FC Code of Practice
Issued on 14th June 2018
This Code of Practice (the Code) defines the 'Notice and Takedown Procedure’ which is applied to Full Members by the Internet Watch Foundation (IWF), as further specified below, by which such Full Members are requested to remove, or disable (or otherwise permanently disrupt) access to, potentially illegal content which is hosted on their networks or on Usenet Services they provide, and where such content is accessible in or from the UK.
References in this Code to “potentially illegal content” refers to (i) content within the remit of the IWF as at the date of issue of this Code, namely, child sexual abuse images hosted anywhere in the world that is accessible in or from the UK, including non-photographic child sexual abuse images hosted in the UK, and which is (ii) assessed by the IWF, in accordance with its rigorous standards and by reference to English law and guidelines applicable at the relevant date, to be reasonably capable of sustaining a criminal prosecution under English law.
As at the date of issue of this Code, the applicable law and guidelines by which the IWF assesses potentially illegal content include the following (all laws stated are laws of England and Wales unless stated otherwise):
- Protection of Children Act 1978
- Civic Government Act 1982 (Scotland)
- Criminal Justice Act 1988
- Sexual Offences Act 2003
- Police and Justice Act 2006
- Criminal Justice and Immigration Act 2008
- Coroners and Justice Act 2009
- EC Directive 2000/31/EC, as implemented in England and Wales by the Electronic Commerce (EC Directive) Regulations 2002 (concerning liability of internet service providers)
- Crown Prosecution Service guidelines on indecent photographs of children (available at https://www.cps.gov.uk/legal-guidance/indecent-images-children-iioc)
- The Sexual Offences Definitive Guidelines of the Sentencing Council of England and Wales (available at https://www.sentencingcouncil.org.uk/wp-content/uploads/Sexual-Offences-Definitive-Guideline-web5.pdf)
Breaches of the Code may ultimately lead to suspension or termination of the Member’s membership of the IWF.
A breach is defined as a material failure or non-compliance to comply with the Notice and Takedown Procedure.
Other terms used within the Code are consistent with those in the Electronic Commerce (E-Commerce) Directive 2000/31/EC.
3. Scope of the code
The Code governs Full Members of the IWF that host Internet content on their servers (wherever the servers are situated) which is accessible in or from the UK, or which provide Usenet services for their customers (either directly or under contractual arrangements with third parties). For these purposes, a “Full Member” means as defined in the Funding Council Constitution.
Full Members to whom this Code applies cannot opt-out of the Code.
4. Obligations of Full Members under the Code
4.1 Contact Details
Full Members to whom the Code applies must provide the IWF with a nominated point of contact to which the IWF can serve Notices under the Notice and Takedown Procedure. This point of contact may be a nominated member of staff or a dedicated mailbox set up to receive such Notices and which is monitored by one or more members of staff. It is the responsibility of each Full Member to whom the Code applies to notify the IWF of any change to its point of contact for receipt of Notices.
4.2 Compliance with Notice and Takedown Procedure
Upon receipt of a Notice from the IWF, the Full Member in question must act expeditiously in order to comply with the Notice and Takedown Procedure as set out in paragraph 5 below.
Any Full Member to whom the Code applies, who disregards or otherwise fails to act expeditiously on a Notice from the IWF does so at its own risk, and will as a result be deemed to be in breach of the Code.
Full Members to whom the Code applies, who provide a Usenet service to their customers, will ensure those services are cleaned and updated on a periodic basis in accordance with the IWF’s recommendations (Appendix 1). This includes Usenet services delivered under contractual arrangements with third parties.
5. Notice and Takedown Procedure
5.1 The IWF may instigate the Notice and Takedown Procedure upon discovering or being informed of any content which it regards as potentially illegal content, and which is hosted on networks of, or provided via Usenet Services of, a Full Member and where such content is accessible in or from the UK. The IWF may also, in its discretion, raise a particular instance of potentially illegal content.
5.2 The Notice and Takedown Procedure shall operate as follows. The IWF contacts the relevant Full Member by sending an email to the nominated point of contact, containing the header ‘IWF Notice & Takedown Request’ (or equivalent header), and providing sufficient information to enable the Full Member to identify the location of the potentially illegal content (referred to as the “Notified Content”.)
5.3 If promptly requested by the Full Member (by telephone or email), the IWF shall provide any necessary clarification of the subject matter of the email, and may also have regard, in the sole discretion of the IWF, whether to accept any alternative measures or remedies proposed by the Full Member in relation to the Notified Content. If the IWF accepts alternative measures or remedies, then the Full Member undertakes to implement those measures or remedies within 5 working days of the IWF’s acceptance; subject to which the IWF shall retract the IWF Notice & Takedown Request email.
5.4 The IWF may voluntarily retract an IWF Notice & Takedown Request in its sole discretion at any time.
5.5 Subject to paragraphs 5.3 and 5.4 above, the Full Member in question shall promptly, and in any event within 5 working days of receipt of the email, respond that:
(a) it has identified the Notified Content, and will promptly remove or disable access to the Notified Content; or
(b) it is prevented or restricted from removing or disabling access to the Notified Content due to the applicable laws of its home jurisdiction, but it will endeavour to disrupt access to or transmission of the Notified Content by lawful means; or
(c) the email is issued improperly because the Full Member in question does not host the Notified Content or provide Usenet Services in respect of the Notified Content (providing a full explanation to the IWF).
