Employment Rights Bill
Lord Clement-Jones ExcerptsTuesday 24th June 2025
(2 weeks, 6 days ago)
Lords ChamberRead Full debate Employment Rights Bill 2024-26 View all Employment Rights Bill 2024-26 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: HL Bill 81-XI Eleventh marshalled list for Committee - (20 Jun 2025)
Lord Clement-Jones
“Rights of dependent contractorsAfter section 230 of the Employment Rights Act 1996 (Employees, workers etc), insert—“230A Rights of dependent contractors(1) A dependent contractor is an individual who—(a) is engaged to perform work or services personally for an employer or contractor of services;(b) primarily or substantially relies on a single employer or contractor of services for their income;(c) is not classified as an employee under a contract of employment, nor as an independent contractor operating a fully autonomous business;(d) is subject to a degree of control by the employer or contractor of services regarding the manner, timing, or conditions under which the work is performed.(2) A dependent contractor, as defined in subsection (1), must be entitled to the following rights statutorily accorded to employees— (a) payment at or above the National Minimum Wage for all tasks performed;(b) paid annual leave and shall be subject to the record-keeping duties as outlined for employees in this Act;(c) statutory sick pay;(d) family leave entitlements including parental leave, and bereavement leave;(e) protection from unlawful deductions from pay and protection against discrimination under applicable equality legislation;(f) the right to request fixed hours after a qualifying period of continuous service with the same employer or contractor of services;(g) the right to and on terms to be defined in regulations, mirroring the rights afforded to zero-hour workers and those on similar contracts.(3) Dependent contractors, as defined in subsection (1), are not entitled to—(a) statutory redundancy pay;(b) minimum notice periods for termination unless otherwise specified in their contract.(4) The Secretary of State may by regulations make further provision in respect of the rights and obligations of dependent contractors, including defining qualifying periods for certain rights.””Member's explanatory statement
This amendment aims to define dependent contractor status by reference to existing employee rights particularly those related to flexible working arrangements and family leave.
Lord Clement-Jones (LD)
My Lords, I will see my noble friend Lord Fox tomorrow and I will tell him what he has been missing. I think the noble Lord, Lord Leong, is already making history by using the phrase “very, very soon”—or was it “very, very, very soon”? In my experience, I do not think I have heard that, so it is probably arriving tomorrow morning.
Amendment 318 seeks to introduce specific provisions for dependent contractors. It proposes the insertion of a new section into the Employment Rights Act 1996, by way of a new clause after Clause 150. It is intended to address a significant gap in our current employment law by recognising essential rights and extending them to a growing segment of our workforce. This is a serious and rather surprising omission from the Bill; certainly, it is a gap my party promised to fill in its manifesto last year. I feel an obligation to put this amendment forward today.
The Minister spoke about employment rights in a modern labour market. I do not believe we can secure proper employment rights in a modern labour market without addressing the issue of the dependent contractor. We know that the nature of work has changed and is changing. More and more individuals are engaged to perform work or services personally, relying primarily on a single employer or contractor for their income, yet they fall outside the traditional definitions of employee and fully autonomous independent contractor.
These dependent contractors are often subject to a degree of control over how, when and where they work, leaving them in a precarious position, without adequate employment protections. No doubt this Committee will be familiar with many of those who work in the gig economy—delivery workers, contracted drivers, piece-rate workers, home workers and even consultants who work almost exclusively for a single client. Granted, some Uber drivers and Hermes couriers went to court and managed to establish that they are in fact workers and not independent contractors, but more needs to be done. We need explicit statements about the status of such workers and explicit rights set out in this Bill.
The amendment seeks to rectify the situation by defining dependent contractor status clearly within the Employment Rights Act. Crucially, it proposes to extend several key employment rights to these individuals, treating some of the measures in the Bill as applicable to them. Specifically, this amendment would ensure that dependent contractors are entitled to the rights set out in proposed new subsection (2) of my amendment. This includes payment at or above the national minimum wage for all work performed; the right to payment for cancelled, moved and curtailed shifts, which mirrors the vital protections the Bill introduces for zero-hours workers; statutory sick pay from day one of sickness, aligning with the Bill’s improvements to SSP; day one rights to paternity and parental leave, and the new right to bereavement leave.
The amendment also includes a statutory right to disconnect from work-related communications outside of normal working hours, and protection from detriment for exercising this right, as the Bill establishes for other workers. It also includes protection from unlawful deductions from pay, and against discrimination. It further includes an entitlement to guaranteed hours if regular and predictable hours are worked for a defined period, moving beyond just the right to request and aligning with the new provisions for qualifying zero-hours workers.
It is also important to note that this amendment respects the distinct nature of dependent contractor relationships. It acknowledges that, unless specified otherwise in their contracts or by future regulations, dependent contractors would not automatically be entitled to statutory redundancy pay or general minimum notice periods for termination, so there would continue to be a distinction between employment and dependent contractor status.
Furthermore, the amendment would empower the Secretary of State to issue further regulations to define key terms and the specifics of these rights, ensuring flexibility and the ability to adapt to evolving working practices. It would also mandate the issue of guidance, including an online tool to aid in determining dependent contractor status in disputed cases. By accepting the amendment, we would have the opportunity to bring fairness and greater security to a significant and growing portion of our workforce. We could ensure that individuals who are deeply reliant on a single employer received fundamental employment rights reflecting the modern realities of the work. I very much hope that the Government will support this vital addition to the Bill. I beg to move.
Lord Sharpe of Epsom (Con)
My Lords, I thank the noble Lord, Lord Clement-Jones, for his amendment. As we consider this legislation, it is timely to reflect on how it would interact with one of the most significant shifts in our labour market in recent decades: the rise of the gig economy. This sector has delivered considerable benefits, including increased flexibility, new income opportunities and innovative business models. It has allowed many individuals to engage with work on terms that suit their circumstances, whether as a primary or supplementary source of income.
However, with any new form of work comes a degree of legal complexity. Our current employment framework was designed largely in a different era—one where work tended to take place in fixed locations, during fixed hours and under traditional contracts. The gig economy challenges many of those assumptions. For businesses, this complexity can lead to inconsistencies in regulation, administrative uncertainty and litigation risk; for individuals, it can mean uncertainty about rights and entitlements, and for policymakers, it raises the broader issues of whether and how the legal definitions of employment need to evolve to reflect modern working practices.
The Bill, while not focused exclusively on the gig economy, touches on matters such as workplace rights, regulation and the role of secondary legislation that will inevitably affect it. We should therefore consider whether the legislation provides sufficient clarity for businesses operating flexible models, whether it supports fair and predictable frameworks for all parties, and how future regulations will ensure that any changes to employment classifications or entitlements are based on clear, evidence-led analysis.
The question before us is not so much whether the gig economy is good or bad—it is part of the modern labour market, and it will obviously continue to grow and remain so. The more pressing question is whether the labour market is equipped to keep up with that evolution, and whether the Bill provides the right foundation for doing so. In that context, thoughtful and measured discussion about emerging work patterns such as dependent contracting, platform work, freelancing —which we discussed the other day—and other hybrid models are not only appropriate but very necessary. I look forward to further discussions with the noble Lord, Lord Clement-Jones, and others, on this subject.
Before I sit down, I thank the noble Lord, Lord Leong, for the great courtesy with which he has always conducted himself in his discussions and deliberations with our side. I enjoyed his valedictory remarks. I felt that he was perhaps slightly irked by the fact that we have had some relatively lengthy debates—perhaps because he did not agree with the premises of some of them. I would say very gently that that is the point of Committee; we are not supposed to agree, we are supposed to probe. As a former Home Office Minister, I have to say that these debates are not long; they are brief. These debates are like Usain Bolt; ours were like Mo Farah.
The Parliamentary Under-Secretary of State, Department for Business and Trade and Department for Science, Information and Technology (Baroness Jones of Whitchurch) (Lab)
My Lords, I thank the noble Lord, Lord Clement-Jones, for tabling Amendment 318. He raises an important issue. As we have been discussing, the changing nature of work and the gig economy are a real challenge for us, and we recognise the complexity and shortcomings of the UK’s current employment status framework.
I can reassure the noble Lord that the Government have committed to consulting on a simpler framework for employment status, and this remains our intention. We have been clear that, as a result of the complexity, some of the reforms in the plan to make work pay will take longer to undertake and implement. We want to get the potential changes to the framework right, and we will consult on the fundamental aspects of employment law before taking action. I think that in part echoes the comments of the noble Lord, Lord Sharpe, who recognised the complexity and the need to think it through before we get it right. We are determined to follow this through and take action.
