Communications Act 2003 (Disclosure of Information) Order 2024
(Limited Text - Ministerial Extracts only)
Read Full debate
Baroness Jones of Whitchurch
That the Grand Committee do consider the Communications Act 2003 (Disclosure of Information) Order 2024.
The Parliamentary Under-Secretary of State, Department for Business and Trade and Department for Science, Information and Technology (Baroness Jones of Whitchurch) (Lab)
My Lords, this order was laid before the House on 9 September this year. The Online Safety Act lays the foundations of strong protection for children and adults online. I am grateful to noble Lords for their continued interest in the Online Safety Act and its implementation. It is critical that the Act is made fully operational as soon as possible, and the Government are committed to ensuring that its protections are delivered as soon as possible. This statutory instrument will further support the implementation of the Act by Ofcom.
This statutory instrument concerns Ofcom’s ability to share business information with Ministers for the purpose of fulfilling functions under the Online Safety Act 2023, under Section 393 of the Communications Act 2003. This corrects an oversight in the original Online Safety Act that was identified following its passage.
Section 393 of the Communications Act 2003 contains a general restriction on Ofcom disclosing information about particular businesses without consent from the affected businesses, but with exemptions, including where this facilitates Ofcom in carrying out its regulatory functions and facilitates other specified persons in carrying out specific functions. However, this section does not currently enable Ofcom to share information with Ministers for the purpose of fulfilling functions under the Online Safety Act. This means that, were Ofcom to disclose information about businesses to the Secretary of State, it may be in breach of the law.
It is important that a gateway exists for sharing information for these purposes so that the Secretary of State can carry out functions under the Online Safety Act, such as setting the fee threshold for the online safety regime in 2025 or carrying out post-implementation reviews of the Act required under Section 178. This statutory instrument will therefore amend the Communications Act 2003 to allow Ofcom to share information with the Secretary of State and other Ministers, strictly for the purpose of fulfilling functions under the Online Safety Act 2023.
There are strong legislative safeguards and limitations on the disclosure of this information, and Ofcom is experienced in handling confidential and sensitive information obtained from the services it regulates. Ofcom must comply with UK data protection law and would need to show that the processing of any personal data was necessary for a lawful purpose. As a public body, Ofcom is also required to act compatibly with the Article 8 right of privacy under the European Convention on Human Rights.
We will therefore continue to review the Online Safety Act, so that Ofcom is able to support the delivery of functions under the Act where it is appropriate. That is a brief but detailed summary of why this instrument is necessary. I should stress that it contains a technical amendment to deal with a very small legal aspect. Nevertheless, I will be interested to hear noble Lords’ comments on the SI. I beg to move.
Lord Clement-Jones (LD)
My Lords, I thank the Minister for her introduction and for explaining the essence of the SI. We all have a bit of pride of creation in the Online Safety Act; there are one or two of us around today who clearly have a continuing interest in it. This is one of the smaller outcomes of the Act and, as the Minister says, it is an essentially an oversight. I would say that a tidying-up operation is involved here. It is rather gratifying to see that the Communications Act still has such importance, 21 years after it was passed. It is somewhat extraordinary for legislation to be invoked after that period of time in an area such as communications, which is so fast-moving.
My question for the Minister is whether the examples that she gave or which were contained in the Explanatory Memorandum, regarding the need for information to be obtained by the Secretary of State in respect of Section 178, on reviewing the regulatory framework, and Section 86, on the threshold for payment of fees, are exclusive. Are there other aspects of the Online Safety Act where the Secretary of State requires that legislation?
We are always wary of the powers given to Secretaries of State, as the noble Viscount, Lord Camrose, will probably remember to his cost. But at every point, the tyres on legislation need to be kicked to make sure that the Secretary of State has just the powers that they need—and that we do not go further than we need to or have a skeleton Bill, et cetera—so the usual mantra will apply: we want to make sure that the Secretary of State’s powers are proportionate.
It would be very useful to hear from the Minister what other powers are involved. Is it quite a number, were these two just the most plausible or are there six other sets of powers which might not be so attractive? That is the only caveat I would make in this respect.
Viscount Camrose (Con)
My Lords, I thank the Minister for setting out this instrument so clearly. It certainly seems to make the necessary relatively simple adjustments to fill an important gap that has been identified. Although I have some questions, I will keep my remarks fairly brief.
