Online Safety Super-Complaints (Eligibility and Procedural Matters) Regulations 2025
Debate between Baroness Jones of Whitchurch and Lord Stevenson of Balmacara(1 week, 4 days ago)
Grand CommitteeRead Full debate Read Hansard Text Read Debate Ministerial Extracts
The Parliamentary Under-Secretary of State, Department for Business and Trade and Department for Science, Information and Technology (Baroness Jones of Whitchurch) (Lab)
My Lords, as the Online Safety Act sets out, the Secretary of State must make these regulations under Sections 169(3) and 170(1) of the Act. They enable the super-complaints regime to operate by establishing the eligibility criteria that entities must meet to submit a super-complaint, as well as the procedural matters relating to Ofcom’s assessment of super-complaints.
Super-complaints are an integral part of the Act’s complaints handling, reporting, and redress mechanisms. They provide a means for eligible entities, including civil society groups with expertise in online safety matters, to raise systemic issues about the features or conduct of one or more regulated services with Ofcom, the Act’s independent regulator.
Super-complaints cannot be made by individuals, nor can they be made about individual pieces of content. The Act establishes, under Section 169, the scope of issues that super-complaints can address. This includes where the features and/or conduct of regulated services may be causing significant harm to, significantly adversely affecting the freedom of expression of, or otherwise adversely impacting users, particular groups or the public. We expect super-complaints to typically be about cross-platform, systemic issues. However, a complaint may cover a single service if the complaint is particularly important or impacts a large number of users or members of the public.
The SI sets out several eligibility criteria that an entity must meet to be able to submit a complaint to Ofcom. Entities must: represent the interests of users of regulated services, particular groups, or members of the public; have a composition, governance and accountability arrangements that mean it can be relied on to act independently from regulated services, although funding, or representation in the entity’s governance from platforms, is allowed; contribute to public discussions on online safety matters as an expert; and be capable of being relied upon to have due regard to any guidance published by Ofcom. These criteria aim to ensure a wide range of entities are eligible while safeguarding the integrity of the process and reducing the risk of vexatious complaints.
In addition to the eligibility criteria, this SI also sets out the process and timeline for assessing super-complaints. Ofcom must assess the would-be complainant’s evidence against the eligibility criteria and determine whether an entity is eligible within 30 days. Ofcom must then inform an entity whether they are eligible or not and explain why. The time for assessing eligibility reduces to 15 days where entities have been found to be eligible within the past five years. In such circumstances, an entity must submit information to show that it is still an expert contributing significantly to public discussion on online safety. Eligible entities must also present current, objective and relevant evidence to support their view that one of the grounds for a complaint under the Act is met.
When assessing the admissibility of the complaint and the substance of the complaint itself, Ofcom must typically respond 90 days following the eligibility determination. This means that, as standard, the entire super-complaints process will conclude within 120 days, or 105 days where there is retained eligibility status. Ofcom may however stop the clock in certain circumstances, such as if additional information is required from the entity and the complaint cannot be progressed without it. But Ofcom may only stop the clock by the amount of time it takes to receive the requested information. Where Ofcom has determined that an entity is eligible, it must consider the complaint and evaluate the evidence presented to it. At the end of the process it must publish a response, including its determination on the matter. This may include what further action, if any, it anticipates.
In developing these regulations, the Government have consulted Ofcom and there has been a public consultation. We have listened closely to the views of stakeholders and, where possible, made changes to the policy consulted on. These changes are set out in further detail in the Government’s policy response published in June this year. In tandem with this SI being laid, a round table was also held with key civil society groups to set out the changes and our response to the concerns raised during the consultation process. These changes include lowering the bar for eligibility to enable new expert organisations to make complaints and removing the requirement to pre-notify Ofcom ahead of submitting a complaint.
The online world is complicated and ever-changing. As the Government, our aim is to remain agile and keep pace with emerging online harms. These regulations have been drafted to do just that, by ensuring Ofcom is made aware of emerging technologies, market operators and subsequent harms. I beg to move.
