(5 years, 7 months ago)
Lords ChamberMy Lords, it is with pleasure and a great deal of relief that I speak to this Statement and the White Paper that lies behind it. Having sat through endless hours of the previous debates and the acrimony generated by them, and having found ourselves in places where I suspect none of us wanted to be, it is a pleasure to come to proper business again and to look at something that affects the whole of our society. We must find remedies and seek a legislative way forward that deals with the problems that we know are part and parcel of this innovative and brilliant thing that we call the internet and the technological advances that go with it.
Having read the White Paper and listened to the Statement, I am convinced that, across the Benches of this House, we must see this as unique in a party-political system in that we must act together. Consensual approaches and sensible resolutions to the problem are a duty that falls upon all of us. After all, the internet affects every part of our society—all of us have felt the questions it raises and enjoyed the wonderful opportunities it affords—so I hope that we can approach this in a consensual and cross-party way.
I congratulate the Government—is it not wonderful to hear someone from these Benches saying that?—on generating a report that is lucid and clear and will generate the kind of discussion that the consultative period, now beginning, will need. It is well laid out; my son is a printer, and he constantly beleaguers me about layout as I understand it and layout as he understands it, and he would be pleased with this. I can give no higher commendation. Congratulations are in order.
I know that we will have detailed, forensic debates when the results of the consultation are before us. At the moment, highlighting some of the headline aspects will have to do. The duty of care has been spoken to already and we must emphasise it; after all, we are all aware of those who are harmed by the abuse of the internet. Some well-publicised cases leave their images constantly before our eyes, especially when we think that some of them, indeed a lot of them, are children. In previous legislation that we have debated on the Floor of the House, we have talked about designing the internet in such a way that the interests and rights of children are protected. I am quite sure that we will take all that forward in the outworking of the further proposals in this White Paper.
We want to protect people from harms, and we will no doubt want to discuss what we think constitutes harms in the proper sense. There are indeed in this White Paper, rather conveniently, tabulated harms: those that are illegal, that are dangerous; that deserve attention. These are indicative lists, and no doubt we will want to move things from here to there and there to here, and add to and subtract from as time goes on, but it is a pretty good starting point to show us the range of conducts and activities that we will need to give attention to.
It is a bold White Paper. It claims to be bold and boasts of being bold. For me, there is one aspect that teases me, and I hope the Minister can give us some reassurance on it. It is the whole idea that while the internet and online activity affects us locally—in our homes and elsewhere—this has to be balanced against the fact that the companies, across whose platforms the material that generates these problems come, are global. We have seen how difficult it is to deal with the taxation aspects of these global companies. It will be equally difficult to think about legislation that could bring them all into line, and a word about that would be very helpful as we steer our way into the consideration of these proposals.
Statutory measures are mentioned, and I am delighted about that, of course, because these proposals and this way forward need to be underpinned by the full force of the law, and the regulator will be endowed with powers that are appropriate to the importance of the job. I wonder how we will bring a regulator to birth; some suggest that it should perhaps be an offshoot of Ofcom in the first place, that under the aegis of Ofcom we can get regulation built in to our way forward, and that it can evolve into something more complete later.
Any legislation that we bring forward will need to be nimble and flexible, because technology moves faster than the making of laws, and since the making of a law, as we know from the one we have been discussing, can be interminable, I hope that we will never be accused of tardiness in acting promptly, flexibly and nimbly to combat the downside of online activities.
So I congratulate the Government and I look forward to further debates and in greater detail.
My Lords, we, too, on these Benches welcome the fact that the Government’s proposals have come forward today, and we support the placing of a statutory duty of care on social media companies. We agree that the new arrangements should apply to any sites,
“that allow users to share or discover user-generated content, or interact with each other online”.
We think that is a fair definition.
We are all aware of the benefits of social media networks and the positive role they can play. There is, however, far too much illegal content and harmful activity on social media that goes undealt with by social media platforms and creates social harm. The self-harming material on Instagram and the footage of the Christchurch killings are perhaps the most recent examples.
Proper enforcement of existing laws is, of course, vital to protect users from harm, but, as the White Paper proposes, social media companies should have a statutory duty of care to their users—above all, to children and young people—and, as I say, we fully support the proposed duty of care. It follows that, through the proposed codes, Parliament and Government have an important role to play in defining that duty clearly. We cannot leave it to big private tech firms, such as Facebook and Twitter, to decide the acceptable bounds of conduct and free speech on a purely voluntary basis, as they have been doing to date.
