(5 years, 1 month ago)
Lords ChamberI draw the attention of the House to my interests, particularly that of being chair of the 5Rights Foundation.
We know that a person’s trajectory is largely defined by the circumstances of their birth and that prevention and early intervention are more effective than policies driven by headlines and voter frustrations. This should put children at the top of the policy agenda but, while jiggling a baby for the camera is a well-worn meme of the campaigning politician, the fact remains that children have no electoral capital, and this gracious Speech, like those preceding it, reflects their lack of political power.
Nowhere is that truer than in the digital world. Like others, I welcome the online harms Bill but I am concerned by the shifting language that prioritises the burden on business rather than the welfare of children. Almost every aspect of a young person’s life is mediated by devices and services that impact, both beneficially and problematically, on their life chances. Children are more vulnerable to the risks associated with profiling: behavioural advertising, abuses of health and education data, gaming, gambling, bullying, self-harm, anxiety, identity fraud, unwanted contact and unwanted content. We are in the grip of an anti-vax movement that results in children having measles. Children are vulnerable to a system that fails to separate fact from fiction. Even this morning we saw reports that one-third of all searches on Google to buy a teething toy featured potentially dangerous products. As Professor Sonia Livingstone says,
“children are the canaries in the coal mine for threats to all”.
Other noble Lords have asked when we might see a Bill, but I ask the Minister when, in her estimation, parents, teachers and children—to whom successive Secretaries of State have made repeated promises—can reasonably expect the online harms Bill to be law? I also ask whether the teams in DCMS and the Home Office will remain at current strength or be reduced or in any way downgraded until that time? While I very much welcome the commitment to high-speed broadband, can the Minister confirm whether we are to get an online harms Bill before broadband rollout? If we do not, we will exacerbate the problems rather than deliver the desired benefits for children.
I shall briefly address three urgent matters that cannot wait for an online harms Bill. First, the Federal Trade Commission is undertaking a review of the Children’s Online Privacy Protection Act, known as COPPA. For those who do not know, COPPA is responsible for 13 being the de facto age of adulthood online. COPPA leaves children aged 13 to 17 with no specific protections and is so poorly upheld that the sector routinely engages with tens of millions of children aged under 13 on services designed for adults. The review could and should put in place protections for all children aged under 18 wherever they are online, but instead a powerful tech lobby proposes to weaken it further. I would be grateful to know what steps the UK Government are taking to ensure that children in the United Kingdom do not inherit a US law that may undermine the considerable efforts we are making here to improve our own laws.
Secondly, there is the plan of Facebook and others to implement end-to-end encryption, which has been widely condemned as a disaster for the global effort to prevent the spread of child sexual abuse material. Mark Zuckerberg dismissed the problem by characterising privacy as a social good at any cost, while simultaneously highlighting that that cost included “bad people” doing “bad things”, including the global dissemination of child sexual abuse material. Meanwhile, the Home Secretary, alongside her Australian and American counterparts, responded by calling on Facebook to allow lawful access to encrypted services, which resulted in a ferocious backlash about government access to personal data. In reality, existing detection services, such as PhotoDNA, do not challenge user privacy since they identify only known images and do not require a back door. Conflating issues of privacy or security with the protection of child sexual abuse victims makes vulnerable children collateral damage in an information war between commercial entities and Governments. Are the Government willing to mandate that end-to-end encryption be deployed in a manner that allows detection of CSAM, independently and transparently assessed, with no accompanying requirement for a back door to encrypted services?
Finally, last week the Government reaffirmed that they will shortly lay the age-appropriate design code before Parliament. I look forward to that, but ask that we swiftly adopt Article 80(2) of the GDPR, so that civil society can act on behalf of vulnerable groups. We asked for this during the passage of the Data Protection Act and were told it would be reviewed. Perhaps the Minister can provide an update on its status.
(6 years ago)
Lords ChamberMy Lords, I refer noble Lords to my registered interests, particularly as founder and chair of the 5Rights Foundation. Like the noble Lords who have already spoken, I very much welcome the Bill. Dame Fiona Caldicott’s role is important and if by putting her guidance on a statutory footing we give it more weight, then that can only be a good thing. I want to raise some things that are not covered in the Bill. I have one substantive point about the value of the data that the NHS holds and a couple of questions for the Minister.
The longitudinal data gathered by the NHS since its inception is one of the most valuable health datasets in the world. Within it lie clues to the next generation of drugs and treatments, and entirely new ways of thinking about prevention, treatment and cure. Equally, the gathering of data across health and social care could revolutionise the provision of services. If we knew the impact of meeting, or failing to meet, the social needs in the community on health outcomes, or could accurately predict the social care resources required for certain health conditions, it could help government to provide the right service at the right time to the right people, most probably at less cost.
