Molly Rose Foundation flags Meta's 'astounding' failure to protect children in open letter to Ofcom

The foundation, set up by the father of schoolgirl Molly Russell, who took her own life after accessing 'hideous' material on social media, has penned the letter to Meta a bid to tighten online safety rules.

Slamming the tech giant's response to the implementation of the Online Safety Act, Mr Russell's letter to the regulator highlights significant failings, and accuses Meta of "making retrospective safety changes" and its "failure to identify such foreseeable safety risks".

Molly Russell died by suicide aged just 14, prompting her family and their friends to set-up a charitable foundation in her memory.

A subsequent inquest into her death found that Molly had viewed over 2,100 images of suicide, self-harm and depression on Instagram alone over the course of six months.

Following her death, the inquest concluded that social media contributed to her death.

Writing in the letter, Mr Russell noted that "reports suggest that the platform will no longer train its chatbots to engage with teenage users on self-harm, suicide, disordered eating, or potentially inappropriate sexual and romantic conversations."

However, he went on to highlight that "Meta breached its risk assessment duties as set out in Section 11 of the Act."

He continued that the foundation now requests that OfCom formally open an investigation into "Meta’s compliance with its risk assessment duties under the Act.

"Furthermore, this case raises broader and substantive concerns about the approach that Meta is taking to comply with the letter and spirit of UK regulation, with many observers legitimately able to question whether anything has meaningfully changed in Menlo Park, amidst a prevailing culture which continues to view safety-by-design and regulatory compliance as a tick-box exercise, rather than a first order concern."

In response to LBC's campaign and issues of online safety, Meta has said: "In September last year, we introduced Instagram Teen Accounts which will automatically default all teenagers into a private Instagram account with built- in protections which will limit who can contact them and the content they see.

• Messaging restrictions: Teens will be placed in the strictest messaging settings, so they can only be messaged by people they follow or are already connected to.
• Limited interactions: Teens can only be tagged or mentioned by people they follow. We’ll also automatically turn on the most restrictive version of our anti-bullying feature, Hidden Words, so that offensive words and phrases will be filtered out of teens’ comments and DM requests.
• Sensitive content restrictions: Teens will automatically be placed into the most restrictive setting of our sensitive content control, which limits the type of sensitive content (such as content that shows people fighting or promotes cosmetic procedures) teens see in places like Explore and Reels.

It added that teens under 16 years old "will need parental permission to change any of these settings to be less strict."

In her first policy move as Technology Secretary, Liz Kendall told LBC: “Keeping children safe online is a challenge understood by parents across the country, yet vile content that promotes self-harm continues to be pushed on vulnerable adults and can mean potentially heart-wrenching consequences for them and their loved ones.

"Our enhanced protections will make clear to social media companies that taking immediate, proactive steps to keep users safe from encountering toxic material that could be the difference between life and death is not an option, but the law.”

The full letter can be found below.

Dear Melanie,

Meta’s AI products and compliance with the Online Safety Act

Last Friday, Meta announced a set of interim changes to address risks to children’s safety stemming from the design and operation of its AI chatbots.

This announcement appeared to be an immediate response to the investigation by Reuters journalist Jeff Horwitz and follows the all too familiar pattern of Meta making retrospective safety changes following media reports and bipartisan condemnation in Congress.

While Meta has not set out full details of its policy changes, media reports suggest that the platform will no longer train its chatbots to engage with teenage users on self-harm, suicide, disordered eating, or potentially inappropriate sexual and romantic conversations.

Meta spokesperson Stephanie Otway acknowledged that Meta had previously considered its well-publicised AI chatbot guidelines to be appropriate but now recognises that these were a ‘mistake.’

While any safety improvements are of course welcome, the Online Safety Act is supposed to break the cycle of platforms making retroactive changes in response to media coverage and personal tragedies. Meta’s platforms were required under the Act to complete ‘suitable and sufficient ‘risk assessments no later than 24th July. However, it appears policies which the company now acknowledge were an error continued to be in effect several weeks after this date, and were it not for the important reporting, presumably would continue to do so.

By failing to identify and address such reasonably foreseeable safety risks, there appears to be a prima facie case that Meta breached its risk assessment duties as set out in Section 11 of the Act. By any reasonable definition, a ‘suitable and sufficient’ risk assessment would be expected to capture risks which the platform itself is now rushing to close.

We therefore formally request that you consider opening an investigation into Meta’s compliance with its risk assessment duties under the Act. Furthermore, this case raises broader and substantive concerns about the approach that Meta is taking to comply with the letter and spirit of UK regulation, with many observers legitimately able to question whether anything has meaningfully changed in Menlo Park, amidst a prevailing culture which continues to view safety-by-design and regulatory compliance as a tick-box exercise, rather than a first order concern.

Ofcom has so far relied on its supervisory relationship with large firms, and it has been striking to many that of the 40+ investigations it has launched so far, not one has been directed at large (presumably soon to be classified as Category 1) services.

There may of course be good operational and tactical reasons behind this, however civil society, the public and Parliament all reasonably expect to see the regulator acting swiftly to address such seemingly egregious breaches of the Act. On that basis, a formal investigation into Meta’s ‘business as usual’ stance cannot be announced too soon.

I am as always happy to discuss these matters further with you and your teams.