I am sympathetic towards the noble Lord’s aims to extend the protection of employment law. The self-employed make a huge contribution to the UK economy. As the noble Lord, Lord Sharpe, said, while many enjoy being their own boss and the flexibility that self-employment brings, others can find themselves highly dependent on one particular client with little choice, which can bring them challenges and problems.
I appreciate that the noble Lord is seeking to address this with his amendment by introducing a new employment status of “dependent contractor” and extending employment protections to those individuals. However, the amendment would further complicate what is already a highly complex area—one where, as I am sure the noble Lord knows, there have been several high-profile Supreme Court judgments in recent years. We want to avoid introducing an additional employment status before we have had the opportunity to reflect and consult further.
In addition, I can assure the noble Lord that the Government are committed to supporting and championing the self-employed. We have already announced a package of measures to help the self-employed thrive in good-quality self-employment, including measures to tackle late payments to small businesses and the self-employed. I urge the noble Lord to listen to our reflections and our determination to look at the whole issues around the gig economy, and to give us a little bit of space to do that. For this reason, I ask him to withdraw Amendment 318.
Lord Clement-Jones (LD)
Can the Minister say what the status is of the consultations she mentioned? She offered very reassuring words and said there was a consultation on employment status. Is that under way? Would that mean the idea is to eventually have an Employment Rights (No.2) Bill, which we would all look forward to debating? What is the exact status of what the Minister is reassuring us on?
Baroness Jones of Whitchurch (Lab)
This has come up several times in the debates we have had on the different aspects of employment status. We have said that we need to do further work on the employment status elements of the plan to make work pay. I do not think it is intended to come back and put that in this legislation. The consultation has not started yet, but there will be a thorough consultation. We are going to carry out a detailed piece of work on this, and we will come back with further proposals on how we are going to address it in due course. I hope that answers the noble Lord, even if not completely.
Lord Clement-Jones (LD)
My Lords, that ministerial “in due course” is not quite as good as “very, very, very soon”. I sense an awful lot of goodwill coming from the Minister, but this is a really important part of the economy. I appreciate the thoughtful comments from the noble Lord, Lord Sharpe. I did not expect a resounding endorsement of my amendment, but what he said about the evolution of employment rights and the need to make sure that our employment law is equipped to keep up with the way the modern economy is evolving is really important.
The Minister clearly recognises that we need to move forward in this area, but it is the pace and the fact that so many people—an increasing number—are now part of the gig economy. We see them passing every day: they do deliveries and are couriers—every form of the gig economy—and they have very few rights unless they have litigated, like Uber drivers or Hermes couriers, to establish them.
Employment Rights Bill
Lord Clement-Jones ExcerptsMonday 16th June 2025
(4 weeks ago)
Lords ChamberRead Full debate Employment Rights Bill 2024-26 View all Employment Rights Bill 2024-26 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: HL Bill 81-IX(Corrected)(b) Amendments for Committee (Supplementary to the Corrected Ninth Marshalled List) - (16 Jun 2025)
Lord Clement-Jones (LD)
My Lords, I declare an interest as chair of Authors’ Licensing and Collecting Society. I rise to speak to Amendments 301 and 302, which aim to provide vital protections for freelance workers in the UK. It was a pleasure to hear the introductions from the noble Lord, Lord Freyberg, and the noble Earl, Lord Clancarty, who set the scene extremely effectively.
The common theme is that the Bill take steps to modernise employment law but risks leaving a significant segment of our workforce behind. As we have heard from both out initial speakers, the UK’s freelance workforce is a powerful engine of our economy and culture, particularly in the creative industries. As both illustrated, the number of self- employed is not only rising rapidly, reaching 1 million now in the creative industries; but the actual proportion of those engaged in the creative industries, representing 32% of jobs within the creative sector, is an extraordinary figure.
Despite their immense contribution, however, freelancers currently lack a single clear voice representing their interests to government. This absence has led to a decline in pay and conditions, with nearly two thirds of freelancers reporting low or unfair pay in their careers, and an overwhelming majority impacted by late payments. As the noble Earl, Lord Clancarty, mentioned, the Covid-19 pandemic starkly exposed their vulnerabilities, highlighting a lack of security, unequal access to opportunities and inadequate basic safety nets. These three amendments specifically address those critical issues.
A fundamental problem is the lack of a consistent legal definition for freelancers. Freelancing is not the same as self-employment, and freelancers often operate through a mixture of engagements, blurring the lines of employment status. This ambiguity creates uncertainty and can inadvertently exclude them from rights.
Amendment 301 proposes to insert a new section into the Employment Rights Act 1996, providing a clear definition: a freelancer is an
“individual who is engaged to work by a company directly on flexible contracts, through their own company or through other companies on a short-term basis, and who is typically responsible for their own tax and national insurance contributions and is not entitled to the same employment rights as employees”.
I take the point of the noble Earl, Lord Clancarty, about sole traders, but this clarity is essential for effective policy-making and for freelancers themselves to understand their status and rights.
The amendment also empowers the Secretary of State to issue further guidance and to create an online tool to assist in determining freelancer status, adapting it as time goes on. Once we have a clear definition, we need a dedicated champion, and the noble Earl’s Amendment 287 proposes the establishment of an office of the freelance commissioner, to be led by an independent freelance commissioner appointed by the Secretary of State. This role, as he mentioned, has been overwhelmingly called for by voices across the sector, including my own Authors’ Licensing and Collecting Society, Creative UK, the Federation of Small Businesses, Prospect and a host of other organisations to which he also referred.
The freelance commissioner would serve as a critical conduit between industry and government, providing expert knowledge and genuine oversight. The responsibilities are set out in the amendment, but, in effect, he or she would advocate for the needs of freelancers across all government departments; bridge the existing gap in representation, especially where councils such as the Creative Industries Council lack advocacy for individual artists or creatives; drive change in government and business, aiming to eradicate the red tape affecting freelancers; gather and analyse crucial data on the freelance workforce, with a focus on the creative industries; and improve government understanding of the employment issues facing freelancers.
Finally, to ensure that the commissioner’s role is embedded in government policy considerations, Amendment 302 introduces a duty on relevant government departments to consider the specific needs of the freelancer workforce when formulating new policies or regulations. Currently, freelancers are often left behind in government policy due to gaps in data and their irregular employment patterns. They are more susceptible to economic fluctuations and lack the fundamental protections that employees enjoy, such as sick pay, flexible working hours and parental rights.
This amendment would mandate that departments such as the Department for Business and Trade, the Department for Work and Pensions and the Department for Culture, Media and Sport have due regard to freelancer circumstances. Crucially, it would also require those departments to consult with the freelance commissioner during the development of any such policies. This duty is vital to ensure that upcoming employment reforms are fit not only for more traditional forms of employment but for the self-employed and freelance workforce, thereby safeguarding the long-term success of industries such as the creative sector.
These three amendments, which seek a clear definition of a freelancer, the establishment of a dedicated freelance commissioner and a statutory duty on government to consider freelancers in policy-making, are interconnected and essential. They represent a fundamental recognition of the modern workforce and a commitment to creating a fairer, more secure environment for those who drive innovation, creativity and economic growth.
Viscount Colville of Culross (CB)
My Lords, I apologise for being unable to here at the beginning of this debate despite having added my name to Amendment 287. I was stuck on the motorway for the last three hours. I absolutely support the amendment; it is an incredibly good measure. I hope that the Minister will listen kindly to my noble friend’s amendment and speech.
Lord Katz (Lab)
My Lords, I am grateful to the noble Lords, Lord Freyberg and Lord Clement-Jones, and the noble Viscount, Lord Colville of Culross, for tabling their amendments, all concerning the creative and cultural sectors. I am pleased to be having this debate on how this important sector is being supported by the Government and how workers within the sector will benefit from the Bill. I pay tribute particularly to the noble Lord, Lord Freyberg, for his excellent and long-standing work in this area. I think it is fair to say that he is a creative inspiration to us all in his endeavours to support this very important sector.
The Government share this passion and certainly understand the importance of this sector. I draw attention to the significant work that we are already doing to support it. These sectors—creative and cultural—are a vital source of growth. Creative industries are estimated to have contributed £124 billion in 2023, accounting for 5.2% of UK gross value added, and the cultural sector is estimated to have contributed some further £35 billion in the same year, accounting for 1.5% of UK GVA.
