Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

A series of funded programmes have been looking at the introduction of AI in government in particular. Some reports were published in the last couple of weeks showing time savings and degree of satisfaction, and identifying where the use of AI will be most useful and where it will be problematic. There are already some outputs from that work in the public domain. We will continue to make them public as we assess the performance of AI in government systems. A unit called i.AI is developing new approaches, such as Humphrey, which have been widely publicised.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

Oddly enough, I am aware of how difficult this is and how much work is needed. The requirements range from data to the ability to get it into a form that can be read and be interoperable; that is behind the national data library and the health data research service which we have announced. There are skills issues right across the Civil Service and elsewhere which need to be addressed, with skills increased, along with the application uptake of AI by businesses across the UK. All those are part of the AI Opportunities Action Plan, and there are things under way in each of those areas. I do not think this is straightforward. It will require some experimentation. There will be some things that will not work as well as expected and others that we will need to move faster on. I expect this to be a very dynamic field over the next few years.

Lord Vallance of Balham (Lab)

- Hansard -

Copy Link

- - Excerpts

I reiterate the point I made: it is very important that we make schemes available to people from all over the world; it is not about targeting a specific country. We will do so, and we are working on schemes to make attractive offers both to individuals and to groups. This is an important area. There have already been many approaches to universities for people who want to base themselves here, and it is important that we have a system that is sustainable and effective, making sure that researchers can work in what is a world-class system in the UK.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

We are working closely with our friends in Europe on AI, both at the safety and security level through the AI Security Institute and more broadly. We have a bilateral meeting with France coming up in July, where this will be discussed. There is a need for all of us to think about which models we want to rely on and become dependent on and, indeed, where models can be made that are not general-purpose, wide, generative models but narrower models that can answer the questions we need to answer. Not everything comes down to broad, generative AI.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank my noble friend. I am unaware of absolutely everything that is going on in the House this afternoon, and I am afraid that I was not aware of that. However, he is right to point out that the professions will be greatly affected by AI and the legal profession is certainly one of those. There is an enormous amount of work that could be done by AI, just as an enormous amount of work can be done with AI across the Civil Service. That is why there is a big push at the moment to adopt AI across the Civil Service. I think the same will happen in other professions, including medicine, law, architecture and many other areas.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I can certainly give the noble Viscount an indication of the scope. As I have said clearly, this is not going to deal with regulation that can be done by existing regulators. The use of AI in existing areas is something for the regulators that are specialists in those areas. It will not deal with the AI assurance tools, which will be developed separately, but it will look at artificial general intelligence and the emergence of new, cutting-edge AI—the things that we know will cut right the way across other areas and require particular attention.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank the right reverend Prelate for that important question. Trust is key to all this, and it is why we are committed to maintaining high standards of data protection in whichever context the AI system is deployed. The right reverend Prelate is quite right to raise the question of the NHS, where already AI is being used to read scans, to improve performance in terms of missed appointments and to advance pathology services, many of which are narrow AI uses which are extremely important.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

As the noble Viscount says, this is an urgent matter. A summit is going on in Paris at the moment discussing many of these issues. We remain committed to bringing forward legislation. We are continuing to refine the proposals and look forward to engaging extensively in due course to ensure that our approach is future-proofed and effective against what is a fast-evolving technology.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, this has been a very interesting debate. I too congratulate the noble Baroness, Lady Owen, on having brought forward these very important amendments. It has been a privilege to be part of her support team and she has proved an extremely persuasive cross-party advocate, including in being able to bring out the team: the noble Baroness, Lady Kidron, the noble Lord, Lord Pannick, who has cross-examined the Minister, and the noble Lord, Lord Stevenson. There is very little to follow up on what noble Lords have said, because the Minister now knows exactly what he needs to reply to.