6. Amendment of the Code
The Code may be amended only by agreement of the Full Members of the Funding Council in accordance with the Funding Council Constitution, and with the agreement of the IWF Board.
7. Document History
Summary of Changes
14th June 2018
Extension of Code to cover international companies
8. Adjudication Process (where no resolution is possible by discussion)
The adjudication process does not apply automatically. It applies, in connection with any breach or suspected breach of the Code by a Full Member, where no satisfactory resolution has been achieved within 30 days of commencement of discussions between the IWF and that Full Member (or within 30 days of the IWF attempting to open discussions). (See Appendix 2 for flowchart).
8.1.1 All notifications of a breach or suspected breach by a Full Member (hereafter the “Referred Member”) should be made to the IWF’s Deputy Chief Executive or, in their absence, the Chief Executive of the IWF.
8.1.2 Such notifications will typically be referred internally by an IWF hotline analyst who becomes aware of a suspected breach through the operation of the notice and take down process. An issue may also be flagged to the IWF by another Member or a third party. Formal notifications to the Full Member will not however occur until no resolution is achieved within 30 days of those discussions between the IWF and the Full Member (or within 30 days of the IWF attempting to open discussions).
8.1.3 Subject to paragraph 8.1.2, the IWF will notify the Referred Member of the suspected breach within 5 working days of the IWF becoming aware of the breach.
8.1.4 The IWF will maintain a confidential log of all suspected breaches that come to its attention.
8.2 Initial Inquiry
8.2.1 The Chief Executive of the IWF (footnote #1) will investigate a suspected breach and compile a report of initial findings. This report will outline the nature of the suspected breach, the salient facts and any mitigating circumstances.
8.2.2 On the basis of these initial findings the Referred Member may agree with the Chief Executive that the matter can be fully and satisfactorily resolved without further action.
8.2.3 If the matter cannot be fully and satisfactorily resolved with the Referred Member or requires further investigation and/or input from other parties, the Chief Executive may initiate a full inquiry.
8.2.4 The IWF will notify the Referred Member concerned if a full inquiry is initiated about them.
8.3 Full Inquiry
8.3.1 The full inquiry will normally be completed within 15 working days from the date of notification to the Referred Member (referred to in 8.2.4). In exceptional circumstances (eg if the matter being investigated is complex) the duration of the inquiry may be extended. A further period of a maximum of 7 working days may elapse between the completion of the full inquiry and the notification of any sanction to be applied.
8.3.2 The inquiry aims to determine whether a breach has occurred and, if it has occurred, the reasons for that breach. The inquiry will also seek to ascertain any mitigating actions taken by the Referred Member in relation to the breach and reasons why the Referred Member did not act on the notice in question. The inquiry will verify that the IWF has acted correctly and consistent with its agreed procedures.
8.3.3 All evidence collected as part of the inquiry will be recorded, auditable and disclosable to the Referred Member subject to the inquiry.
8.3.4 A representative(s) of the Referred Member and employees of the IWF will be invited to co-operate fully with the inquiry and provide written evidence and/or attend meetings in person.
8.3.5 If during the course of the inquiry, a dispute arises over the assessment of whether content is potentially illegal (as defined in the Code), external professional advice, including reference to law enforcement agencies, may be sought.
8.3.6 The IWF will produce a report on the suspected breach. The Chief Executive is responsible for ensuring that the inquiry has been conducted appropriately and that the conclusions reached in the report are consistent with the evidence considered in the full inquiry. The Chief Executive will approve the final report and send a copy to the Referred Member.
8.3.7 The Chief Executive may:
a) Agree with the Referred Member that the original notice was inaccurate or inappropriate or contained manifest errors, and that the matter is
closed without the Referred Member having to act on the notice;
b) Agree with the Referred Member that the matter is closed and that the Referred Member will act on the original notice;
c) Agree with the Referred Member to refer the matter to the relevant law enforcement agency;
d) Refer the matter to the Breach Sub-Committee of the Board if the Referred Member will not comply with the original notice.
8.4 Referral to IWF Breach Sub Committee
8.4.1 It is anticipated that most failures of the process can be remedied quickly without the need for formal proceedings (outlined above). However, if a Referred Member is found to be in breach after a full inquiry, the Board (or relevant Sub- Committee) may decide to impose proportionate sanctions on a Referred Member in order to secure their compliance.
8.4.2 Referrals received by the IWF Board pursuant to 8.3.7 (d) will be delegated for consideration to a Breach Sub-Committee of the Board which will be an ad hoc committee rather than a standing committee.
8.4.3 Any Breach Sub-Committee of the Board will comprise at least three people, with a ratio of 2:1 being maintained in relation to independent/industry membership. The Chair will be an independent trustee. The industry representative must not be employed by the Referred Member.