Lord Stevenson of Balmacara (Lab)
My Lords, I welcome my noble friend’s comments, which set the context for this interesting statutory instrument.
In the process of consultation that led to the final decisions, was there time for the department to begin to implement the Parkinson rule? When my noble friend and I last met some time ago, we discussed how and under what conditions one might be able to allow Select Committees in the Commons and here with expertise in these matters to look at SIs before they are laid. I notice that this was laid on 9 June, which is well after that meeting. Was there time to let the Select Committees see this and were there useful results from that? If not, can she give us some indication of when the department will be in a position to begin to process the Parkinson rule in relation to this?
I am grateful to the Secondary Legislation Scrutiny Committee for its very full 29th report, which went through this SI in somewhat surprising detail—we do not normally get four or five pages on an instrument each time, but that tells the story behind some of my concerns about the department’s approach to this. The committee’s first conclusion is that:
“The draft Regulations are drawn to the special attention of the House on the ground that they are politically or legally important or give rise to issues of public policy likely to be of interest to the House”.
We are grateful to it for doing that. These are interesting and important issues.
The committee’s first point for consideration is that it worries whether the regulator, Ofcom, will have the resources to carry out the sort of work envisaged in this SI and the much larger scheme of work that it is involved in. I would be grateful if my noble friend could give some thought to that in her response. I do not think she mentioned it. We understand the basis on which Ofcom makes its funding needs available—there has been notification of that recently around the level of fees to be exercised on the companies in scope of the regulator—but that is not the narrow point raised here. It is more about the question of capacity and scale, and the ability to think more widely about the system it is trying to regulate, than it is just about the money. I would be grateful if my noble friend would say a few things about how the department judges that and how it thinks Ofcom will be able to scale up its current work, which is immense. It is very important to include this activity, which in the Bill was originally intended to be of assistance to Ofcom, although some of the way it has come out does not seem to have delivered on that.
Secondly, I recollect that we spent quite a long time on the Bill working out why the Government of the day did not think it necessary to have some form of ombudsman system in place for internet matters. I am sure the noble Lord, Lord Clement-Jones, will make some points about this. This was well argued and well thought through in our debates, and we had many meetings offline to try to find a way forward. We did not get what we wanted, but it was a very big Bill and other things perhaps took priority. However, we did get agreement from Ministers, in the Bill, that there would be a review shortly after its implementation— I think within two years—of how the complaints processes for users of IT systems in this country, particularly in new media, were being dealt with by individual companies. Clearly, the expectation is that each company will have its own structure but that, on occasion, issues would be raised across more than one provider. The question was how an ordinary citizen would cope with that if there was not some form of ombudsman system. I strongly believe that there needs to be an ombudsman system for this whole area, and I hope that the review to be carried out by Ofcom within two years will recommend that. This is not referred to in this SI. Will the Minister say a few words about the department’s current thinking on that?
Baroness Jones of Whitchurch (Lab)
We will know the outcome of that much sooner than 2028, because I am sure that we will all have experience of complaints that go forward and whether they are responded to efficiently in the coming months, because there will be the opportunity to do that. In the regulations, as the noble Lord knows, all the regulated companies are required to have a named individual and a process for people to raise complaints.
The noble Lord, Lord Stevenson, asked about appeals. I reassure noble Lords that Ofcom’s response will be informed by its regulatory experience, as well as the information presented as part of the complaint and any additional information that has been requested, before arriving at an appropriate determination. I also remind the Committee that the objective of a super-complaint is, ultimately, to bring to the attention of Ofcom an issue, a risk or a harm that it might otherwise have been unaware of. It is not to adjudicate an individual decision or necessarily to trigger enforcement action. Ofcom has the flexibility to use any of its online safety regulatory powers to address issues raised by the super-complaint. This may include a formal enforcement action, a change in guidance or codes of practice or, indeed, no action at all.