I will reflect on the growing importance of both the Online Safety Act and the duty we have placed on Ofcom’s shoulders. The points made by the noble Lord, Lord Clement-Jones, about the long-standing consequential nature of the creation of Ofcom and the Communications Act were well made in this respect. The necessary complexity and scope of the work of Ofcom, as our online regulator, has far outgrown what I imagine was foreseeable at the time of its creation. We have given it the tasks of developing and enforcing safety standards, as well as issuing guidance and codes of practice that digital services must follow to comply with the Act. Its role includes risk assessment, compliance, monitoring and enforcement, which can of course include issuing fines or mandating changes to how services operate. Its regulatory powers now allow it to respond to emerging online risks, helping to ensure that user-protection measures keep pace with changes in the digital landscape.
In recognising the daily growing risk of online dangers and the consequent burdens on Ofcom, we of course support any measures that bring clarity and simplicity. If left unaddressed, the identified gap here clearly could lead to regulatory inefficiencies and delays in crucial processes that depend on accurate and up-to-date information. For example, setting appropriate fee thresholds for regulated entities requires detailed knowledge of platform compliance and associated risks, which would be challenging to achieve without full data access. During post-implementation reviews, a lack of access to necessary business information could hamper the ability to assess whether the Act is effectively achieving its safety objectives or whether adjustments are needed.
That said, I have some questions, and I hope that, when she rises, the Minister will set out the Government’s thinking on them. My first question very much picks up on the point made—much better than I did—by the noble Lord, Lord Stevenson of Balmacara. It is important to ensure that this instrument does not grant unrestricted access to business information but, rather, limits sharing to specific instances where it is genuinely necessary for the Secretary of State to fulfil their duties under the Act. How will the Government ensure this?
Secondly, safeguards, such as data protection laws and confidentiality obligations under the Communications Act 2003, must be in place to guarantee that any shared information is handled responsibly and securely. Do the Government believe that sufficient safeguards are already in place?
Thirdly, in an environment of rapid technology change, how do the Government plan to keep online safety regulation resilient and adaptive? I look forward to hearing the Government’s views on these questions, but, as I say, we completely welcome any measure that increases clarity and simplicity and makes it easier for Ofcom to be effective.
Baroness Jones of Whitchurch (Lab)
I thank noble Lords for their valuable contributions to this debate. It goes without saying that the Government are committed to the effective implementation of the Online Safety Act. It is critical that we remove any barriers to that, as we are doing with this statutory instrument.
As noble Lords said—the noble Viscount, Lord Camrose, stressed this—the Online Safety Act has taken on a growing significance in the breadth and depth of its reach. It is very much seen as an important vehicle for delivering the change that the whole of society wants now. It is important that we get this piece of legislation right. For that purpose, this statutory instrument will ensure that Ofcom can co-operate and share online safety information with the Secretary of State where it is appropriate to do so, as was intended during the Act’s development.
On specific questions, all three noble Lords who spoke asked whether the examples given were exclusive or whether there are other areas where powers might be given to the Secretary of State. The examples given are the two areas that are integral to implementation. We have not at this stage identified any further areas. The instrument would change to allow sharing only for the purposes of fulfilling the Secretary of State’s functions under the Online Safety Act—it does not go any broader than that. I think that answers the question asked by the noble Viscount, Lord Camrose, about whether this meant unlimited access—I assure him that that is not the purpose of this SI.
My noble friend Lord Stevenson asked whether this relates only to the powers under the OSA. Yes, the instrument allows Ofcom to share information it has collected from businesses only for the purposes of fulfilling the Secretary of State’s functions under the Act.
On the question of devolution, the powers of Scottish, Northern Ireland and Welsh Ministers primarily relate to the power to define the educational establishments for the purpose of Schedule 1 exemptions. There are also some consultation provisions where these Ministers must be consulted, but that is the limit of the powers that those Ministers would have.
I am conscious that I have not answered all the questions asked by the noble Viscount, Lord Camrose, because I could not write that quickly—but I assure him that my officials have made a note of them and, if I have not covered those issues, I will write to him.
I hope that noble Lords agree with me on the importance of implementing the Online Safety Act and ensuring that it can become fully operational as soon as possible. I commend these regulations to the Committee.