It is good that the Government recognise the dangers that exist online and the inadequacy of current protections. However, regulation and enforcement must be based on clear evidence of well-defined harm, and must respect the rights to privacy and free expression of those who use social media legally and responsibly. I welcome the Government’s stated commitment to these two aspects.
We also very much welcome the Government’s adherence to the principle of regulating on a basis of risk and proportionality when enforcing the duty of care and drawing up the codes. Will the codes, as the Lords Communications Committee called for, when exercising powers of oversight, set out clearly the distinction between criminal, harmful content and antisocial content? By the same token, upholding the right to freedom of expression does not mean a laissez-faire approach. Does the Minister agree that bullying and abuse prevent people expressing themselves freely and must be stamped out? Will there be a requirement that users must be able to report harmful or illegal content to platforms and have their reports dealt with appropriately, including being kept informed of the progress and outcome of any complaint?
Similarly, there must be transparency about the reasons for decisions and any enforcement action, whether by social media companies or regulators. Users must have the ability to challenge a platform’s decision to ban them or remove their content. We welcome the proposed three-month consultation period; indeed, I welcome the Government’s intention to achieve cross-party consensus on the crucial issue of regulating online harms. I agree that with a national consensus we could indeed play an international leadership role in this area.
Then we come to the question of the appropriate regulator to enforce this code and duty. Many of us assumed that this would naturally fall to Ofcom, with its experience and expertise, particularly in upholding freedom of speech. If it is not to be Ofcom, with all its experience, what criteria will be used in determining what new or existing body will be designated? The same appears to me to apply to the question of whether the ICO is the right regulator for the algorithms used by social media. I see that the Home Office will be drawing up certain codes. Who will be responsible for the non-criminal codes? Have the Government considered the proposals by Doteveryone and the Lords Communications Select Committee for a new “Office for Internet Safety” as an advisory body to analyse online harms, identify gaps in regulation and enforcement and recommend new regulations and powers to Parliament?
At the end of the day, regulation alone cannot address all these harms. As the noble Baroness, Lady Kidron, has said, children have the right to a childhood. Schools need to educate children about how to use social media responsibly and be safe online, as advocated by the PSHE Association and strongly supported by my party. Parents must be empowered to protect their children through digital literacy, advice and support. I very much hope that that is what is proposed by the online media literacy strategy.
At the end of the day, we all need to recognise that this kind of regulation can only do so much. We need a change of culture among the social media companies. They should be proactively seeking to prevent harm. The Government refer to a culture of continuous improvement being a desired goal. We on these Benches thoroughly agree that that is vital.
(6 years, 5 months ago)
Lords ChamberMy Lords, I start with an apology. Because of the way in which these items of business have been scheduled—or perhaps I should say not scheduled—I might have to leave before I hear the Minister’s response. He is aware of that and I am very grateful for his indulgence in that respect, which will make me feel even guiltier when he hears what I have to say.
I am indebted to medConfidential for many of the points I shall make and to the noble Lord, Lord Freyberg, who takes a keen interest in these matters but cannot be present today.
The essence of what I have to say is that these regulations and codes should be withdrawn. In summary, earlier this month the Secondary Legislation Scrutiny Committee published a report on these draft regulations made under Part 5 of Chapter 1 of the Digital Economy Act, as the Minister explained. The DCMS offered assurances that the codes of practice were consistent with each other and drafted to be compliant with the new Data Protection Act 2018 and the latest standards of best practice. However, subsequently it replaced the standards with a new set under a different name—the data ethics framework—so the codes as laid do not reflect current DCMS guidance. In our view, this invalidates the whole of our debate.
I will go through the details. The Secondary Legislation Scrutiny Committee drew the digital government regulations to the special attention of the House. The DCMS told the committee that the codes were to
“the latest standards of best practice for information sharing, including the ‘Data Science Ethical Framework’”.
That is at paragraph 9 of the committee’s report. As the SLSC says:
“In their response, DCMS have also offered assurances that these codes of practice are consistent with each other and have been drafted to be compliant with the new Data Protection Act 2018 and the latest standards of best practice for information sharing, including the ‘Data Science Ethical Framework’”.
The committee’s report was finalised on a Tuesday and printed the following Thursday. On the Wednesday, the DCMS replaced the “latest” standards with a new set under a different name, the data ethics framework. Quite apart from the concerns raised by the committee, when the DCMS gave its response to the committee it surely must have known that a new framework was due the following day to replace the one to which it referred, and that its assurances would therefore be untrue even before they were printed.