Lord Stevenson of Balmacara (Lab)
I may not have made the point as clearly as I should have. It is not the fact that Ofcom will be unaware of an issue that is being raised as much as that the need to get a super-complaint going may frustrate Ofcom finding out about small but high-risk activity that is remote from its main activity. We went through this in some detail towards the end of the Bill and in recent SIs that have stemmed from it. Size is never the only issue that will affect how individuals are being attacked or treated by these companies. I feel very uncomfortable about a situation where a super-complaint cannot be mounted because of lack of experience or a lack of quality in its processes, when the issue itself will then get ignored. I ask the Minister to perhaps reflect on that later.
Baroness Jones of Whitchurch (Lab)
As I have said, small organisations can get involved in the super-complaint process. The wording is designed as it is to allow new campaigning organisations, if you like, to come through, because this is a new territory that we are operating in, and we do not want to consult with or hear messages from just the usual, established organisations. I think that Ofcom will be sensitive about all this, but it will also, as we know, be able to enforce against small but risky services.
Ofcom is looking at what is happening in the smaller sphere, if I can put it like that. Ofcom has already started enforcement action against some of the non-compliant small but risky services. For example, it is investigating whether small services such as 4chan are complying with the illegal safety duties. There are other small services that Ofcom is now taking action against as well. I hear what the noble Lord has said, and I am confident that Ofcom will want to hear from all voices, not just the large players in this sector. I should also say that Ofcom is subject to standard regulatory redress mechanisms, such as judicial review.
The noble Baroness, Lady McIntosh, asked when the guidance will be in place. The Government expect Ofcom to have finalised the guidance by quarter 1 of 2026. This instrument comes into force on 31 December 2025. The guidance does not need to be finalised before the regime can come into effect. The guidance will contain important and useful information, so complainants may wish to wait until the final guidance is published before submitting a complaint, and Ofcom will consult on that guidance. But those organisations who know exactly what consumer complaints they wish to pursue do not have to wait for the guidance.
The noble Lord, Lord Wrottesley, and the noble Viscount, Lord Camrose, asked about Ofcom’s transparency and whether it will produce statistics on the evidence that it is acquiring. Ofcom recognises the importance of transparency around the work that it does and is considering how best to publish that information about super-complaints as it implements the new regime. Ofcom will publish responses to accepted super-complaints, including if they are rejected on admissibility grounds, and summaries of these complaints as required under the regulations.
Again, Ofcom and the Government will continue to communicate and develop those risks and make sure that the codes are kept under review. It is about not just producing the reports but communicating to the wider public if new risks are identified. We all accept that one purpose of the super-complaints is to bring things to Ofcom’s attention of which it might not otherwise be aware to enable it to move quite quickly to address those issues.
Online Safety Act 2023 (Category 1, Category 2A and Category 2B Threshold Conditions) Regulations 2025
Debate between Baroness Jones of Whitchurch and Lord Stevenson of Balmacara(5 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Baroness Jones of Whitchurch (Lab)
I can only reiterate what I have already said: we took Ofcom’s advice after a great deal of scrutiny of why it had come to that piece of advice. Its advice was that the key factor to be taken into account was how easily, quickly and widely content is disseminated. That is the basis on which we made that decision.
Lord Stevenson of Balmacara (Lab)
Sorry to interrupt but, to return to the point made by the noble Baroness, Lady Morgan, is it the Government’s position that, although the law says it is permissible, and indeed was expected, that in making their decision about category 1 the Government would require Ofcom to ensure that both reach and risk were taken account of, the Government have decided that only reach will be taken account of?
Baroness Jones of Whitchurch (Lab)
Ofcom’s advice was that how easily, quickly and widely content is disseminated are the key factors that it needed to make the judgment. I cannot say anything more than that.
Data (Use and Access) Bill [HL]
Debate between Baroness Jones of Whitchurch and Lord Stevenson of BalmacaraMonday 16th December 2024
(7 months, 1 week ago)
Grand CommitteeRead Full debate Data (Use and Access) Act 2025 View all Data (Use and Access) Act 2025 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 40-III(a) Amendments for Grand Committee (Supplementary to the Third Marshalled List) - (13 Dec 2024)
Lord Stevenson of Balmacara (Lab)
I wanted to rise to my feet in time to stop the noble Viscount leaping forward as he gets more and more excited as we reach—I hope—possibly the last few minutes of this debate. I am freezing to death here.
