Lord Clement-Jones (LD)

- Hansard -

Copy Link

-

My Lords, I welcome the noble Viscount to the sceptics’ club because he has clearly had a damascene conversion. It may be that this goes too far. I am slightly concerned, like him, about the bureaucracy involved in this, which slightly gives the game away. It could be seen as a way of legitimising commercial research, whereas we want to make it absolutely certain that that research is for the public benefit, rather than imposing an ethical board on every single aspect of research which has any commercial content.

We keep coming back to this, but we seem to be degrouping all over the place. Even the Government Whips Office seems to have given up trying to give titles for each of the groups; they are just called “degrouped” nowadays, which I think is a sign of deep depression in that office. It does not tell us anything about what the different groups contain, for some reason. Anyway, it is good to see the noble Viscount, Lord Camrose, kicking the tyres on the definition of the research aspect.

Lord Clement-Jones (LD)

- Hansard -

Copy Link

-

My Lords, I almost have a full house in this group, apart from Amendment 35, so I will not read out the numbers of all the amendments in this group. I should just say that I very much support what the noble Viscount, Lord Colville, has put forward in his Amendment 35.

Many noble Lords will have read the ninth report of the Delegated Powers and Regulatory Reform Committee. I am sad to say that it holds exactly the same view about this Bill as it did about the previous Bill’s provisions regarding digital verification services. It said that

“we remain of the view that the power conferred by clause 28 should be subject to parliamentary scrutiny, with the affirmative procedure providing the appropriate level of scrutiny”.

It is against that backdrop that I put forward a number of these amendments. I am concerned that, although the Secretary of State is made responsible for this framework, in reality, they cannot be accountable for delivering effective governance in any meaningful way. I have tried, through these amendments, to introduce at least some form of appropriate governance.

Of course, these digital verification provisions are long-awaited—the Age Verification Providers Association is pleased to see them introduced—but we need much greater clarity. How is the Home Office compliant with Part 2 of the Bill as it is currently written? How will these digital verification services be managed by DSIT? How will they interoperate with the digital identity verification services being offered by DSIT in the UK Government’s One Login programme?

Governance, accountability and effective, independent regulation are also missing. There is no mechanism for monitoring compliance, investigating malicious actors or taking enforcement action regarding these services. The Bill has no mechanism for ongoing monitoring or the investigation of compliance failures. The Government propose to rely on periodic certification being sufficient but I understand that, when pressed, DSIT officials say that they are talking to certification bodies and regulators about how they can do so. This is not really sufficient. I very much share the intention of both this Government and the previous one to create a market in digital verification services, but the many good players in this marketplace believe that high levels of trust in the sector depend on a high level of assurance and focus from the governance point of view. That is missing in this part of the Bill.

Amendment 33 recognises the fact that the Bill has no mechanism for ongoing monitoring or the investigation of compliance failures. As we have seen from the Grenfell public inquiry, a failure of governance caused by not proactively monitoring, checking and challenging compliance has real, harmful consequences. Digital verification services rely on the trustworthiness of the governance model; what is proposed is not trustworthy but creates material risk for UK citizens and parties who rely on the system.

There are perfectly decent examples of regulatory frameworks. PhonepayPlus provides one such example, with a panel of three experts supported by a secretariat; the panel can meet once a quarter to give its opinion. That has been dismissed as being too expensive, but I do not believe that any costings have been produced or that it has been considered how such a cost would weigh against the consequences of a failure in governance of the kind identified in recent public inquiries.

Again, as regards Amendment 36, there is no mechanism in the Bill whereby accountability is clearly established in a meaningful way. Accountability is critical if relying parties and end-users are to have confidence that their interests are safeguarded.

Amendment 38 is linked to Amendment 36. The review under Clause 31 must be meaningful in improving accountability and effective governance. The amendment proposes that the review must include performance, specifically against the five-year strategy and of the compliance, monitoring and investigating mechanisms. We would also like to see the Secretary of State held accountable by the Science and Technology Select Committee for the performance captured in the review.

On Amendment 41, the Bill is silent on how the Secretary of State will determine that there is a compliance failure. It is critical to have some independence and professional rigour included here; the independent appeals process is really crucial.

As regards Amendments 42 and 43, recent public inquiries serve to illustrate the importance of effective governance. Good practice for effective governance would require the involvement of an independent body in the determination of compliance decisions. There does not appear to be an investigatory resource or expertise within DSIT, and the Bill currently fails to include requirements for investigatory processes or appeals. In effect, there is no check on the authority of the Secretary of State in that context, as well as no requirement for the Secretary of State proactively to monitor and challenge stakeholders on compliance.

As regards Amendment 44, there needs to be a process or procedure for that; fairness requires that there should be a due process of investigation, a review of evidence and a right of appeal to an independent body.

I turn to Amendment 45 on effective governance. A decision by the appeals body that a compliance failure is so severe that removal from the register is a proportionate measure must be binding on the Secretary of State, otherwise there is a risk of lobbying and investment in compliance and service improvement being relegated below that of investment in lobbying. Malicious actors view weaknesses in enforcement as a green light and so adopt behaviours that both put at risk the safety and security of UK citizens and undermine the potential of trustworthy digital verification to drive economic growth.

Amendment 39 would exclude powers in this part being used by government as part of GOV.UK’s One Login.

I come on to something rather different in Amendment 46, which is very much supported by Big Brother Watch, the Digital Poverty Alliance and Age UK. Its theme was raised at Second Reading. A significant proportion of the UK’s population lacks internet access, with this issue disproportionately affecting older adults, children and those from low-income backgrounds. This form of digital exclusion presents challenges in an increasingly digital world, particularly concerning identity verification.

Although digital identity verification can be beneficial, it poses difficulty for individuals who cannot or choose not to engage digitally. Mandating online identity verification can create barriers for digitally excluded groups. For example, the National Audit Office found that only 20% of universal credit applicants could verify their identity online, highlighting concerns for those with limited digital skills. The Lords Communications and Digital Select Committee emphasised the need for accessible, offline alternatives to ensure inclusivity in a connected world. The proponents of this amendment advocate the availability of offline options for essential public and private services, particularly those requiring identity verification. This is crucial as forcing digital engagement can negatively impact the well-being and societal participation of older people.

This is the first time that I have prayed in aid what the Minister said during the passage of the Data Protection and Digital Information Bill; this could be the first of a few such occasions. When we debated the DPDI Bill, she stressed the importance of a legal right to choose between digital and non-digital identity verification methods. I entirely agreed with her at the time. She said that this right is vital for individual liberty, equality and building trust in digital identity systems and that, ultimately, such systems should empower individuals with choices rather than enforce digital compliance. That is a fair summary of what she said at the time.

I turn to Amendment 50. In the context of Clause 45 and the power of public authorities to disclose information, some of which may be the most sensitive information, it is important for the Secretary of State to be able to require the public authority to provide information on what data is being disclosed and where the data is going, as well as why the data is going there. This amendment will ensure that data is being disclosed for the right reasons, to the right places and in the right proportion. I beg to move.