Online Pornography (Commercial Basis) Regulations 2018 Debate
Full Debate: Read Full DebateEarl of Erroll
Main Page: Earl of Erroll (Crossbench - Excepted Hereditary)Department Debates - View all Earl of Erroll's debates with the Department for Digital, Culture, Media & Sport
(5 years, 11 months ago)
Lords ChamberMy Lords, I want to say a few words before the summing up. We need to remind ourselves that the purpose of these regulations is to protect children, including those coming up to adulthood. We are trying to prevent them thinking that some fairly unsavoury habits that are not medically good for them are normal. That is the challenge. These websites have teaser adverts to try to get people drawn into pornography sites to buy harder-core or more detailed pornography. We are not trying to do anything about people who are willing to enter into a payment arrangement with the site but to make sure that children are stopped at the front end and are prevented from seeing the stuff that will give them the wrong impression about how you chat to a girl or a girl chats to a boy and how you behave with members of the same sex or the opposite sex in a sexual relationship. We need to be quite quick on this sort of stuff because if we are going to try to stop this being widespread we need to block it.
There is an awful lot of guff in this. It has taken a long time for these regulations to get here—we really expected them about a year ago. I do not know what DCMS has been doing during this time. I know it had some draft guidelines a long time ago, but perhaps they were so young that they were uneducated too and tried to learn about these things—I do not know.
The point about the adverts is they sit there in front. We are probably going to have buttons on the front of the website stating that people have to verify their age. That will take people off, probably to third-party sites which know them and anonymously verify that they are over 18 and that is when they can get into the website. However, the website is going to want to put something up for that first encounter. I wonder whether this is not an opportunity to think positively and perhaps put up something about understanding the beginning of a relationship and how you can get excited and go forward without going to the harder aspects which involve penetrative sex et cetera. There may be an opportunity there. That is a bit of a red herring because we are talking about the regulations, but it may be a positive thought for the future.
The thing that worries me particularly is paragraph 2.5 of the BBFC guidance which refers to sites that are,
“mostly frequently visited, particularly by children”,
and are,
“most likely to be sought out by children”.
Social media may not be marketed as carrying or giving access to pornography, but it does so on a huge scale. This one-third rule is very odd because it is easily abused. There are about 39 million UK users of Facebook, so do we say that if 12 million are putting up pornography that is okay because it is under the one-third threshold? Earnings would be very hard to measure, given Facebook’s turnover, so how are we going to do the one-third? It is very odd. The purpose of this is to protect children, so I do not think we should be having very high thresholds to let people get away with it.
There are two things that really worry me. Paragraphs 2.6, 2.7 and 2.8 of the guidance are on enforcement. It is going to be very slow. By the time the BBFC has sent out a warning and it is received, given another notification, published this, waited for the website to write back, et cetera, how long will it take? Websites that want to get round it will game the system. If they start doing that, the big websites—they are on side with this and want to help because they have got teenage children and are not paedophiles but are trying to sell adult pornography to adults and therefore want to help, believe it or not—will lose too much business; they will have to go with the flow and play the same game, in which case the whole thing will get wrecked.
If the Internet Watch Foundation, without a true legal basis, can get sites blocked immediately, why cannot we, with proper law? Everyone has had warnings about it. The whole of the industry around the world has apparently been talking about it for the past year. The BBFC has spoken at such events. Everyone knows, so I cannot understand why we cannot act more quickly and go live from day one. If anyone does not comply, that is bad luck. We could set up some pre-notification stating: “If you do not comply by tomorrow, you have had it”.
The other matter is the certification scheme, which is voluntary. A big hole is that because this is under a DCMS Bill, it could not touch privacy and data security. That is an ICO responsibility. The security of people’s data is regulated elsewhere, and the ICO has only recently started to show an interest in this, because it is overloaded with other things. There is now a memorandum of understanding between the BBFC and the ICO, which is very good. They could be brought together in a certification scheme. The BBFC cannot enforce data security and privacy, because that is an ICO responsibility, but a certification scheme could state that a site cannot be certified unless it complies with all the legal standards—both the Data Protection Act 2018, which the ICO is looking at, and the BBFC rules on age verification for websites and providers. That could be good.