I wish only to add my support to the points of the noble Baroness, Lady Kidron, on Amendment 145. It is much overused saw, but if it is not measured, it will not get reported.
Baroness Jones of Whitchurch (Lab)
My Lords, I thank noble Lords for their consideration of the issues before us in this group. I begin with Amendment 134 from the noble Lord, Lord Clement-Jones. I can confirm that the primary duty of the commissioner will be to uphold the principal objective: securing an appropriate level of data protection, carrying out the crucial balancing test between the interests of data subjects, controllers and wider public interests, and promoting public trust and confidence in the use of personal data.
The other duties sit below this objective and do not compete with it—they do not come at the expense of upholding data protection standards. The commissioner will have to consider these duties in his work but will have discretion as to their application. Moreover, the new objectives inserted by the amendment concerning monitoring, enforcement and complaints are already covered by legislation.
I thank the noble Lord, Lord Lucas for Amendment 135A. The amendment was a previous feature of the DPDI Bill but the Government decided that a statement of strategic priorities for the ICO in this Bill is not necessary. The Government will of course continue to set out their priorities in relation to data protection and other related areas and discuss them with the Information Commissioner as appropriate.
Amendment 142 from the noble Viscount, Lord Camrose, would remove the ICO’s ability to serve notices by email. We would argue that email is a fast, accessible and inexpensive method for issuing notices. I can reassure noble Lords that the ICO can serve a notice via email only if it is sent to an email address published by the recipient or where the ICO has reasonable grounds to believe that the notice will come to the attention of the person, significantly reducing the risk that emails may be missed or sent to the wrong address.
Regarding the noble Viscount’s Amendment 143, the assumption that an email notice will be received in 48 hours is reasonable and equivalent to the respective legislation of other regulators, such as the CMA and Ofcom.
I thank the noble Lord, Lord Clement-Jones, for Amendment 144 concerning the ICO’s use of reprimands. The regulator does not commonly issue multiple reprimands to the same organisation. But it is important that the ICO, as an independent regulator, has the discretion and flexibility in instances where there may be a legitimate need to issue multiple reprimands within a particular period without placing arbitrary limits on that.
Turning to Amendment 144A, the new requirements in Clause 101 will already lead to the publication of an annual report, which will include the regulator’s investigation and enforcement activity. Reporting will be categorised to ensure that where the detail of cases is not public, commercially sensitive investigations are not inadvertently shared. Splitting out reporting by country or locality would make it more difficult to protect sensitive data.
Turning to Amendment 145, with thanks to the noble Baroness, Lady Kidron, I agree with the importance of ensuring that the regulator can be held to account on this issue effectively. The new annual report in Clause 101 will cover all the ICO’s regulatory activity, including that taken to uphold the rights of children. Clause 90 also requires the ICO to publish a strategy and report on how it has complied with its new statutory duties. Both of these will cover the new duty relating to children’s awareness and rights, and this should include the ICO’s activity to support and uphold its important age-appropriate design code.
I thank the noble Lord, Lord Clement-Jones, for Amendments 163 to 192 to Schedule 14, which establishes the governance structure of the information commission. The approach, including the responsibilities conferred on the Secretary of State, at the core of the amendments follows standard corporate governance best practice and reflects the Government’s commitment to safeguarding the independence of the regulator. This includes requiring the Secretary of State to consult the chair of the information commission before making appointments of non-executive members.
Amendments 165 and 167A would require members of the commission to be appointed to oversee specific tasks and to be from prescribed fields of expertise. Due to the commission’s broad regulatory remit, the Government consider that it would not be appropriate or helpful for the legislation to set out specific areas that should receive prominence over others. The Government are confident that the Bill will ensure that the commission has the right expertise on its board. Our approach safeguards the integrity and independence of the regulator, draws clearly on established precedent and provides appropriate oversight of its activities.