The creative industries and cultural sectors are a distinct part of the wider UK workforce, as the noble Lord, Lord Freyberg, explained. They have a significantly higher proportion of self-employed individuals, reflecting the sector’s entrepreneurial and freelance nature. In the latest published data, as of 2023 there were 2.4 million filled jobs in the creative industries and 666,000 filled jobs in the cultural sector. Of these jobs, nearly half, 49.6% in the cultural sector, were self-employed, and 27.9% in the creative industries, compared with 14.5% of UK jobs overall. This flexibility not only drives innovation but supports the more project-driven nature of the creative industries. However, we also know that freelancers’ creative careers, despite offering a more flexible and autonomous way of working, are often precarious and come with lower job security; many speakers in this debate spoke to that fact. I highlight the contribution made by the noble Baroness, Lady Bennett of Manor Castle, setting out the precarious nature of working in this sector.
I turn specifically to Amendment 259 in the name of the noble Lord, Lord Freyberg. Through the Bill we are introducing the school support staff negotiating body and introducing a framework for negotiating bodies in the social care sector to help tackle recruitment and retention issues there. The Government recognise that other sectors, such as the arts and culture sector, may well benefit from more formal frameworks for collective bargaining, and we intend to consider other sectors in due course. In the meantime, we want to encourage collective bargaining at the local level in these sectors. It is the Government’s intention that we should learn the lessons from this process in the social care sector first, before considering where it may be appropriate to introduce similar frameworks in other sectors.
I am struck at this point by the contribution from the noble Lord, Lord Londesborough. As he said, while the focus of these amendments is to discuss the nature of freelancing in the creative and cultural sectors, freelancers are self-employed but of course there are self-employed workers in many other sectors beyond. It is not a simple thing to analyse, that is for sure.
Regarding Amendments 284 and 288, also in the name of the noble Lord, Lord Freyberg, regarding impact assessments, as your Lordships’ Committee will be aware, we have already published a comprehensive set of impact assessments. This analysis is based on the best available evidence on the sectors likely to be affected by these measures, including the arts, entertainment and recreation industries. We recognise the importance of ensuring that the impacts of these policies on workers, businesses and the economy are considered, and that analysis is published outlining this. That is in section 17 of the summary impact assessment, which assesses the impact on all different sectors, including the creative industries. We already intend to publish further analysis, in the form of both an enactment impact assessment when the Bill secures Royal Assent and further assessments when we consult on proposed regulations to meet our better regulation requirements. We are also committed to consulting with businesses and workers ahead of setting out secondary legislation, including the sector mentioned in the amendment.
On Amendments 285 and 331 in the name of the noble Lord, Lord Freyberg, we recognise the importance of preserving and supporting the financial sustainability of cultural organisations, including small and independent cultural organisations. However, we want to avoid uncertainty or even unintended negative consequences for cultural workers. We welcome views on the ways that cultural organisations experiencing financial hardship can be supported, including the types of advice that they may require on employment practices. More generally, the Government will continue to work with the creative and cultural sector to understand how this legislation can work with it in its context, while strengthening legal protections for employers. But again, this must not lead to uncertainty or negative consequences for the workforce, which we believe staged implementation, for example, would create. I think the noble Lord, Lord Freyberg, will know that both DBT and DCMS have been engaging with sector organisations, including UK Theatre, to have productive conversations to support this sector in understanding and adapting to the new legislation, while considering what additional support we could give to this sector in particular.
Finally, I address Amendments 286 and 287 tabled by the noble Lord, Lord Freyberg, and Amendments 301 and 302 in the name of the noble Lord, Lord Clement-Jones, regarding freelancers. Freelancers may benefit from the reforms to trade union legislation and improvements in the enforcement system, including the regulation of umbrella companies. We have also committed to additional measures to strengthen protections for the self-employed. The noble Earl, Lord Clancarty, rightly raised issues facing those who are self-employed, such as action to tackle late payments. We have already announced a package of measures to tackle late payments to small businesses and the self-employed, including a new fair payment code, upcoming legislation requiring large companies to include payment performance in their annual reports and an upcoming consultation on potential measures to go further. Other measures to strengthen protections for the self-employed include the right to a written contract, an extension of health and safety, and blacklisting protections.
On health and safety, my noble friend Lady Caine of Kentish Town raised the honourable campaigning work of the Mark Milsome Foundation, in a speech that showed both passion and insight in this area. It is essential that employers in the creative industries do not use—or rather, abuse—the multifarious employment statuses of those working in the sector to evade their responsibilities, particularly when it comes to health and safety. As the noble Baroness, Lady Bennett, said, it can indeed be a matter of life and death.
I am pleased that my noble friend Lady Caine acknowledges that this Bill may not be the most appropriate vehicle for the changes that she wishes to secure and that secondary legislation or amendments to the Health and Safety at Work etc. Act would perhaps be more appropriate. However, I am happy to take this back to colleagues in DBT and DCMS.
As has been noted, the creative industries have a high proportion of freelance workers, who are crucial to the sector’s success. To respond to the noble Lord, Lord Clement-Jones, and others, the sector is working to address the recommendations of the Good Work Review, a deep dive into the working practices in the creative industries, which highlighted freelancers’ job quality as a particular concern. My colleagues in the Department for Digital, Culture, Media & Sport are working with industry to understand government’s role in any solutions that are developed. I and my DCMS colleagues will be happy to continue discussing how best to support freelancers, and the creative industries more widely. It is with this in mind, and the Government’s unwavering support for the creative industries, performing arts and entertainment sectors, that I ask the noble Lord, Lord Freyberg, to withdraw Amendment 259.
Lord Clement-Jones (LD)
My Lords, the Minister has noticed the strength of feeling across the House in terms of support for some of the freelance amendments. I very much appreciate what the noble Lord, Lord Sharpe of Epsom, said earlier. However, across the Benches there is very strong support for further protection for freelancers. Will one of the options in the Good Work Review, which the Minister referred to, be the appointment of a freelance commissioner—with all the other aspects that I have mentioned in terms of definition and duties?
Lord Katz (Lab)
I was certainly happy to reflect that there was cross-party agreement on this. I am unable to recall the exact terms of the Good Work Review here, so I undertake to write to the noble Lord with some more detail if that is acceptable.
Lord Clement-Jones (LD)
Perhaps the Minister could add another bell or whistle to what he has just said. Will he undertake to meet those with a strong interest in the protection of freelancers on a cross-party basis, to have discussions, before Report?
Lord Katz (Lab)
I am always happy to meet with noble Lords on these important matters.
Apple: Advanced Data Protection Service
Lord Clement-Jones Excerpts(3 months, 2 weeks ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Hanson of Flint (Lab)
I can only say that to my knowledge, that is a matter for another nation and not this one, and not this Home Office.
Lord Clement-Jones (LD)
My Lords, further on a non-operational matter, are the Government always clear that their actions conform to the judgment of Podchasov v Russia by the European Court of Human Rights last February? It held that weakening end-to-end encryption or creating back doors could not be justified. Therefore, the Government could be in breach of Article 8 of the European Convention on Human Rights, which guarantees the right to privacy. Are the Government happy to be in the same boat as Russia as regards individual rights and encryption?
Lord Hanson of Flint (Lab)
The noble Lord will know that Russia and this UK Government are so far apart that there is no correlation between the two under any circumstances. In fact, we will also once again publicly condemn the illegal invasion of Ukraine by Russia. That is how far apart we are on these matters.
Access to data happens only under specific circumstances and with strict safeguards, so that robust action can be taken against child sex abusers and terrorists. That is the position of the Government. If any data is accessed, it is accessed by the Investigatory Powers Act for the tribunal, and under strict regulation, for the purposes of stopping bad people doing bad things.
Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) (Amendment) Regulations 2024
Lord Clement-Jones Excerpts(5 months ago)
Grand CommitteeRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Clement-Jones (LD)
My Lords, I thank the noble Lord, Lord Leong, for his introduction, but I am slightly baffled by this SI. I looked up whether the Commons had had its debate on it and found that it took place on 21 May 2024. Then I looked at the impact assessment, which seems to be dated 2023. I do not quite know why we are dealing with a historic SI almost a year later. What has happened in the intervening period? The Minister did not mention anything to do with that. Is this some oversight by the department? Has something happened? Was somebody ill and could not deal with this in the House of Lords? It is a rather peculiar situation.
