Re: Storm in a Teacup
Speaking as a forum admin, I agree on a top-level basis. I am not shutting down my 18 year old cycling forum, at least not yet.
I've got very close to deciding to close it, though, while listening to the series of Ofcom presentations on the OSA earlier this week. The more you delve into the details, the more vague the whole thing is.
This Act creates a whole new set of legal duties that I have to comply with. With legally-required risk assessments that are entirely my responsibility.
It has taken weeks to get a basic understanding of what the Act says, and the duties that Ofcom is imposing on all user-to-user service providers. We still don't have answers to several fundamental questions, and the whole thing is written from the point of view that all online services are run by businesses (The "nominated person responsible for risk assessments" has to officially report their findings to a more senior person, for example. While "internal business user-to-user services" are exempt, internal services used by any other group of people such as families or clubs, are not exempt).
The GDPR was quite different. It did not cover data for personal or organisational use: we didn't have to register our address books, or our club membership databases, with the government.
The OSA most definitely does cover online user-to-user services, even if restricted to family groups, or clubs and societies. Run a small club-only forum? Comments on your website? You need to read all the reams of documentation, try to answer the questions in their "tool", carry out a risk assessment and a child access assessment, document it all, update your terms and conditions, create new procedures for people to report content and complain, add your name as the person responsible: then cross your fingers that your understanding of your new legal duties is correct.