Finally, Clauses 91 and 92 were designed to ensure that the ICO’s statutory codes are consistent in their development, informed by relevant expertise and take account of their impact on those likely to be affected by them. They also ensure that codes required by the Secretary of State have the same legal effect as pre-existing codes published under the Data Protection Act.
Considering the explanations I have offered, I hope that the noble Lords, Lord Clement-Jones and Lord Lucas, the noble Viscount, Lord Camrose, and the noble Baroness, Lady Kidron, will agree not to press their amendments.
Data (Use and Access) Bill [HL]
Debate between Baroness Jones of Whitchurch and Lord Stevenson of BalmacaraTuesday 10th December 2024
(7 months, 2 weeks ago)
Grand CommitteeRead Full debate Data (Use and Access) Act 2025 View all Data (Use and Access) Act 2025 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 40-II(a) Amendment for Grand Committee (Supplementary to the Second Marshalled List) - (9 Dec 2024)
Baroness Jones of Whitchurch (Lab)
To be on the safe side, I will write to the noble Baroness. We feel that other bits in the provisions of the Bill cover the other aspects but, just to be clear on it, I will write to her. On Amendment 196 and the Online Safety Act—
Lord Stevenson of Balmacara (Lab)
I am sorry to interrupt but I am slightly puzzled by the way in which that exchange just happened. I take it from what the Minister is saying that there is no dissent, in her and the Bill team’s thinking, about children’s rights having to be given the correct priority, but she feels that the current drafting is better than what is now proposed because it does not deflect from the broader issues that she has adhered to. She has fallen into the trap, which I thought she never would do, of blaming unintended consequences; I am sure that she will want to rethink that before she comes back to the Dispatch Box.
Surely the point being made here is about the absolute need to make sure that children’s rights never get taken down because of the consideration of other requirements. They are on their own, separate and not to be mixed up with those considerations that are truly right for the commissioner—and the ICO, in its new form—to take but which should never deflect from the way children are protected. If the Minister agrees with that, could she not see some way of reaching out to be a bit closer to where the noble Baroness, Lady Kidron, is?
Baroness Jones of Whitchurch (Lab)
I absolutely recognise the importance of the issues being raised here, which is why I think I really should write: I want to make sure that whatever I say is properly recorded and that we can all go on to debate it further. I am not trying to duck the issue; this issue is just too important for me to give an off-the-cuff response on it. I am sure that we will have further discussions on this. As I say, let me put it in writing, and we can pick that up. Certainly, as I said at the beginning, our intention was to enhance children’s protection rather than deflect from it.
Moving on to Amendment 196, I thank the noble Lord, Lord Clement-Jones, and other noble Lords for raising this important issue and seeking clarity on how the provision relates to the categorisation of services in the Online Safety Act. These categories are, however, not directly related to Clause 122 of this Bill as a data preservation notice can be issued to any service provider regulated in the Online Safety Act, regardless of categorisation. A list of the relevant persons is provided in paragraphs (a) to (e) of Section 100(5) of the Act; it includes any user-to-user service, search service and ancillary service.
I absolutely understand noble Lords saying that these things should cross-reference in some way but, as far we are concerned, they complement each other, and that protection is currently in the Online Safety Act. As I said, I will write to noble Lords and am happy to meet if that would be helpful. In the meantime, I hope that the explanations I have given are sufficient grounds for noble Lords not to press their amendments at this stage.