The second rather strange aspect of this is that, when the Automated Vehicles Bill was going through, my noble friend the late Baroness Randerson, who was mentioned by my noble friend Lady Smith—it is rather coincidental that this was one of her big issues: automated vehicles and the data relating to them—raised questions about protection of personal privacy and the national security implications of the data being retained by manufacturers of automated vehicles. She also raised the possibility of a cyberattack that could paralyse traffic over a considerable area. Those concerns were also raised by my honourable friend Wera Hobhouse in the Commons at the same time. I think the noble Lord, Lord Sharpe, might be interested in this: we were assured at that time by Ministers in the previous Government that GDPR was good enough protection in respect of automated vehicles, despite the concerns expressed by my late noble friend Baroness Randerson. Now it turns out, as set out in the Explanatory Memorandum, that special provisions are needed.
Again, this is rather baffling. We seem to be hearing either that we have an administrative problem or that there was a misunderstanding about the intended policy. In some respects, I should be pleased that the Explanatory Memorandum sets out more safeguards, because if we are going to exempt these three areas—in particular, automated vehicles—we need to know that those safeguards will be in place through other mechanisms. I will go through what those might be and put questions to the Minister about them.
How will the collection, storage and use of personal data by automated vehicles be regulated to ensure compliance with data protection laws? What specific criteria must be met for a person or body to be authorised as a self-driving entity, particularly concerning data protection? Do they need to obtain a certificate of compliance with data protection legislation from the ICO, for instance? How can the public be reassured that their personal data will be protected? How will the regulations ensure that personal data is protected, not only during vehicle operation but after the ownership of a vehicle has ended? What are these robust personal data practices that need to be in place for companies to be authorised as self-driving entities?
What information about the data for the authorisation of automated vehicles must be provided and to whom? Will the Secretary of State consult the Information Commissioner’s Office before making regulations relating to the provision of personal data in automated vehicles, and will the ICO be including elements to do with personal data and automated vehicles in its annual report to Parliament? How will the Government protect against potential cyberattacks on automated vehicle systems?
Specifically, how do the regulations for consumer connectable products under the Product Security and Telecommunications Infrastructure Act interact with those that apply to automated vehicles and their components? Does this exempt the whole of the automated vehicle or, rather, particular connectable items in automated vehicles that would in fact be covered by the PSTI Act? How will the regulations prevent anti-competitive practices by vehicle manufacturers who might use data to restrict competition between them and independent operators?
The Explanatory Memorandum talks about the CAVPASS programme, which provides some information that is relevant. Currently, however, it does not deal directly with these specific questions regarding data handling in automated vehicles. We are promised, I think, that something is coming down the track in 2025. There is mention of a staged approach to regulations, which suggests that future measures will be introduced. When can we expect more information of the kind that I have raised? Is it not long overdue, given the speed of development of these vehicles? They are already in pilot form and we need to know that our data is secure. We are still left with questions, despite all that. I doubt whether CAVPASS is necessarily going to cover how data is collected in relation to cybersecurity and how they will be protected in that respect.
There are quite a lot of questions here, and it is rather peculiar that we were not in a position to ask these questions at the same time as the House of Commons last May. I am therefore looking forward to what the Minister has to say in reply.
Lord Sharpe of Epsom (Con)
My Lords, I thank the Minister for his explanation. I would say to the noble Lord, Lord Clement-Jones, that something did happen, and that was the general election, which we, unfortunately, lost. That no doubt explains something of the delay.
The noble Lord, Lord Clement-Jones, has asked some pertinent questions. I will keep mine a little more general, because this SI amends the original regulations and broadens the exceptions under Schedule 3. The most notable change concerns the automotive sector, as has been noted, where vehicles were previously exempt from certain cybersecurity provisions.
The new regulations align the UK’s approach with international standards. They recognise the unique nature of vehicle systems and the need for specialised cybersecurity measures. UN Regulation No. 155 on cyber security and cybersecurity management systems, which governs the security of vehicles, is now set to be the primary framework for automotive security. As far as it goes, that would obviously seem eminently sensible, but the noble Lord, Lord Clement-Jones, has highlighted that there are a number of broader, perhaps more philosophical, questions about the direction of travel—that is not a pun—with regard to EVs, self-driving vehicles and vehicle autonomy, which we will have to grapple with at some point in the future. I imagine that this is a subject to which we will return.
My questions are a little more general. The regulations are undoubtedly important for protecting consumers and securing digital infrastructure, but we must consider the broader implications. The automotive sector is rapidly evolving, as has been noted, and the development of automated vehicles holds significant economic and societal potential. However, with innovation comes the risk of regulatory frameworks that struggle to keep pace; that is self-evident. How do we ensure that these cybersecurity measures do not inadvertently stifle technological advancement in areas and sectors such as the automotive sector? How do we end up striking the right balance between securing the technologies and enabling them to flourish?
There is also a question here around consumer awareness; again, this was highlighted by the noble Lord, Lord Clement-Jones. How long would an individual’s data be attached to a particular vehicle, for example, even after it is sold? These regulations require manufacturers to disclose the duration of product security support, but how well are consumers equipped to understand and act on this information? Are we confident that the public are sufficiently informed about the critical nature of cybersecurity? Will the Government commit to taking the necessary steps to help customers and consumers protect their devices and data? It seems to us that this is an area where the education of the public must go beyond the bare minimum. We need to ensure that consumers are not left in the dark about the sorts of security risks that they may face.
We must also consider enforcement. With the proliferation of smart products entering the market at such an unprecedented rate, how will we ensure consistent and effective compliance across such a diverse range of industries, from household appliances to vehicles? As new technologies emerge and evolve, the enforcement mechanisms that are in place today may not be enough. Are we allocating the necessary resources to monitor and enforce these standards effectively? Are the Government allocating additional resources to help those things along? Does the current enforcement mechanism system adequately address the rising complexity and scale of the challenges ahead?
As I said, these are broader, more philosophical questions—I do not expect the Minister to be in a position to answer them and there is no need to write—but these are the sorts of things that we all need to consider as a society. Obviously, that will have political, economic and societal ramifications that we all need to consider, but the Opposition have no objection to these regulations; they make perfect sense for now. I suspect, however, that this is a subject to which we will return.
Lord Leong (Lab)
My Lords, I thank the noble Lords, Lord Clement-Jones and Lord Sharpe, for their contributions.
I will first address the question asked by the noble Lord, Lord Clement-Jones: why the delay? As the noble Lord, Lord Sharpe, mentioned, it was a result of the general election. At the same time, we were waiting for the Department for Transport to progress UN regulation No. 155, until such time as we knew that we must take this exception out of the current regulations. That is the reason for the delay, basically; it was also about finding parliamentary time to table these regulations. That is that on the delay.
Lord Clement-Jones (LD)
I am sorry to interrupt the Minister but, frankly, this is the same instrument as the one that was debated last May. Nothing has changed apart from the lack of parliamentary time. We could have done this in September, October or whenever. I forget quite when we had the King’s Speech—in July? We could have done this at any time in the past few months.
Lord Leong (Lab)
This is beyond my pay grade, I am afraid. I will need to ask my leader, the Chief Whip, why we could not allocate any parliamentary time for this legislation.
As far as personal data is concerned, the GDPR is still the lead legislation. I respectfully say to the noble Lord that, for the purposes of today’s regulations, the whole issue of such data is outside the scope of this instrument for now. However, I am sure that we will be talking about personal data in the months and, probably, years to come in other forms of legislation, or even about it being regulated itself.
Lord Clement-Jones (LD)
Out of scope? On the basis that we are being asked to exempt automated vehicles, is it not proper that we ask for reassurance about automated vehicles and the implications for safety, data or whatever else? We are exempting them from these connected product regulations, so we need to be reassured that there are other ways of regulating them other than through these regulations. So this is not out of scope; the debate is about whether we should be exempting them.
Lord Leong (Lab)
I take the point, but the instrument is about the two amendments to the regulations. I take the noble Lord’s point about data. Yes, it is important, and we must preserve the data, but this instrument is not within that scope.
Moving on to cybersecurity within autonomous vehicles, cybersecurity is at the heart of the Government’s priorities for the rollout of all self-driving vehicles. The Automated Vehicles Act 2024 enables an obligation to be placed on those responsible for self-driving vehicles to maintain a vehicle’s software and ensure that appropriate cybersecurity measures are in place throughout its service life.
In response to the point made by the noble Lord, Lord Sharpe, about innovation, the Government are committed to supporting the development and deployment of self-driving vehicles in the UK. Our permissive trialling regime means that self-driving cars, buses and freight vehicles are already on UK roads with safety drivers. The Automated Vehicles Act will pave the way to scale deployments beyond trials. The Act delivers one of the most comprehensive legal frameworks of its kind anywhere in the world for self-driving vehicles, with safety at its core. It sets out clear legal responsibilities, establishes a safety framework and creates the necessary powers to regulate this new industry.