The current codes reference the Data Science Ethical Framework, which predates the Data Protection Act and the GDPR. By that fact alone, these DCMS codes cannot be approved. They are, by definition, out of date following legislation on which the DCMS and the Minister himself led.
As the Minister described, a number of groups were consulted on the draft codes in the middle of last year, and while there is consensus from all sides that the codes are improved as a result of that constructive engagement, those consultations were before the Government surprised everyone with the proposal for a “framework for data processing by government” in the Data Protection Act—before the guidance changes due to the GDPR had fully begun, before the Government announced that the Data Science Ethical Framework was in need of replacement, and certainly before the DCMS launched the replacement with a new name last week. The department assured Parliament that,
“these codes of practice are consistent with each other”,
but it cannot assert they will be compliant with other codes, as yet unlaid and unwritten by the Information Commissioner. What the Information Commissioner does should be up to the Information Commissioner. She should not have her hands tied by her sponsor department.
It is particularly important that these codes and the regulations are withdrawn given that the first issuance of the codes is under the affirmative procedure for approval of the House and future updates will be under the negative procedure.
I have a few other questions. Where is the framework for data processing by government included at the last minute by Ministers in Committee on the Data Protection Bill? There is still no clarity as to what the Government plan to do with it, only that it is not the Data Science Ethical Framework nor the data ethics framework. It is, however, yet another government data framework that must be taken into account. The passage of the Data Protection Act 2018 necessitates updates to many ICO codes. Late in the day, the DCMS chose to introduce its new framework for data processing by government, which surely must be the governing instrument for these codes, but, as I said earlier, it has provided no clarity on how this will operate.
The department seems to be offering nothing other than assurances of compliance when one looks through the codes. It talks of consultation with the ICO. Has the ICO confirmed publicly that these codes are compliant with the GDPR, the new Data Protection Act and the ICO guidance?
According to recent announcements from University College London Hospitals NHS Foundation Trust, it is conducting artificial intelligence trials internally for issues of direct benefit to it. This shows not only that the NHS is beginning to understand the power of data and digital tools, but that this can be done in-house for public benefit and that there are viable alternatives to handing data to and sharing data with multinational companies. What are the Government doing more broadly across the NHS to ensure that there is full recognition across the NHS?
The Digital Economy Act affords the Secretary of State considerable powers to make use of publicly controlled data, which is of considerable concern in some quarters. The key concern is the scope for different departments to share and then link datasets, such as sharing health data from the Department of Health and Social Care with the Home Office to identify illegal immigrants, as stated in recent headlines. What is the scope and/or limitation for the Secretary of State to share publicly controlled data with private entities? Is this likely to inform the introduction of so-called “data trusts”?
Then, of course, there is the question of whether any of the codes is fit for the future in terms of technology. In particular, what are the duties of transparency and explainability where datasets are used to construct artificial intelligence solutions, algorithms and the like for government purposes? What consultation was engaged in this respect? There appears to be no reference in any of the codes to this. Should we not wait for the data ethics and innovation centre to give its guidance on these matters involving the Government and their deployment of artificial intelligence?
In the light of the above, it is clear that neither these regulations nor the codes are fit for purpose. Will the Government withdraw them before placing replacement codes before the House? Will the Minister confirm that the codes will be compliant with any yet-to-be-written Information Commissioner codes? Will they be confirmed as such by the Information Commissioner? Sadly, I will not hear the Minister’s reply but I very much hope that it is a full one.
My Lords, far be it from me to get the Minister off that hook. It is always humbling to be in the presence of those who have seen the heat of the day and borne the burdens of bringing some complicated pieces of legislation on to our statute book. Perhaps we can all breathe a sigh of relief as we notice the noble Lord, Lord Clement-Jones, depart from his place.
I will restrict my remarks, since I was not in possession of the briefing that the noble Lord had, to the observations I made on the simple basis of reading these papers. It was a jolly weekend and some good bedtime reading—150 pages on a very complicated matter—but as far as the regulations themselves are concerned, it seemed mildly reassuring that multiple disadvantages, such as television retuning, fuel poverty and water poverty, were all to be held in view with a view to ensuring that people who might suffer in these areas had their suffering minimised as far as possible. One million vulnerable energy consumers might qualify for help. From this side of the House, we cannot particularly grumble at that.
The thing that worried me was that, since these are the first tinkerings with or things that ensue from last year’s Digital Economy Act, it is incumbent on us to ensure we monitor very carefully the direction of travel as the Act lives its life and is implemented. For that reason, I find myself again and again wondering whether—while, yes, three years down the line it all has to be embedded and to work itself out—we should not promise ourselves a bit more micromanagement than that as things go along.