Data (Use and Access) Bill [HL]
Debate between Baroness Jones of Whitchurch and Lord Stevenson of BalmacaraTuesday 19th November 2024
(8 months, 1 week ago)
Lords ChamberRead Full debate Data (Use and Access) Act 2025 View all Data (Use and Access) Act 2025 Debates Read Hansard Text Read Debate Ministerial Extracts
Baroness Jones of Whitchurch (Lab)
My Lords, I thank all noble Lords for what has genuinely been a fascinating, very insightful debate. Even though I was part, I think, of my noble friend Lord Stevenson’s gang that has been working on this for some time, one learns new things, and I have learned new things again today about some of the issues that are challenging us. So I thank noble Lords for their contributions this evening, and I am very pleased to hear that a number of noble Lords have welcomed the Government’s main approach to the Bill, though of course beyond that there are areas where our concerns will diverge and, I am sure, be subject to further debate. I will try to clarify the Government’s thinking. I am sure noble Lords will understand, because we have had a very wide-ranging discussion, that if I am not able to cover all points, I will follow those up in writing.
I shall start with smart data. As was raised by my noble friend Lord Knight of Weymouth, and other noble Lords, the Government are keen to establish a smart data economy that brings benefits to consumers across all sectors.
Through the Smart Data Council, the Government are working closely to identify areas where smart data schemes might be able to bring more benefits. I think the point was made that we are perhaps not using it sufficiently at the moment. The Government intend to communicate where and in what ways smart data schemes can support innovation and growth and empower customers across a spectrum of markets—so there is more work to be done on that, for sure. These areas include providing the legislative basis for the fuel finder service announced by the Department for Energy Security and Net Zero, and supporting an upcoming call for evidence on the smart data scheme for the energy sector. Last week, the Government set out their priorities for the future of open banking in the national payments vision, which will pave the way for the UK to lead in open finance.
I turn now to digital identity, as raised by the noble Earl, Lord Erroll, and a number of other noble Lords. The measures in the Bill aim to help people and businesses across Britain to use innovative digital identity technologies and to realise their benefits with confidence. As the noble Lord, Lord Arbuthnot, said, the Bill does not make digital identities mandatory. The Bill will create a legislative structure of standards, governance and oversight for digital verification services that wish to appear on a government register, so that people will know what a good digital identity looks like. It is worth saying that a lot of these digital verification schemes already exist; we are trying to make sure that they are properly registered and have oversight. People need to know what a good digital identity looks like.
The noble Lord, Lord Arbuthnot, raised points about Sex Matters. Digital verification services can be used to prove sex or gender in the same way that individuals can already prove their sex using their passport, for example. Regarding the concerns of the noble Lord, Lord Vaux, about the inclusion of non-digital identity, the Government are clear that people who do not want to use digital identity or the digital verification services can continue to access services and live their daily lives referring to paper documents when they need to. Where people want to use more technology and feel left behind, DSIT is working hard to co-ordinate government work on digital inclusion. This is a high priority for the Government, and we hope to come back with further information on that very soon.
The Office for Digital Identities and Attributes has today published its first digital identity inclusion monitoring report. The results show a broadly positive picture of inclusion at this early stage of the markets, and its findings will inform future policy interventions.
I would like to reassure the noble Lord, Lord Markham, and the noble Viscount, Lord Camrose, that NUAR takes advantage of the latest technologies to ensure that data is accessed only for approved purposes, with all access audited. It also includes controls, developed in collaboration with the National Protective Security Authority, the National Cyber Security Centre and the security teams of asset owners themselves.
We had a very wide-ranging debate on data protection issues, and I thank noble Lords for their support for our changes to this legislation. The noble Viscount, Lord Camrose, and others mentioned delegated powers. The Government have carefully considered each delegated power and the associated parliamentary procedure and believe that each is proportionate. The detail of our rationale is set out in our delegated powers memorandum.
Regarding the concerns of the noble Lord, Lord Markham, and the noble Viscount, Lord Camrose, about the effect of the legislation on SMEs, we believe that small businesses would have struggled with the lack of clarity in the term “high-risk processing activities” in the previous Bill, which could have created more burdens for SMEs. We would prefer to focus on how small businesses can be supported to comply with the current legislation, including through user-friendly guidance on the ICO’s small business portal.