On the point about cybersecurity from the noble Lord, Lord Clement-Jones, the Government take national security extremely seriously and are actively monitoring threats to the UK. The Department for Transport works closely with the transport sector, the National Cyber Security Centre and other government departments to understand and respond to cybersecurity issues associated with connected vehicles. UN regulation No. 155 more comprehensively addresses cybersecurity risks with automotive vehicles and has adequate provisions to deal with the prospect of self-driving vehicles. The PSTI regime is designed for consumer contactable devices or products and is not fully equipped to address the specific needs and complexities of vehicle cybersecurity. UN regulation No. 155, which was developed through international collaboration, provides a more suitable and rigorous framework for ensuring the security of vehicles.
More everyday products than ever are now connected to the internet. The Government have taken action to ensure that UK consumers and businesses purchasing consumer connectable products are better protected from the risks of cyberattack, fraud, or even, in the most serious cases, physical danger. The PSTI product security regulatory regime builds on the ETSI international standard and is the first of its kind in the world to come into force.
The cybersecurity regulatory landscape will continue to evolve. The Government need to be agile to ensure that there is synergy between existing and new laws. Through this draft instrument, the Government are delivering on the commitment in 2021 to except certain categories of automotive vehicles from the scope of the PSTI products security regulatory regime. This is because the Government, via the Department for Transport, are in the process of introducing sector-specific regulations that have been developed at an international level to address the cybersecurity of these products. These requirements, which are specifically tailored to these vehicles and their functionality, will create a more precise regime for the sector. This draft instrument therefore ensures that the automotive industry, which contributed £13.3 billion to the economy in 2022, will not be placed under undue burdens from dual regulations.
Lord Clement-Jones (LD)
My Lords, the Minister has not mentioned the point raised in the Explanatory Memorandum, which was designed, I think, to give us comfort about cybersecurity and data: the Government’s Connected and Automated Vehicles: Process for Assuring Safety and Security—CAVPASS—which I mentioned. I did not hear him give us an assurance that that will be developed during 2025 to ensure the safety and cybersecurity of self-driving vehicles. As well as reiterating that the GDPR is an absolutely splendid way of regulating these automated vehicles, I hope that he will reiterate that this will be produced, because I have had a look at what CAVPASS currently says in the area of data, and it is not very much. After all, these connected regulations from which we are exempting automated vehicles are about safety, data and everything else.
Lord Leong (Lab)
My Lords, the noble Lord makes a very important point. Rather than waiting for my officials to give me a briefing note, I will ensure that I write to him on all the points that he has just mentioned.
Data Protection Act 2018 (Amendment of Schedule 2 Exemptions) Regulations 2024
Lord Clement-Jones Excerpts(1 year, 4 months ago)
Grand CommitteeRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Baroness Hamwee (LD)
My Lords, I thank the Minister for that explanation. I have to say that my recollection is that the issue is much wider than the exemption and ensuring that there is no tip-off to somebody who is about to be visited by immigration enforcement. Let me give an example that was borne out after the Act was passed: solicitors acting for data subjects were unable, as we had anticipated, to find out what the Home Office thought it knew—I put it that way deliberately —about their clients.
I have some general points to make; I will do so fairly quickly. It would be optimistic to think that the Home Office had taken from this saga that objections and criticisms—in the form of amendments, obviously—can be helpful because we could have avoided a lot of effort in rectification. My noble friend Lord Clement-Jones will go into some of the history; I must admit, I do not recall much detail except for being teased frequently by the noble Baroness, Lady Williams, when she was the Home Office Minister, because I brought up our objection to the immigration exemption so often.
I feel strongly that it should not have to be for non-governmental organisations that are no doubt strapped for cash to do so much in order to get things right. I appreciate that that is part of our democracy; I do not object at all to the fact that they can do so, of course, but they should not have to. An application, an appeal, another judicial review, another appeal—at what cost to those organisations and the taxpayer! I emphasise that there is an exclamation mark, not a question mark, at the end of that sentence.
This saga is one of those episodes that vindicates the role of the courts, often in language that I, for one, relish. We have spent a lot of time in the Chamber recently discussing the role of the courts in our constitution; to give one example of the language, I really liked the understated use of
“over-broad derogations from fundamental rights”.
As the Minister said, the litigants were consulted before the publication of the SI. The Secondary Legislation Scrutiny Committee reports that it made three points, of which one, on oversight, was rejected by the Home Office and one was regarded by the Home Office as not necessary. Can the Minister tell the Committee what these were and why they were not pursued?
On the detail of the instrument, I note that it will be a matter for the Secretary of State to balance the risks to the individual and the risks to the state. I happen to think that it is in the public interest to apply exemptions with a very light touch, but of course it is no secret that the Liberal Democrats have problems with the Home Office’s immigration policy, and I fear that the reputational ship is well on its way. Clearly, there is an imbalance of power. That is inevitable, but it is not easy for the individual data subject to exercise his rights, and we should be aware of that.
Can the Minister also tell us what the Home Office will do to ensure that there will be transparency of decisions so that it can appropriately be held to account? Mechanisms must be written into the procedures. New paragraph 4B of Schedule 2 provides for a record of decisions and reasons. How will that be published and what will happen to it?
Will the Minister also comment on the capacity of immigration enforcement—and whoever else needs to—to look at prospective decisions on a case-by-case basis for each disapplication? I recognise that that will not necessarily be a straightforward and easy exercise, but it certainly requires a great deal more than, “It’s okay; it’s immigration, so we can just rely on the exemption”. Case-by-case decision-making is very important.
Finally, I note that the Explanatory Memorandum tells us that there is no full impact assessment because the instrument
“does not substantively alter the safeguards and considerations for applying the Immigration Exemption”.
I have to say that I thought that was the point.
Lord Clement-Jones (LD)
My Lords, this set of regulations is a step forward, but with all the caveats that my noble friend made, and I have some more.
As the Minister confirmed, these regulations are the result of the Open Rights Group case—the Court of Appeal judgment in the3million & Anor, R (on the application of) v Secretary of State for the Home Department & Anor—which confirms the earlier High Court judgment in March 2023. In broad terms, the Court of Appeal found that the immigration exemption in Schedule 2 to the Data Protection Act 2018 conflicted with the safeguards in Article 23 of the UK GDPR, as the Minister said. This was because the immigration exemption was drafted too broadly and failed to incorporate the safeguards prescribed for exemptions under Article 23 of the UK GDPR. It was therefore held to be unlawful and was disapplied.
These regulations follow two previous attempts by the Home Office to craft an immigration exemption which contained sufficient safeguards to satisfy the requirements set out in Article 23 of the UK GDPR. This is the third shot at it. In order to make the immigration exemption compatible with the requirements of Article 23, as the Minister explained, the Government added a number of safeguards to the exemption which were not there before. These are set out in the regulations. They are worth stating because they are really important requirements, which were omitted previously.
They include requirements to: make decisions on the application of the exemption on a case-by-case basis; make separate decisions in respect of each of the relevant UK GDPR provisions which relates to the data subject; make fresh decisions on each occasion where there is consideration or restriction of any of the relevant UK GDPR provisions in relation to the data subject; take into account all the circumstances of the case, including the potential vulnerability of the data subject, and so on; and apply the exemption only if the application of the particular UK GDPR provision would give rise to a substantial risk of prejudice that outweighs the risk of prejudice to the interests of the data subject, ensuring that the application of the exemption is necessary and proportionate to the risks in the particular case.
You would think it rather extraordinary that those are excluded from the previous regulations. In addition, a record must be made of the decision to apply the exemption, together with the reasons for that decision. There is also a rebuttable presumption that the data subject will be informed of the use of the exemption.
The ICO welcomed them in its letter to the Home Office as, in its view, satisfying the requirements of the Open Rights Group case. In its view, the proposed changes will ensure that the exemption complies with Article 23(2) of the UK GDPR and ensure that there are appropriate safeguards to protect individuals. Since it took part in the case as an interested party, this is of considerable reassurance. I congratulate the Open Rights Group and the3million on not one but two notable successes in court cases which have forced the Home Office to amend the exemption twice.
Lord Sharpe of Epsom (Con)
I thank all noble Lords for their contributions. I shall start with justification and the public interest, which is obviously at the core of this. Parliament included the immigration exemption as part of the Data Protection Act 2018, as has been noted, for the legitimate purpose of effective immigration control. The Court of Appeal declared in its judgment,
“that there can be no dispute that the Immigration Exemption has a legitimate aim and indeed seeks to advance important public interests.”