I liked the way that liaison with devolved bodies—to ensure that a UK-wide measure is implemented in Wales and Scotland in a way consistent with legal provision—was set out because, with another hat on, when we were arguing the devolution clauses in the EU withdrawal Bill we talked all the time about frameworks within which UK-wide pieces of action would have to be worked out in consultation with, and with consent from, the various interested parties. Here is a lived example, I thought, of how that might work.
I worried about how on earth we would keep together pieces of action that would see nine departments of state share information across their boundaries, as well as the Revenue and 32 local and regional bodies, as we considered how best legitimately to allow these bodies to share information. What kind of computer system do we have in place? We have had such a string of unfortunate experiences of supportive technology for mountainous pieces of government activity going wrong that I just look at this and am glad that it is not me operating it.
I thank the Minister for her very clear introduction. This is a very interesting regulation—for aficionados. As she spoke in detail about it, that introduces the country of origin principle for discussion. I understand completely what the draft SI is meant to do. I expect that somebody in DDCMS woke up in a cold sweat and suddenly realised that there was quite a backlog of criminal offences in Scotland and Northern Ireland that needed to be brought within the scope of the e-commerce legislation. Such cold sweats can occur, even in the best-run government departments. We should not impede the passing of this SI simply because some of the offences are rather ancient. We are not dealing just with 2015 offences.
Of much more interest for those who are currently debating the European Union (Withdrawal) Bill is the whole question of the future application of the country of origin principle. After all, starting with the e-commerce directive, the EU Commission aimed to create an effective single market, particularly in the field of online retail. It is extremely pertinent to what is going to happen next. The current law is set out in the EU electronic commerce directive 2000, implemented into UK law in 2002. The regime covers almost every commercial website and is not restricted to online buying and selling but covers any service provided for remuneration at a distance using electronic means. On top of that, we have EU-derived distance selling and cookie regulation.
Much e-commerce law is implemented largely through secondary legislation, which will be preserved after Brexit takes place. However, the EU is obliged to revisit the directive every two years, so a divergence between the EU and the UK is possible. Therefore, the question arises as to whether we are going to need some sort of adequacy ruling for country of origin, rather in the way that we will probably have such a ruling for data protection. Indeed, is country of origin going to be available to us in the first place? Does the e-commerce directive fall away post Brexit? As I am sure the Minister is aware, country of origin principles applied to broadcasting will fall away unless there is a special deal which breaks through the normal cultural exceptions put into free trade agreements. So I am a little pessimistic about that.
Then, of course, the wagon rolls on. The consumer protection co-operation regulation was adopted by the Commission in December 2017. A regulation on addressing unjustified geo-blocking was adopted this February. There are two legislative proposals on the supply of digital content, and on online and other distance sales of goods, which the Commission proposed in December 2015 and are currently under negotiation in EU institutions. What are the Government’s intentions in respect of the new EU digital single market developments? Does they intend to stay aligned with e-commerce law in the EU? If so, how? If not, what will the consequences be? I would be extremely interested to hear from the Minister.
My Lords, the noble Lord, Lord Clement-Jones, must first hear from me. Perhaps that will give the Minister a little time. I am very grateful for the way in which an aficionado made me aware of this welter of material relating to the way that information flows and the activities that benefit from that flow of information across Europe in so many fields.
This SI is relentlessly logical. I cannot understand why the law on such important and serious matters as human trafficking, prostitution, the care of children, threatening comments, intimate images—all those things that are listed here—came on to the statute book in Brussels in 2000 and here in 2002 but it has taken us until 2018 to deal with it. The country of origin thing may be part of the answer, I do not know. But, as the noble Lord, Lord Clement-Jones, said, just this morning we received a visit from commercial broadcasting people who are terribly worried about this country of origin principle and how it will affect their business in the future.
This SI is intended to ensure the smooth functioning of the internal market and to ensure consistency with EU law—all of that—while we are still members of the EU. I share the bemusement of the noble Lord, Lord Clement-Jones, about what might happen afterwards. He talked about adequacy, the future application of country of origin—will that continue?—and possible divergence that may occur as two different regimes pursue ways forward according to their own respective best lights, which may not be the same.
Of course, Brexit is raising a whole host of details of this kind, which make us aware of how silly we were to go down this road in the first place. Perhaps that remark ought not to go on the record—it does not belong to this debate—but I could not forbear from making it. But here we are with something that makes obvious sense but raises questions of concern that lie beyond its scope and its date. We wonder about both the scope and the date and what will happen to us all very soon. But I have no hesitation in supporting this statutory instrument.