Many noble Lords, including the noble Viscount, Lord Camrose, the noble and learned Lord, Lord Thomas, and the noble Lord, Lord Vaux, raised EU adequacy. The UK Government recognise the importance of retaining our personal data adequacy decisions from the EU. I reassure the noble Lord, Lord Vaux, and my noble friend Lord Bassam that Ministers are already engaging with the European Commission, and officials will actively support the EU’s review process in advance of the renewal deadline next year. The free flow of personal data between the UK and the EU is one of the underpinning actions that enables research and innovation, supports the improvement of public services and keeps people safe. I join the noble Lord, Lord Vaux, in thanking the European Affairs Committee for its work on the matter. I can reassure him and the committee that the Secretary of State will respond within the required timeframe.
The noble Lord, Lord Bethell, and others raised international data transfers. Controllers and processors must take reasonable and proportionate steps to satisfy themselves that, after the international transfer, the level of protection for the data subject will be “not materially lower” than under UK data protection law. The Government take their responsibility seriously to ensure that data and its supporting infrastructure are secure and resilient.
On the question from the noble Viscount, Lord Colville, about the new recognised legitimate interest lawful ground, the entire point of the new lawful ground is to provide more legal certainty for data controllers that they are permitted to process personal data for the activities mentioned in new Annexe 1 to the UK GDPR. However, the processing must still be necessary and proportionate and meet all other UK GDPR requirements. That includes the general data protection principles in Article 5 of the UK GDPR, and the safeguards in relation to the processing of special category data in Article 9.
The Bill has significantly tightened up on the regulation-making power associated with this clause. The only processing activities that can be added to the list of recognised legitimate interests are those that serve the objectives of public interest, as described in Article 23(1) of the UK GDPR. The Secretary of State would also have to have regard to people’s rights and the fact that children may be less aware of the risks and consequences of the processing of their data before adding new activities to the list.
My noble friends Lord Davies of Brixton and Lord Stevenson of Balama—do you know, I have never had to pronounce his full name—Balmacara, raised NHS data. These clauses are intended to ensure that IT providers comply with relevant information standards in relation to IT use for health and adult social care, so that, where data is shared, it can be done in an easier, faster and cheaper way. Information standards create binding rules to standardise the processing of data where it is otherwise lawful to process that data. They do not alter the legal obligations that apply in relation to decisions about whether to share data. Neither the Department of Health and Social Care nor the NHS sells data or provides it for purely commercial purposes such as insurance or marketing purposes.
With regard to data assets, as raised by the noble Baroness, Lady Kidron, and my noble friend Lord Knight of Weymouth, the Government recognise that data is indeed one of the most valuable assets. It has the potential to transform public services and drive cutting-edge innovation. The national data library will unlock the value of public data assets. It will provide simple, secure and ethical access to our key public data assets for researchers, policymakers and businesses, including those at the frontier of AI development, and make it easier to find, discover and make connections across those different databases. It will sit at the heart of an ambitious programme of reform that delivers the incentives, investment and leadership needed to secure the full benefits for people and the economy.
The Government are currently undertaking work to design the national data library. In its design, we want to explore the best models of access so that public sector data benefits our society, much in the way that the noble Baroness, Lady Kidron, outlined. So, decisions on its design and implementation will be taken in due course.
Regarding the concerns of the noble Lord, Lord Markham, about cybersecurity, as announced in the King’s Speech, the Government will bring forward a cybersecurity and resilience Bill this Session. The Bill will strengthen our defences and ensure that more essential digital services than ever before are protected.
The noble Baroness, Lady Kidron, the noble Viscount, Lord Colville, and my noble friend Lord Stevenson of Balmacara, asked about the Government’s plans to regulate AI and the timing of this legislation. As set out in the King’s Speech, the Government are committed to establishing appropriate legislation for companies developing the most powerful AI systems. The Government will work with industry, civil society and experts across the UK before legislation is drawn up. I look forward to updating the House on these proposals in due course. In addition, the AI opportunities action plan will set out a road map for government to capture the opportunities of AI to enhance growth and productivity and create tangible benefits for UK citizens.