While using data to improve health and social care outcomes is an exciting prospect, I believe we need to do it in a way that benefits the NHS and the British people. In 2016, the Royal Free London NHS Foundation Trust allowed DeepMind, an artificial intelligence company owned by Google, to access 1.6 million patient medical records in a trial of its Streams app, which was an alert, diagnosis and detection system for acute kidney injury. Subsequently, the arrangement was found to have been given on an “inappropriate legal basis” that broke data protection laws and revealed swathes of highly personal information without patient consent. The following year, Taunton and Somerset NHS Trust partnered with DeepMind on the very same app. In spite of a freedom of information battle and a data audit done by Linklaters on the instruction of the ICO, we still do not fully understand the financial or IP benefits of this deal to the NHS. But we do know that, earlier this year, DeepMind stated that while it was currently providing its development resources free to the NHS,
“it would determine how much to charge the NHS … later”.
The costs of healthcare have become distorted with drug companies and private providers demanding eye-watering sums from the NHS. I wonder whether this Bill is an opportunity to start redressing the imbalance because, if the national data guardian Bill ensured that the value of the IP that emerges from our health data was properly recognised, that data could, with the consent of the patient, be shared or sold on a basis that that could revolutionise the financing of our struggling health service in the future.
Without a clear mandate, individual trusts with crippling budget deficits may be tempted to commoditise patient data in exchange for cash injections offered by corporations with far deeper pockets. The breakthroughs and advances that patient data makes possible may well then be sold back to the NHS at inflated prices, creating the risk that they will be out of the reach of the very people upon whose data they were built. To understand the value of the data in the NHS, we need only look at the share price of data-rich companies, even those with no revenue. The Secretary of State for Health and Social Care is particularly well placed to understand the value of what we hold. I would love to see the Government use this Bill to give the National Data Guardian a duty to develop binding and enforceable guidelines for the sale and exchange of health data for research and development. Those guidelines should fully reflect the sensitivity of the data and the singular value of the NHS dataset.
In addition to this point, I would like further details about the powers of the National Data Guardian. Will the Minister say what duty health providers have to comply with the National Data Guardian’s guidance and to demonstrate how they have done so? As noted by the shadow Minister in the other place:
“Without a requirement for organisations that receive advice to provide evidence of their response in a way that can be easily disseminated, there is no way we can be sure that the Data Guardian will be effective”,
since,
“to ‘have regard’ to advice does not always mean that they take action in respect of that advice”.—[Official Report, Commons, Health and Social Care (National Data Guardian) Bill Committee, 6/6/18; col. 7.]
If, as has been explained, the purpose of putting the National Data Guardian’s role on a statutory footing is to give it weight, which we all welcome, surely a requirement to prove that the guidance has been acted upon is essential.
In looking at the information about the Bill, I found it hard to establish how the National Data Guardian will decide what guidance is needed. A positive obligation to provide the NDG with information about current data-sharing arrangements through report or audit would enable her to identify and anticipate potential issues and to address them in her guidance. Perhaps the Minister will explain why this obligation does not form part of the Bill.
I understand that children’s health data is covered by the Bill but not children’s social care data because that is covered by the Children and Social Work Act 2017. This carve-out raises the question of how family social care data will be considered, especially with regard to decisions made about one family member that can be made only in full sight of the family’s circumstances. I am sympathetic to the Government’s concern about conflicting guidelines, but the absence of guidance for children’s social care may well create greater conflict than a judicious overlap. The Association of Directors of Children’s Services, the Local Government Association and medConfidential are just some of the many organisations which have said that without children’s social care data in scope the National Data Guardian role is “a risk”, “perverse”, “not sensible” and “not a data guardian”.
The challenge we have about data in the 21st century is about its flow between one environment and another. Its value, beneficial and malign, lies in the fact that it can be amalgamated to reveal patterns of information and create new intellectual property. For that reason, it is frustrating to see children’s data being treated on a sector-by-sector basis. Has the Minister given any thought to how the partial coverage of children in this Bill fits with the Government’s other activities in this area, including the age-appropriate design code, potential outcomes from the Centre for Data Ethics and Innovation and the long-awaited internet safety strategy? Once again, I am afraid, I must put on the record my deep regret that the Government have deliberately chosen to deprioritise children by removing the UK Council for Child Internet Safety’s child focus, which could have served as a single point of expertise to consider children’s needs across all sectors.
I conclude by acknowledging the kindness of the noble Baroness, Lady Chisholm, in discussing the scope and purpose of the Bill in the run-up to today’s debate. I hope that I will receive comprehensive answers on all of these points, if not this morning, then certainly before the Bill progresses.