We agree with the court: the immigration exemption is vital to prevent the release of information which would otherwise prejudice effective immigration control. I particularly welcome its endorsement by the noble Lord, Lord Coaker.
I want to be clear with noble Lords what those important public interests are. Through targeted use of the immigration exemption, we are able to maintain our capability at the border to prevent criminals and those who seek to cause us harm threatening our country as well as to support other agencies and international partners. We are able to frustrate and prevent sham marriages and protect the integrity of ongoing immigration removal and enforcement action and forgery investigations. The immigration exemption is also used to protect people being forced into a marriage and to prevent individuals absconding when there is a planned immigration visit. The central aims are to protect our citizens, ensure the integrity of the border and prevent abuses of the immigration system.
The noble Lord, Lord Coaker, asked about the balancing test. I will come on to the use of the exemption in practice, but it is always clear that the balancing test has to be carried out, and will now be explicitly in the Act. In practice, I can reassure noble Lords that the exemption is employed at around 70% of subject access requests relating to immigration and the Border Force. The amount of data that is restricted by the use of the exemption is, in the vast majority of cases, very little. It is not simply the case that where one piece of information is found to be prejudicial to immigration control, the Home Office does not respond to a request. The piece of information may be redacted as a result, but otherwise a full response will be given. It must be both necessary and proportionate to use the exemption, and this must be balanced against the risk to an individual’s rights. These existing standards will now be set out explicitly in the legislation.
I acknowledge that there was a difference of opinion in the House over whether the previous regulations amending the immigration exemption in 2022 met the requirements of Article 23 of the UK GDPR. The courts have agreed with the Government on a wide range of issues in the hearing. They declared that in two areas in particular the amended exemption did not, and the Government respect that ruling. We are confident that these regulations meet the requirements of the judgment in full, and we are supported by the ICO in that opinion.
The noble Baroness, Lady Hamwee, asked whether we consulted the claimants. They were consulted as part of the development of the provisions, and they suggested some additions to the provisions. We accepted suggestions to provide detail on applicable storage periods in the Explanatory Memorandum. We did not accept a suggestion to alter the existing model of ICO oversight of the exemption. The existing model of ICO oversight of the Home Office is robust, and data subjects are able to challenge use of the exemption. I welcome the noble Lord, Lord Clement-Jones, acknowledging the ICO’s part in this.
We also rejected the suggestion to specify in the legislation the wording that must be provided to data subjects when informing them that the provisions of the exemption have been applied. The provisions of the exemption are already accessible to data subjects and adding that detail to primary legislation would be unhelpful.
As regards how the ICO assesses the Government’s use of the immigration exemption, it already assesses the Home Office as part of its statutory role as regulator. Those assessments are published as data protection audit reports, setting out the findings and any recommendations. Should a data subject disagree with the decision to apply the immigration exemption in their case, the usual redress mechanisms to contact the ICO are available.
The noble Lord, Lord Coaker, asked about the application of these rules to children. The immigration exemption applies to all immigration data, but there are special considerations in relation to minors, which are set out in the ICO’s guidance.
The subject of an impact assessment also came up, which relates to oversight and transparency more generally. It is important that these regulations retain the presumption that a data subject should be informed that the immigration exemption has been used—for example, to redact information provided to them in response to a subject access request. That allows the data subject to challenge that decision, should they believe that the application of the exemption is not justified. The ICO has appropriate powers to investigate whether the immigration exemption has been applied appropriately in a specific case. This is in addition to its overall assessment of the Home Office’s data protection practices, which include the use of the immigration exemption more broadly.
An impact assessment was carried out as part of the inclusion of the provision for the immigration exemption in the Data Protection Act 2018. A further supplementary impact assessment was conducted as part of the amendment to the exemption by the SI in 2022. This is noted in the Explanatory Memorandum. Given that there is no substantive change to the safeguards and scope of the exemption, we have not completed a new IA for this instrument.
Lord Clement-Jones (LD)
I am sorry; the Minister seems to be moving on from the impact issue. Clearly there was a period when the old regulation, which is now being superseded, was in operation and individuals were impacted. In a sense, an inappropriate exemption was used. What data does the Minister have about those individuals and the impact on them? What redress do they have? The Minister skated over the ICO’s redress mechanism. Is there no direct mechanism to the Home Office?
Lord Sharpe of Epsom (Con)
I did not skate over it at all; I referred to it explicitly and am happy to do so again, if it would help. I do not know if there is any specific redress to the Home Office. I would imagine not, given that it is explicit that data subjects should go via the ICO. If I am wrong on that, I will clarify.
I have no particular data on the subjects who may have been covered by this before the court’s decision, so I will have to find out, come back and write to the noble Lord if there is anything useful to add.
The Home Office already has relevant guidance and training in place for those exercising the immigration exemption provisions, but we are undertaking a review of those materials to ensure that they align with these regulations. That will be completed in time for the 11 March deadline to amend the current exemption. The instrument is making existing safeguards explicit in the legislation, which are already captured in the existing training and guidance, so we do not expect substantive changes to be needed.
The costs of the court case are not yet settled, but I am happy to commit to write once they have been.
There are a couple more bits to say. How often is the exemption used? The honest answer is not very often. I think I referred to this earlier, so it is probably redundant to say it again but, for the record, in the year ending October 2023, the immigration exemption was applied in around 70% of subject access requests received in relation to immigration citizenship and the Border Force. Of those, the vast majority had only a small amount of data redacted under the use of the exemption. So I suppose the answer to the noble Lord’s question is that it will have a very minimal impact on people, but I commit to clarify that.
Finally, the noble Lord, Lord Clement-Jones, asked about the relationship between the DPA and retained EU law. The official answer is that the focus of this SI is the immigration exemption and that discussions of the rules and the implications for the DPA 2018 are probably best debated as part of the DPDI Bill, which will, I believe, come to the House on 20 March. The unofficial answer is that I cannot comment on the noble Lord’s disposition because I did not really understand it and I do not have much knowledge of this subject. However, I note that we have left the EU: the people voted. Our rules can now be amended to our own circumstances, and of course, that applies across the entire legal suite. It was a pretty clear vote by the people of this country; I know that that does not suit the Liberal Democrats.
In closing, I hope that I have satisfactorily answered the points that were made and that noble Lords understand the necessity—
Computer Systems: Independent Testing
Lord Clement-Jones Excerpts(1 year, 5 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Clement-Jones
To ask His Majesty’s Government what action they are taking to reform the Computer Misuse Act 1990 to enable legitimate independent testing of computer systems.
The Parliamentary Under-Secretary of State, Home Office (Lord Sharpe of Epsom) (Con)
My Lords, the Government support people undertaking legitimate cybersecurity work to do so without fear of criminalisation. We are actively considering options to strengthen the legislative framework as part of the review of the Computer Misuse Act, which is ongoing. This work is complex and needs a lot of thought, not least to ensure that we do not inadvertently create a loophole that can be exploited by cybercriminals or hostile state actors.
Lord Clement-Jones (LD)
My Lords, the need to be able to carry out independent research into computer systems has been put into the spotlight by the Horizon scandal. We last discussed this issue at Oral Questions last July. Since then, the Government have had the conclusions of a stakeholder working group for several months but have done absolutely nothing to include a public interest defence in the Criminal Justice Bill that is now in the Commons. I described the Government’s progress last year as “glacial”. Was I being unkind to glaciers?
Lord Sharpe of Epsom (Con)
Regrettably, the noble Lord is wrong. We set up a multistakeholder group of systems owners, law enforcement, cybersecurity companies and prosecutors—a systems access group—to specifically consider the proposal of statutory defences. Six meetings were held between May 2023 and October 2023. Unfortunately, there is a lack of consensus among those participants and the cybersecurity industry, and with law enforcement and prosecutors, on whether there is a need for statutory defences and on what is considered to be legitimate activity. That lack of consensus proves the point that careful thought is needed in this area.
Lord Sharpe of Epsom (Con)
My Lords, we are always interested in learning from the approaches taken by other countries and jurisdictions. We speak with our international counterparts, including all our major allies, to understand how they approach the issue of whether there should be defences to these types of offences. But the majority of our like-minded partners do not have statutory defences and are instead in favour of prosecutorial guidance. For example, the US Department of Justice introduced guidance for prosecutors on when to prosecute instances of potential breaches of its Computer Fraud and Abuse Act.
Lord Clement-Jones (LD)
My Lords, does the Minister agree that the Criminal Justice Bill is a good opportunity for the Government to bring forward a public interest amendment, perhaps with the bells and whistles that the Minister is talking about, or is he firmly of the view that this will occur only in the future?