Regarding data scraping, as raised by the noble Baroness, Lady Kidron, the noble Viscount, Lord Colville of Culross, and others, although it is not explicitly addressed in the data protection legislation, any such activity involving personal data would require compliance with the data protection framework, especially that the use of data must be fair, lawful and transparent.
A number of noble Lords talked about AI in the creative industries, particularly the noble Lords, Lord Holmes and Lord Freyberg—
Lord Stevenson of Balmacara (Lab)
I am sorry to interrupt what is a very fluent and comprehensive response. I do not want to break the thread, but can I press the Minister a little bit on those companies whose information which is their intellectual property is scraped? How will that be resolved? I did not pick up from what the Minister said that there was going to be any action by the Government. Are we left where we are? Is it up to those who feel that their rights are being taken away or that their data has been stolen to raise appropriate action in the courts?
Baroness Jones of Whitchurch (Lab)
I was going to come on to some of those issues. Noble Lords talked about AI in the creative industries, which I think my noble friend is particularly concerned about. The Government are working hard on this and are developing an effective approach that meets the needs of the UK. We will announce more details in due course. We are working closely with relevant stakeholders and international partners to understand views across the creative sector and AI sectors. Does that answer my noble friend’s point?
Lord Stevenson of Balmacara (Lab)
With respect, it is the narrow question that a number of us have raised. Training the new AI systems is entirely dependent on them being fed vast amounts of material which they can absorb, process and reshape in order to answer questions that are asked of them. That information is to all intents and purposes somebody else’s property. What will happen to resolve the barrier? At the moment, they are not paying for it but just taking it—scraping it.
Baroness Kidron (CB)
Perhaps I may come in too. Specifically, how does the data protection framework change it? We have had the ICO suggesting that the current framework works perfectly well and that it is the responsibility of the scrapers to let the IP holders know, while the IP holders have not a clue that it is being scraped. It is already scraped and there is no mechanism. I think we are a little confused about what the plan is.
Social Media: Catfishing
Debate between Baroness Jones of Whitchurch and Lord Stevenson of Balmacara(8 months, 3 weeks ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Baroness Jones of Whitchurch (Lab)
Ofcom published its latest vision of the media literacy strategy just a couple of months ago, so its implementation is very much in its infancy. The Government very much support it and we will work with Ofcom very closely to roll it out. So Ofcom has a comprehensive media literacy strategy on these issues, but as we all know, schools have to play their part as well: it has to be part of the curriculum. We need to make sure that children are kept safe in that way.
The noble Viscount referred to AI. The rules we have—the Online Safety Act and so on—are tech-neutral in the sense that, even if an image is AI generated, it would still fall foul of that Act; it does not matter whether it is real or someone has created it. Also, action should be taken by the social media companies to take down those images.
Lord Stevenson of Balmacara (Lab)
My Lords, as a survivor of the seven-year long period during which the Online Safety Act was developed, I have to confess that I do not think we ever came across the word “catfishing”. In a quick moment, I looked it up on Google—and, of course, it has not even reached Google yet. It talks about those who wish to catch fish, rather than catfishing. I make a joke, but this is a serious issue and the Minister is trying to address it very fairly. The problem is that the technology is so efficient and quick that the offences are moving ahead of our ability as legislators to make the necessary laws. The key element of the Online Safety Act is that that which is illegal offline is also illegal online. When will we see the necessary offence on the statute book?
Baroness Jones of Whitchurch (Lab)
My noble friend is quite right about the expression “catfishing”. I had to check the definition before I came here today, and for anyone who wants that clarification, it is when someone sets up a fake online identity and uses it to trick and control others. It covers a whole range of offences, including scamming people out of money, blackmailing them or trying to harm them in another way.
On my noble friend’s general point, yes, we are of course looking at how we can match online safety with offline safety; that is part of ongoing work. But for the time being, as I have said several times from the Dispatch Box, rolling out the Online Safety Act is the crucial thing. We are within touching distance, and it will make a huge difference when it is fully implemented. That is our priority at this time.