-demand programme service contains material which might seriously impair the physical, mental or moral development of persons under the age of eighteen, the material must be made available in a manner which secures that such persons will not normally see or hear it.”
ATVOD has said in its Guidance on the Statutory Rules that it considers content which might “seriously impair the physical, mental or moral development” of under 18s includes content which would be classified as “R18” by the British Board of Film Classification (the BBFC).
According to the BBFC’s guidance, the “R18” category is a “special and legally restricted classification primarily for explicit works of consenting sex… containing clear images of real sex, or other very strong sexual images… whose primary purpose is sexual arousal or stimulation.”
In terms of how to secure that under 18s will not see or hear the inappropriate content, ATVOD’s guidance states that “there should be in place an effective Content Access Control System (“CAC System”) which verifies that the user is aged 18 or over at the point of registration or access by the mandatory use of technical tools for age verification.” If age verification doesn’t occur each time the user returns to the service, further access to the adult content should be controlled when the user returns by the use of mandatory security controls (e.g. passwords or PIN numbers).
A couple of examples given by ATVOD of acceptable CAC Systems are credit card ownership or other form of payment where mandatory proof that the holder is 18 or over is required prior to issue, or a reputable personal digital identity management service which uses checks on an independent and reliable database (like the electoral roll).
A key point about this is that ATVOD does not think confirmation of ownership of a Debit, Solo or Electron card (or for that matter any other card where the card holder is not required to be 18 or over) is acceptable verification that a user is 18 or over.
Strictly Broadband / Demand Adult / Playboy TV decisions
Strictly Broadband consisted of a website giving access to adult videos. The site was held to be in breach of Rule 11 because, amongst other things, lots of free adult content was available on the homepage, registration required users to provide an email address but didn’t require any proof of age, and payment options for further content included debit card or SMS text message which, as referred to above, ATVOD doesn’t consider to be an effective CAC System (because both debit cards and mobile phones are available to under 18s).
Demand Adult was also a website service like Strictly Broadband. It was found to breach Rule 11 because the home page only required users to click to “self-verify” that they were over 18 and then provided access to the adult content, further material could then be purchased either by bank transfer or debit card.
Like Strictly Broadband and Demand Adult, Playboy TV was a website service. It was found to breach Rule 11 because, amongst other things, purchases of adult content could be made by debit card.
In the above cases, insufficient or no steps were taken to remedy the contraventions. However, it’s quite easy to see what they could have done to make the services compliant. For example, in an ATVOD determination from July last year in relation to an adult online service called the “Brit Porn Supersite” run by “Aphrodite Photography”, the provider took various steps to make the site compliant, e.g. removing / replacing explicit material from in-front of the paywall on the site and finding an alternative CAC System to differentiate credit and debit cards (i.e. because the latter are available to under 18s).
The other feature of the above cases is that it was quite clear who was responsible for the service. However, analysing the compliance responsibilities becomes more complicated when you have a VOD service made available by a platform operator on a TV platform where the content comes from a variety of broadcasters / production companies – such as the TV VOD services offered by Virgin Media or BT Vision.
The complication comes partly from the fact that the obligation to comply with the rules is on the “provider” of the VOD service. The entity treated as the provider of the VOD service is the entity which has “editorial responsibility” for the service.
Under s.368A(4) of the Comms Act, the entity with “editorial responsibility” is the entity which has general control over:
(a) what programmes are included in the range of programmes offered to users; and
(b) the manner in which the programmes are organised in that range.
There are lots of different ways that VOD deals between content providers and platform operators could be structured. For example, a deal could involve the content provider being required to provide the platform operator with all the programmes from its linear channel. Alternatively, one of the parties could choose certain programmes from a larger catalogue of programmes to be included on the service.
According to ATVOD’s guidance in this area, whilst a platform operator could be responsible for the selection of individual programmes and their organisation and thereby acquire “editorial responsibility”, it’s unlikely (as far as ATVOD is concerned) that the platform operator will have editorial responsibility if it only tells a content provider the type or amount of programming it wants without actually selecting the programmes themselves.
What is interesting is that ATVOD specifically states in its guidance that the fact a platform operator may provide appropriate protection mechanisms allowing access to some content to be restricted or specify how potentially harmful or offensive content should be indicated (e.g. with an age-rating) does not mean that it necessarily has the regulatory responsibility.
What this means is that in the situation where a content provider is selecting the content but has no other involvement with how the content is made available on the platform, it could find itself in the difficult situation where it is designated as the service provider with regulatory responsibility for implementing a CAC System, but has no way of complying practically – because it has no control over the platform itself.
In the above situation it would be critical at the outset for the content provider to ensure it has sufficient protection in its contract with the platform operator to ensure it is not inadvertently put into regulatory breach through the actions (or inactions) of the platform operator regarding the implementation of a CAC System.