Lord Sharpe of Epsom (Con)
My Lords, I am not quite sure where the bells and whistles come from. As I said, we are just considering all the potential implications. However, part of the Criminal Justice Bill introduces a new power for law enforcement and other investigative agencies to suspend IP addresses and domain names where they are being used to facilitate serious crime. So the answer is partially yes, but the other situation that the noble Lord described is very complicated.
National Crime Agency: Fraud and Economic Crime
Lord Clement-Jones Excerpts(1 year, 10 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Sharpe of Epsom (Con)
My Lords, the noble Lord will be aware that the City of London Police partially fulfils that function. It prioritised investigators to the City of London as part of its recent increase in the numbers of police. Angela McLaren, the commissioner there, has a strong background in economic crime and its investigation, and the City of London Police runs an economic crime academy. The noble Lord makes an interesting point about having just one agency, but that agency is the National Economic Crime Centre, which co-ordinates all the various activities across the various police forces, including regional organised crime units.
Lord Clement-Jones (LD)
My Lords, given that the UK cyber industry plays a critical role in supporting law enforcement to tackle cyber-enabled fraud, when will the Government reform the Computer Misuse Act so that the cyber industry does not face legal jeopardy for protecting our citizens and businesses online? Is it not high time that the Home Office came to a conclusion on its review?
Lord Sharpe of Epsom (Con)
My Lords, I cannot speculate on that Act but the anti-fraud champion, Anthony Browne MP, has been having some close engagement with industry. An online sector charter—which I appreciate is not entirely the same thing but is certainly related—is due to be published in the autumn, so we should watch and wait for that.
Cybersecurity
Lord Clement-Jones Excerpts(2 years ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Clement-Jones
To ask His Majesty’s Government what progress has been made in implementing the recommendations on cybersecurity made by Sir Patrick Vallance in his report Pro-innovation Regulation of Technologies Review: Digital Technologies, published in March.
The Parliamentary Under-Secretary of State, Home Office (Lord Sharpe of Epsom) (Con)
My Lords, in the Government’s response to the review, we set out that the Home Office is taking forward work to consider the merits and risks of the proposals made. We have created a group that includes law enforcement agencies, prosecutors, the cybersecurity industry and system owners to consider these issues and reach a consensus on the best way forward.
Lord Clement-Jones (LD)
My Lords, Sir Patrick made a very clear recommendation to amend the Computer Misuse Act to include a statutory public interest defence for cybersecurity researchers and professionals carrying out threat intelligence research. This has been extremely long awaited. We finally had a review, which started in 2021 and reported this year; we had a consultation, which concluded in April; and now we have the steps that the Minister talked about. What conclusion can we expect at the end of the day? Progress on this has been totally glacial given the importance to innovation and growth of this change to legislation.
Lord Sharpe of Epsom (Con)
My Lords, I agree that there is an enormous necessity to get this right, but that is part of the problem of why things are perhaps not happening as fast as the noble Lord would like—progress is far from glacial. These issues are incredibly complicated because, as the noble Lord noted, the proposals would potentially allow a defence for the unauthorised access by a person to another’s property, and in this case their computer systems and data, without their knowledge and consent. We therefore need to define what constitutes legitimate cybersecurity activity, where a defence might be applicable and under what circumstances, and how such unauthorised access can be kept to a minimum. We also need to consider who should be allowed to undertake such activity, what professional standards they will need to comply with, and what reporting or oversight will be needed. In short, these are complex matters, and it is entirely right to try to seek a consensus among the agencies I mentioned earlier.
Lord Sharpe of Epsom (Con)
The noble Viscount makes a good point. I am obviously unable to comment on the scheduling of parliamentary business but, when the group that I referred to in my initial Answer has finished its consultations and considerations and come to a consensus, we will of course report back to Parliament. I imagine that will include a debate.
Lord Clement-Jones (LD)
My Lords, does not everything that has been said on this Question today demonstrate the importance of fresh intelligence work and, therefore, the importance of changing the Computer Misuse Act?
Lord Sharpe of Epsom (Con)
I do not think that anybody disagrees with that. I am just saying that we need to get it right and do it properly.
National Security Bill
Lord Clement-Jones ExcerptsMonday 16th January 2023
(2 years, 5 months ago)
Lords ChamberRead Full debate National Security Act 2023 View all National Security Act 2023 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: HL Bill 68-V Fifth marshalled list for Committee - (16 Jan 2023)
Baroness Lister of Burtersett (Lab)
My Lords, I apologise for popping up at this point, not having taken part in the debates so far, but I was requested to do so by the British Academy, the UK’s national academy of humanities and social sciences, of which I am proud to be a fellow. I am also an academic who has in the past collaborated with colleagues from outside the UK in the area of social policy, which of course is trying to influence government.
I am sure I do not need to spell out the importance of international research collaboration, which was touched on by my noble friend Lord Stansgate, especially in the wake of the Science Minister’s speech last week which emphasised the importance of the Government’s global science strategy. Any such strategy requires international collaboration. The British Academy accepts that mechanisms to prevent foreign interference are necessary, but such mechanisms must safeguard the benefits of international research and protect academic freedom. It is worth just noting here what the Joint Committee on Human Rights had to say. It was concerned that this was introduced at such a late stage of the Bill’s passage that it could not comment properly on it, but it said:
“Any foreign influence registration scheme must contain adequate protections to ensure that it does not interfere unduly with democratic rights, including freedom of association and free speech.”
I think everything we have heard so today, other than from the Minister, suggests that it could interfere in that way.
Indeed, the British Academy argues that such mechanisms exist already and that FIRS would duplicate them in a way that creates totally unnecessary bureaucracy, which surely this Government, of all Governments, want to avoid. It is not helped by the lack of clarity in the wording, which was referred to by the noble Lord, Lord Wallace of Saltaire, with details left for secondary legislation. The effect, the British Academy argues, would be a significant negative impact on the ability of UK researchers to engage internationally, creating irreversible harm to the UK’s research and innovation standing. The academy is not prone to hyperbole.
As currently drafted, as we have heard, FIRS would entangle wide swathes of international activities and is likely to have a chilling effect on international collaboration, not just deterring those with malign intent—as referred to by the Minister—but probably having a much greater impact on those with utterly benign intent. I cannot believe for a moment that this is what the Government want, especially given that it would undermine their own aspirations to forge a global science strategy.
It is in the Government’s own interest to accept the British Academy’s recommendation that they withdraw Part 3—I think I am echoing what the noble Lord, Lord Carlile, said—and consult with it and other relevant organisations to cocreate a framework that is proportionate and reasonable, taking into account existing reporting and oversight mechanisms. The academy argues that research and innovation should be largely excluded from FIRS. Is this something that the Government are willing to consider? If not, why not? Will the Minister agree to take this away, have discussions with the British Academy and others and, ideally, withdraw Part 3 altogether as has been suggested or, at the very least, come up with something less harmful before Report? I am echoing other noble Lords in calling for a longer pause than currently envisaged. The more I have listened to today’s debate, the more horrified I have become at what this part of the Bill might mean.
Lord Clement-Jones (LD)
My Lords, I rise to speak to Amendment 103, and I declare my interests as set out in the register.
Like the noble Baronesses, Lady Noakes and Lady Lister, I am new to the Bill and have been provoked by briefings. Like others who have spoken today, I emphasise that I am absolutely no fan of this foreign influence registration scheme, which is far too broad in its application, as we have heard. I think it will be highly damaging to UK research and development, inward investment and British interests around the world. The noble Baroness, Lady Hayter, listed those who might get caught up in the scheme, and clearly very few of those have any connection at all with national security. I am delighted to support many amendments in this group and, in particular, the clause stand part notices that the noble Lords, Lord Anderson of Ipswich and Lord Carlile of Berriew, and my noble friend Lord Wallace have spoken to so cogently.
This has given us the opportunity to debate the flawed nature of the whole scheme. I will make some remarks about the impact on business and investment, which my noble friend Lord Fox would have made were he able to be here. We have heard powerful testimony from the British Academy, referred to by the noble Baroness, Lady Lister, and from the Russell group, referred to by the noble Viscount, Lord Stansgate, about the hugely detrimental potential impact of the Bill on the international research and development front. The British Academy rightly says that international collaboration is critical to the excellence of UK research and the Government’s aim to become a scientific and global science superpower. As it says, as currently drafted the FIRS will have a severely negative impact on the UK’s ability to engage with researchers internationally and on the ability of researchers in the humanities and social sciences to engage on critical public policy topics, and it will irrevocably harm the UK’s research and innovation standing. Strong words.