If your Lordships want to know how to do it, I fear I shall give a plug for the British standard for which I chaired the steering group, BS 1296; it includes a whole section on how to do the GDPR stuff, as it was then called. We could not mandate it in the British standard because other standards mandate it, but that tells you how to do it.
The certification needs to be clear, otherwise there will be a whole lot of wishy-washy stuff. I am not sure that a voluntary scheme is a good idea, because the BBFC will have a lot of hard work trying to check sites that decide not to comply, so it will have to certify them by another method. That will be difficult.
However, at the end of the day, there is a lot of willingness between all the parties to try to get this to work. The world is watching us—quite a few other countries are waiting to see whether this will work here. That will help enormously. We should try to get a lot of cross-stakeholder information and co-operation, a round table of all interested parties from child protection all the way through to those running the adult sites. Perhaps some good could come out of that. Certainly, everyone wants to help the BBFC and DCMS, the parent body. Everyone wants to help the ICO. We would like to get this to work: there is a lot of good will out there if only we could get moving to make it work properly.
My Lords, we on these Benches want the regulations and draft guidance to come into effect. The child protection provisions are a significant element of the Digital Economy Act which, although not entirely in line with what we argued for during its passage, we supported in principle at the time and still do, while realising, as my noble friend Lord Paddick said, that they are not the conclusive answer to children’s access to pornography. As he also said, a number of areas need to be addressed in the course of today’s debate.
For a start, as several noble Lords said, it seems extraordinary that we are discussing these sets of guidance nearly two years after the Digital Economy Act was passed and nearly a year after the Government published their guidance to the regulator, the BBFC. What was the reason for the delay?
Next, there is the question of material that falls within the definition of being provided on a commercial basis under the Online Pornography (Commercial Basis) Regulations, the subject of today’s debate. Several noble Lords mentioned this. As drafted, they do not currently include social media or search engines and on these Benches, we regret that the Government have decided to carve out social media from the definition. This is a potentially significant loophole in the regime. It is important that it is monitored and addressed if it damages effectiveness. It is in particular a major concern that social media and search engines do not have any measures in place to ensure that children are protected from seeing pornographic images.
The Secretary of State’s guidance to the AV regulator asks the BBFC to report 12 to 18 months after the entry into force of the legislation, including commenting on the impact and effectiveness of the current framework and changes in technology which may require alternative or additional means of achieving the objectives of the legislation. In addition, under Section 29 of the Digital Economy Act, 12 to 18 months after the entry into force of the scheme, the Secretary of State must produce a report on the impact and effectiveness of the regulatory framework.
This is therefore a clear opportunity to look again at social media. The Government have made some reference to legislating on social media, but it is not clear whether they intend to re-examine whether the definition of commercial pornography needs to be broadened. Can the Minister assure the House that this will be dealt with in the internet safety White Paper, that the Secretary of State’s report will cover the level of co-operation by services such as social media and search engines, which are not obliged to take enforcement action on notification, and that, in doing so, it will firmly tackle the question of access by children to pornography via social media?
Next is the question of resources for the age-verification regulator. This is a completely new regime, and with fast-changing technology, it is vital that the BBFC, as the AV regulator, has the necessary financial resources and stable grant funding to meet the important child protection goals. Can the Minister assure us that the Government will keep resources available to the BBFC in its AV regulator role under review and undertake explicitly in the Secretary of State’s annual report to deal with the question of resources enabling the BBFC to carry out its work?
Next is the question of the BBFC having chosen to adopt a voluntary scheme. On these Benches, we welcome the voluntary scheme for age-verification providers referenced in annexe 5 to the draft Guidance on Age-verification Arrangements. In fact, it bears a striking resemblance to the scheme that we proposed when the Act was passing through Parliament, which would have ensured that a scheme involving third-party companies providing identity services to protect individual privacy and data security would be engaged. As I recall, the noble Earl, Lord Erroll, helped greatly in convening providers of digital identity schemes to show what was possible. I think he is still ahead of us today.
