Draft Communications Act 2003 (Disclosure of Information) Order 2024
(Limited Text - Ministerial Extracts only)
Read Full debate
The Parliamentary Under-Secretary of State for Science, Innovation and Technology (Feryal Clark)
I beg to move,
That the Committee has considered the draft Communications Act 2003 (Disclosure of Information) Order 2024.
It is a pleasure to serve under your chairmanship, Mr Twigg. I start by welcoming the shadow Minister, the hon. Member for Runnymede and Weybridge, to his place. I look forward to many encounters with him—we will have another tomorrow.
The Online Safety Act 2023 lays the foundations for strong protections for children and adults online, and I thank colleagues for their continued interest in the Act and its implementation. It is critical that the Act is made fully operational as quickly as possible, and the Government are committed to ensuring that its protections are delivered as soon as possible.
The draft order will further support the implementation of the 2023 Act by Ofcom. It concerns Ofcom’s ability to share business information with Ministers for the purpose of fulfilling functions of the 2023 Act under section 393 of the Communications Act 2003. It corrects an oversight in the 2023 Act that was identified following its passage.
Section 393 of the Communications Act 2003 contains a general restriction on Ofcom’s disclosing information about particular businesses without their consent. It includes exemptions, including where such a disclosure would facilitate Ofcom’s carrying out its regulatory functions or where it would facilitate other specified persons in carrying out specified functions. However, the section currently does not enable Ofcom to share information with Ministers for the purpose of their fulfilling functions under the Online Safety Act, although the 2003 Act does contain similar information-sharing powers in respect of the Enterprise Act 2002 and the Enterprise and Regulatory Reform Act 2013. That means that were Ofcom to disclose information about businesses to the Secretary of State, it may be in breach of the law.
It is important that a gateway exists for sharing information for these purposes, so that the Secretary of State can carry out key functions of the Online Safety Act, such as setting the fee threshold for the online safety regime in 2025 or carrying out the post-implementation review of the Act required under section 178. The draft order will therefore amend the 2003 Act to allow Ofcom to share information with the Secretary of State and other Ministers strictly for the purpose of fulfilling functions under the Online Safety Act.
There are strong legislative safeguards and limitations on the disclosure of this information, and Ofcom is experienced in handling confidential and sensitive information obtained from the services it regulates. Ofcom must comply with UK data protection law and would need to show that the processing of any personal data was necessary for a lawful purpose. As a public body, Ofcom is also required to act compatibly with the article 8 right to privacy in the European convention on human rights. We will continue to review the Online Safety Act so that Ofcom is able to support the delivery of functions under the Act where appropriate.
Feryal Clark
I thank the shadow Minister and the Liberal Democrat spokesperson for their comments. The Government are committed to the effective implementation of the Online Safety Act. It is crucial that we remove any barriers to that, as we are doing with this draft order, which will ensure that Ofcom can co-operate and share online safety information with the Secretary of State where it is appropriate to do so, as intended during the Act’s development.
The shadow Minister asked about proportionality. There are safeguards around the sharing of business information. Section 393 of the 2003 Act prohibits the disclosure of information about a particular business that was obtained using powers under certain Acts listed in the section, except with consent or where an exception applies. Ofcom is therefore restricted in disclosing information obtained using its powers to require information and other powers under the Online Safety Act, except where an exception applies. Ofcom is an experienced regulator and understands the importance of maintaining confidentiality. It is also a criminal offence for a person to disclose information in contravention of section 393 of the 2003 Act, including to the Secretary of State.
The Liberal Democrat spokesperson asked about the Online Safety Act’s implementation. On 17 October, Ofcom published an updated road map setting out its implementation plans. Firms will need to start risk-assessing for illegal content by the end of the year, once Ofcom finalises its guidance. The illegal content duties will be fully in effect by spring 2025, and Ofcom can start enforcing against the regime. Firms will have to start risk-assessing for harms to children in spring 2025, and the child safety regime will be fully in effect by summer 2025.
I hope that the Committee agrees with me about the importance of implementing the Online Safety Act and ensuring that it can become fully operational as quickly as possible. I commend the draft order to the Committee.
Question put and agreed to.