Under the scheme as currently proposed, at minimum, research universities will be smothered in red tape and, at worst, heavy criminal penalties in undertaking international research partnerships will be imposed. Bluntly, I must tell the Minister that his amendments add very little to the clarity of this scheme. The Minister’s letter about the intersection with the National Security and Investment Act, which we debated in 2021, was far from convincing. There is already a raft of other legislation relating to the academic technology approval scheme and export control, which impact on a university’s international activities. If this scheme, by mischance, does go through, it makes Amendment 104, in the name of my noble friend Lord Wallace, the absolute bare minimum needed. Both the Russell group and the British Academy make the case for clarity, non-duplication, proportionality and a high threshold for registration, none of which is currently present in the scheme.
A further cause for withdrawal of this scheme is the strong reaction from the business and investment community. That is why this stand part debate is so important. The ABI states very clearly that the current proposal for the FIRS
“risks placing significant reporting burden on insurers and long-term savings providers investing in the UK, with the potential to negatively impact the UK’s international competitiveness and attractiveness as a place to invest”.
TheCityUK says these proposals
“if passed unamended would have a chilling effect on inward investment into the UK”.
Lord Sharpe of Epsom (Con)
My Lords, I thought I was very clear on the precise specified persons tier here. A UK university would need to be acting at the direction of a specified foreign power or a specified foreign power-controlled entity before registration requirements could apply. I think that covers the set of circumstances just outlined by the noble Viscount.
Lord Clement-Jones (LD)
The Minister spoke about universities. Did he mean the academics—any academic within the universities?
Lord Sharpe of Epsom (Con)
Yes.
Amendment 103 was tabled by the noble Lord, Lord Clement-Jones, to remove the exemption from the registration requirement in FIRS for lawyers providing legal activities. While I welcome the challenge, removing this exemption would risk undermining long-standing protections the UK has afforded to the provision of confidential legal advice and the equitable administration of justice. The exemption is available only to lawyers carrying out legal activity and so would not apply to other individuals carrying out legal activity.
I also reiterate what was said in Committee in the other place: that this exemption does not completely exempt legal professionals from engaging with the scheme. It does not cover all the activities that could be undertaken by a legal professional as part of an arrangement with a foreign principal. Activities that are not strictly legal activities, such as lobbying, for example, may still need to be registered. So, for example, if a lawyer were to enter into an arrangement with a foreign power to lobby a UK government Minister or parliamentarian on the UK’s foreign policy towards that foreign power, that would be registrable. The fact that the individual is a lawyer is not sufficient in and of itself to exempt them from registration.
Lord Clement-Jones (LD)
I heard what the Minister said about lobbying and the additional aspect of lobbying by law firms, but why is any exemption needed beyond what is contained in Clause 74, which covers legal professional privilege effectively—legal proceedings and so on—so that no confidential information needs to be divulged? Why is it not necessary that a law firm is acting for a foreign power or an entity controlled by a foreign power? Why should that be exempt?
Lord Sharpe of Epsom (Con)
I think I explained this in reasonable detail. It goes back to the sort of work the lawyers carry out. As I say, it is the long-standing protections that the UK has afforded—
Lord Clement-Jones (LD)
All the Minister is saying, in a highly circular way, is that it is in here because it has always been in here in some other forms of legislation. I do not think that is much of an answer.
Lord Sharpe of Epsom (Con)
In that case, I am very sorry to disappoint the noble Lord. I apologise for having spoken at such length.
Technology Rules: The Advent of New Technologies in the Justice System (Justice and Home Affairs Committee Report)
Lord Clement-Jones Excerpts(2 years, 7 months ago)
Grand CommitteeRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Clement-Jones (LD)
My Lords, it is a pleasure to follow three such excellent opening speeches. I draw attention to my interests in the register, particularly my interest in artificial intelligence technologies as a former chair of the AI Select Committee of this House. As a non-member of her committee, I congratulate my noble friend Lady Hamwee and the committee on such a comprehensive and well-argued report.
I entirely understand and welcome the width of the report but today I shall focus on live facial recognition technology, a subject that I have raised many times in this House and elsewhere in Questions and debates, and even in a Private Member’s Bill, over the last five years. The previous debate involving a Home Office Minister—the predecessor of the noble Lord, Lord Sharpe, the noble Baroness, Lady Williams—was in April, on the new College of Policing guidance on live facial recognition.
On each occasion, I drew attention to why guidance or codes are regarded as insufficient by myself and many other organisations such as Liberty, Big Brother Watch, the Ada Lovelace Institute, the former Information Commissioner, current and former Biometrics and Surveillance Camera Commissioners and the Home Office’s own Biometrics and Forensics Ethics Group, not to mention the Commons Science and Technology Committee. On each occasion, I have raised the lack of a legal basis for the use of this technology—and on each occasion, government Ministers have denied that new explicit legislation or regulation is needed, as they have in the wholly inadequate response to this report.
In the successful appeal of Liberal Democrat Councillor Ed Bridges, the Court of Appeal case on the police use of live facial recognition issued in August 2020, the court ruled that South Wales Police’s use of such technology had not been in accordance with the law on several grounds, including in relation to certain human rights convention rights, data protection legislation and the public sector equality duty. So it was with considerable pleasure that I read the Justice and Home Affairs Committee report, which noted the complicated institutional landscape around the adoption of this kind of technology, emphasised the need for public trust and recommended a stronger legal framework with primary legislation embodying general principles supported by detailed regulation, a single national regulatory body, minimum scientific standards, and local or regional ethics committees put on a statutory basis.
Despite what paragraph 4 of the response says, neither House of Parliament has ever adequately considered or rigorously scrutinised automated facial recognition technology. We remain in the precarious position of police forces dictating the debate, taking it firmly out of the hands of elected parliamentarians and instead—as with the recent College of Policing guidance—marking their own homework. A range of studies have shown that facial recognition technology disproportionately misidentifies women and BAME people, meaning that people from those groups are more likely to be wrongly stopped and questioned by police, and to have their images retained as the result of a false match.
The response urges us to be more positive about the use of new technology, but the UK is now the most camera-surveilled country in the Western world. London remains the third most surveilled city in the world, with 73 surveillance cameras for every 1,000 people. The last Surveillance Camera Commissioner did a survey, shortly before stepping down, and found that there are over 6,000 systems and 80,000 cameras in operation in England and Wales across 183 local authorities. The ubiquity of surveillance cameras, which can be retrofitted with facial recognition software and fed into police databases, means that there is already an apparatus in place for large-scale intrusive surveillance, which could easily be augmented by the widespread adoption of facial recognition technology. Indeed, many surveillance cameras in the UK already have advanced capabilities such as biometric identification, behavioural analysis, anomaly detection, item/clothing recognition, vehicle recognition and profiling.
The breadth of public concern around this issue is growing clearer by the day. Many cities in the US have banned the use of facial recognition, while the European Parliament has called for a ban on the police use of facial recognition technology in public places and predictive policing. In 2020 Microsoft, IBM and Amazon announced that they would cease selling facial recognition technology to US law enforcement bodies.
Public trust is crucial. Sadly, the new Data Protection and Digital Information Bill does not help. As the Surveillance Camera Commissioner said last year, in a blog about the consultation leading up to it:
“This consultation ought to have provided a rare opportunity to pause and consider the real issues that we talk about when we talk about accountable police use of biometrics and surveillance, a chance to design a legal framework that is a planned response to identified requirements rather than a retrospective reaction to highlighted shortcomings, but it is an opportunity missed.”
Now we see that the role of Surveillance Camera Commissioner is to be abolished in the new data protection Bill—talk about shooting the messenger. The much-respected Ada Lovelace Institute has called, in its report Countermeasures and the associated Ryder review in June this year, for new primary legislation to govern the use of biometric technologies by both public and private actors, for a new oversight body and for a moratorium until comprehensive legislation is passed.
The Justice and Home Affairs Committee stopped short of recommending a moratorium on the use of LFR, but I agree with the institute that a moratorium is a vital first step. We need to put a stop to this unregulated invasion of our privacy and have a careful review, so that its use can be paused while a proper regulatory framework is put in place. Rather than update and use toothless codes of practice, as we are urged to do by the Government, to legitimise the use of new technologies such as live facial recognition, the UK should have a root-and-branch surveillance camera and biometrics review, which seeks to increase accountability and protect fundamental rights. The committee’s report is extremely authoritative in this respect. I hope today that the Government will listen but, so far, I am not filled with optimism about their approach to AI governance.