8.4.4 The inquiry by the Breach Sub-Committee will normally be completed within 15 working days from the date of notification to the Referred Member (referred to in 8.3.7 (d)).
8.4.5 The Referred Member shall be entitled to meet with the Breach Sub-Committee in person or by teleconference, depending on the Referred Member’s preference, and present its response to the final report per 8.3.6. The Referred Member may be assisted by or represented by another person, including a legal advisor. The Referred Member shall also be entitled to submit written evidence.
8.4.6 Referred Members and employees of the IWF are expected to co-operate with any reasonable request from the Breach Sub-Committee to assist in obtaining evidence.
8.4.7 The Breach Sub-Committee will determine the facts and arrive at a decision and will then agree an appropriate sanction. The Breach Sub-Committee will consider the report from the Executive (referred to in 8.3.6) and may, if it considers appropriate, seek independent legal advice in respect of a case brought before it.
8.4.8 The IWF shall inform the Referred Member of the Breach Sub-Committee decision within ten business days of the decision being made and shall provide details of the Breach Sub-Committee reasoning and any proposed sanction. This reasoning can be used as grounds for an appeal.
8.4.9 For the avoidance of doubt, if the Breach Sub-Committee finds that there was no case to answer then no further action shall be taken and the Referred Member will be advised.
9. Sanctions and Remedies
9.1 If a Referred Member is found to be in breach after a full inquiry the Breach Sub-Committee may decide to impose sanctions on a Referred Member in order to secure their compliance.
9.2 Remedies and sanctions available to the Breach Sub-Committee for breaches are:
(a) Request a formal, written undertaking as to future compliance
(b) Issue of a warning or reprimand
(c) Report filed with relevant law enforcement authority
(d) Suspension from membership
(e) Termination of membership
9.3 If the Breach Sub-Committee levies either 9.2(d) or 9.2(e) in the list of remedies and sanctions then it may publish its adjudication on the IWF website. Other adjudications shall not be published.
9.4 When determining the level of any remedy or sanction the Breach Sub-Committee will consider a number of factors that will determine the most appropriate course of action. Recognising that each case is likely to have its own particular features, the factors which the Breach Sub-Committee may take into account include the following:
(a) Whether the breach was inadvertent, negligent reckless or knowingly an act of commission or omission
(b) Seriousness of the breach in terms of detriment to consumers or the wider public interest
(c) Repetition or regular breaches or flouting of the rules
(d) Mitigating actions taken by the Referred Member or mitigating circumstances
(e) Impact of the breach on the integrity of the IWF
(f) Degree of co-operation with the IWF by the Referred Member in connection with the identification and rectification of the breach
(g) Relevant precedent, although the IWF Board will not be bound by precedent
9.5 IWF can recover reasonably incurred marginal costs (footnote #2) of the process from the Referred Member concerned who is found to be in breach. These costs are limited to those reasonably incurred by third parties involved in the process.
10.1 A Referred Member may appeal against a decision of the Breach sub committee (footnote #3) that a breach has occurred and/or the sanction applied (per 8.4.8).
10.2 Notification of the intention to appeal must be made in writing to the Chair of the Breach Sub Committee within 10 working days of receipt of the outcome full inquiry of the Breach Sub-Committee and/or receipt of the notification to impose a sanction as per 8.4.8. If no notification is received the matter will be considered closed.
10.3 The Board will use its best endeavours to hear an appeal within 15 days of the receipt by the Board of a notification of an intention to appeal. Those Board members who formed the Breach Sub-Committee may not be part of the Board meeting that considers the appeal.
10.4 The following are able to make representation in writing, by teleconference or in person (the Referred Member is entitled to request a face to face meeting). The following are also able to give additional evidence to the Board.
- Chair of the delegated Board Breach Sub-Committee
- Representatives of the Referred Member organisation
- The Chief Executive of the IWF
10.5 The Board can take external professional advice, including legal and law enforcement authority advice.
10.6 The Board is required to report its decision to the Referred Member within 10 working days of the appeal having been determined. The Chief Executive of the IWF and, where relevant, other Board members will be advised of the decision also.
10.7 The Board decision made will be final and there will be no further appeal process.
- The IWF recommends all ISPs serving UK customers not to host newsgroups which the IWF identifies as regularly containing child sexual abuse content. The latest policy is available by emailing firstname.lastname@example.org with general information on group status available here https://www.iwf.org.uk/what-we-do/who-we-are/governance/iwf-policies.
- The IWF publishes monthly to ISPs a list of groups categorised as ‘suspect’ or under ‘close monitoring’ in relation to the regularity policy, with the status of those lists being emphasised.
- The IWF recommends all ISPs serving UK customers not to host newsgroups which the IWF identifies as having names which are potentially illegal advertisements under Section 1(1) (d) of the Protection of Children Act 1978.
The IWF Board will not publish the list of group names.
- The IWF advises all ISPs serving UK customers not to carry newsgroups that are associated with advocating or linking to content of a child sexual abuse nature.
Individual notices and takedowns:
- Potentially illegal content found in any newsgroups not listed is issued with a notice and takedown in accordance with established practice.
A flowchart of the Adjudication Process can be accessed here.