Our key objections were that what was originally proposed did not sufficiently protect personal privacy. The BBFC is to be congratulated on establishing the certification scheme. As I understand it, it already expects all the major providers to undertake the certification process. Furthermore, because the scheme is voluntary, these assessments will be for foreign-based as well as UK providers, which is a major achievement and could not be accomplished with a UK statutory scheme.
The key to the success of the voluntary scheme, however, is public awareness. I hope that the Minister can tell us what DCMS is doing to support the promotion of the BBFC’s kitemark in the three months before the scheme comes into effect.
Next, there are the JCSI criticisms set out in its report on 28 November. This House rightly always takes the criticisms of the JCSI seriously, and the Minister set out a careful response to them. I do not always pray a government memorandum in aid, but the BBFC was following the Secretary of State’s guidance to the AV regulator. Under the terms of Section 27 of the Digital Economy Act, as a result of amendments in the Lords during its passage, the BBFC was charged with having regard to the Secretary of State’s guidance. The JCSI suggests that the BBFC could have chosen to ignore “incorrect” Secretary of State guidance, but that would have put it in an impossible position.
I shall not adumbrate all the different areas, but the inclusion of what was necessary in compliance with Section 27, the advice on best practice, the annexe setting out the voluntary scheme and the role of the ICO all seem to be helpful as part of the guidance and proportionate in terms of what the AV regulator prioritises.
There are a number of other aspects of these sets of guidance worthy of mention too. As we have heard, this age-verification framework is the first of its kind in the world, and there is international interest in it. Are the Government discussing with the BBFC what lessons there are in terms of encouraging robust AV for younger age groups and for other types of potentially harmful content? Will the Government use the expertise developed by the BBFC as the age-verification regulator in the internet safety White Paper?
I had not forgotten that. It would obviously be difficult for me to commit to finding the necessary time but I will take that back to the department. I am not sure that it is currently within the plans of the Chief Whip to bring forward that legislation but I will ask. I understand the point that is being made but, as I said, the issue may well be covered within the review. I am afraid I cannot go any further than that tonight.
As for ancillary service providers, the BBFC and the DDCMS have been engaging with several companies. They have already agreed to act, as doing so is in line with their current terms of service. Therefore, we are optimistic that the voluntary approach will work, and of course that will be reviewed.
The right reverend Prelate, the noble Earl, Lord Erroll, and others talked about the rationale for choosing one-third of content as the appropriate threshold. During the passage of the Bill, it was established that the focus should be on commercial pornography sites and not on social media. There were good reasons for that but I do not want to revisit them—that is what was decided. The one-third threshold was regarded as proportionate in introducing this new policy where sites make pornography available free of charge. However, websites that market themselves as pornographic will also be required to have age verification, even if less than a third of the content is pornographic.
A third is an arbitrary amount. It was discussed and consulted on, and we think that it is a good place to start on a proportionate basis. We will keep this matter under review and, as I said, it will be one of the obvious things to be taken into account during the 12 to 18-month review. The noble Lord, Lord Morrow, asked how it will be measured. It will be measured by assessing the number of pieces of content rather than the length of individual videos. It will include all pornographic images, videos and individual bits of content, but the point to remember is that the threshold is there so that a decision can be made on whether it is reasonable for the regulator to assume that pornographic content makes up more than one-third of the entire content. This will be done by sampling the various sites.
The noble Earl, Lord Erroll, asked about ISP blocking and suggested that everyone would try to game the system to get out of meeting the requirements. That is not what we believe. The BBFC has already engaged with ISPs and we are confident that this will be an effective sanction. The wording in the guidance indicates that the regulator should take a “proportionate approach”. However, we are grateful for the noble Earl’s help. I am sure that he will also help during the review and later in the process when it comes to online harms. I see that he wants to help now.
It is not the ISPs that I am worried about; it is the websites that will game the system on notification, appeals and so on. That is the bit that will take a long time.