(6 years, 9 months ago)
Lords ChamberMy Lords, I have given due attention to the proposals before us and can see exactly the logic that brings them to our attention. My eyebrows have been raised by certain of the details; I wish I knew how people might gamble in an inappropriate way in terms of playing darts, for example. A treble 20 is a difficult thing to be sure about under any circumstances. For all that, I can see that, if assurances have been given by the various bodies that they will come into line with the expectations under the terms of the Act, they should be added to the list.
My pulse quickened when I saw the European Rugby Cup Ltd mentioned, since the Llanelli Scarlets are leading the way for British involvement in the European cup quarter-finals. I am happy as a Welshman to just lord that over any English friends I have here in the House with me.
I have one question that perhaps the Minister can help me with. How do we get the necessary information that relates to companies registered in the Republic of Ireland? That stands out as being a little different from the others.
I am happy to note that the anti-doping people, UKAD, are now involved. Having met their representatives on more than one occasion, I can see how there is an overlap of interest, but also that it adds competence to the governing of these different sports and this activity.
All that having been said, I think that due process has been followed. When I was growing up, it was inconceivable that anybody would bet on any of these activities at all. Indeed, betting on horseracing was done illicitly in my youth. Round the corner we had Dai Double-Ticket, as we called him, and he ran the bets to the local bookkeeper on our behalf. We hoped that he would share the profits with us eventually. We have now come to the point where we can bet during matches and all the rest of it. It is so complicated now compared to what it was, and adequate machinery has to be put in place. The Gambling Act 2005 sought to do that and, a few years having passed, we must of course seek to update the information base upon which we operate the provisions of that Act. Apart from those little questions I have, I am happy to concur with the recommendation.
My Lords, just to follow on briefly, I am very pleased to see that, as in the Commons, there is a strong Welsh perspective being displayed on these matters today.
We all have a strong interest in sports betting integrity, and we had quite a debate on the issue during our discussion of the Data Protection Bill. I am pleased, therefore, to see the inclusion of UKAD in Part 3 of Schedule 6. In the Commons discussion of this order, there were some interesting debates about the inclusion of international bodies. Perhaps the Minister could slightly unpack the reason for those international bodies being included.
The last thing I want to say is that there is a distinction between Parts 2 and 3 of Schedule 6, and I wonder whether the Minister could explain why UKAD is included in Part 3 but not in Part 2. I know that the Explanatory Memorandum goes into that to some extent, but not entirely. UKAD is an enforcement body, and it seems slightly strange that it is not going to be on the face of the statutory instrument.
(6 years, 11 months ago)
Grand CommitteeMy Lords, the Minister has reminded us of our happy days during the passage of the Digital Economy Bill—now the Digital Economy Act. Of course, we all like to be reminded of our days in the salt mines. These regulations are straightforward and we welcome them. I certainly do not intend to raise again any issues relating to the Electronic Communications Code. Certainly, I would not want to provoke another speech from the noble Lord, Lord Grantchester; that would be very unwise.
However, I will make a couple of comments relating to the implementation of the code. As I understand it, Ofcom is issuing a code of practice on top of that. There is some concern that although the direction of travel of the ECC was very clear, the code of practice is in a sense bringing back a slight bias in favour of the landowners. That is a concern of some commentators. One says:
“While the consultation around the code of practice is to be welcomed, if implemented in its current form, the code of practice is in danger of swinging the pendulum back too far in favour of landowners who will be able to challenge operators at every stage”.
I know that the Government were very keen to get the balance right. It will be interesting to hear what the Minister has to say about that.
The Minister may want to write to me about this, but this is a useful opportunity to ask about the direction of government policy in terms of EU regulatory reforms—if we can bear it. It looks like there are plans from Brussels for a new Electronic Communications Code which includes e-privacy regulation. Obviously, before we exit—if we exit—it will continue to be important to keep the digital single market and the single telecoms market in place. The question arises: will there be time? Will the new Electronic Communications Code, however it is brought in—whether by directive or regulation, I am not quite sure—happen? Will it fall outside? Will it be after 29 March? Will it fall during a transition period? I suspect there are many in the telecoms field and the general area of technology infrastructure who will be extremely interested in the answer to that.
Those are the two areas on which I would very much like to have an answer from the Minister, either now or at some stage in the future.
My Lords, I do not have very much to add. The allusion to happy days in the past, which I missed, unfortunately—