I was exercised by this rather vague issue of whether the elements that were required were going to come back at Third Reading or in the Commons. I did not think that the Minister was specific enough in his initial response. In his cross-examination, the noble Lord, Lord Pannick, really went through the key elements that were required, such as the no intent element, the question of reasonable excuse and how robust that was, the question of solicitation, which I know is very important in this context, and the question of whether it is really an international law matter. I have had the benefit of talking to the noble Lord, Lord Pannick, and surely the mischief is delivered and carried out here, so why is that an international law issue? There is also the question of deletion of data, which the noble Lord has explained pretty carefully, and the question of timing of knowledge of the offence having been committed.

The Minister needs to describe the stages at which those various elements are going to be contained in a government amendment. I understand that there may be a phasing, but there are a lot of assurances. As the noble Lord, Lord Stevenson, said, is it six or seven? How many assurances are we talking about? I very much hope that the Minister can see the sentiment and the importance we place on his assurances on these amendments, so I very much hope he is going to be able to give us the answers.

In conclusion, as the noble Baroness, Lady Morgan, said—and it is no bad thing to be able to wheel on a former Secretary of State at 9 o’clock in the evening—there is a clear link between gender-based violence and image-based abuse. This is something which motivates us hugely in favour of these amendments. I very much hope the Minister can give more assurance on the audio side of things as well, because we want future legislation to safeguard victims, improve prosecutions and deter potential perpetrators from committing image-based and audio-based abuse crimes.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, I thank the noble Lord, Lord Bassam, for retabling his Committee amendment, which we did not manage to discuss. Sadly, it always appears to be discussed rather late in the evening, but I think that the time has come for this concept and I am glad that the Government are willing to explore it.

I will make two points. Many countries worldwide, including in the EU, have their own version of the smart fund to reward creators and performers for the private copy and use of their works and performances. Our own CMS Select Committee found that, despite the creative industries’ economic contribution—about which many noble Lords have talked—many skilled and successful professional creators are struggling to make a living from their work. The committee recommended that

“the Government work with the UK’s creative industries to introduce a statutory private copying scheme”.

This has a respectable provenance and is very much wanted by the collecting societies ALCS, BECS, Directors UK and DACS. Their letter said that the scheme could generate £250 million to £300 million a year for creatives, at no cost to the Government or to the taxpayer. What is not to like? They say that similar schemes are already in place in 45 countries globally, including most of Europe, and many of them include an additional contribution to public cultural funding. That could be totally game-changing. I very much hope that there is a fair wind behind this proposal.

The Minister of State, Department for Science, Innovation and Technology (Lord Vallance of Balham) (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank my noble friend Lord Bassam for his Amendment 57 on the subject of private copying levies. It reinforces a point we discussed earlier about copying being covered by copyright.

The smart fund campaign seeks the introduction of a private copy levy. Such a levy would aim to indirectly compensate copyright owners for the unauthorised private copying of their works—for example, when a person takes a photo of an artwork or makes a copy of a CD—by paying copyright owners when devices capable of making private copies are sold.

Noble Lords may be aware that, in April 2024, the Culture, Media and Sport Committee recommended that the Government introduce a private copying levy similar to that proposed by this amendment. The Government’s response to that recommendation, published on 1 November, committed the Intellectual Property Office to meet with representatives from the creative industries to discuss how to strengthen the evidence base on this issue. That process is under way. I know that a meeting with the smart fund group is planned for next week, and I can confirm that DCMS is included and invited. I know that the IPO would be glad to meet my noble friend, as well as the noble Lord, Lord Freyberg, and the noble Earl, Lord Clancarty, to discuss this further. I also absolutely assure him that Chris Bryant is aware of this important issue and will be following this.

I am sure my noble friend will agree that it is essential that we properly engage and consider the case for intervention before legislating. Therefore, I hope he will be content to withdraw his amendment, to allow the Government the opportunity to properly explore these issues with creative and tech industry stakeholders.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, all our speakers have made it clear that this is a here-and-now issue. The context has been set out by noble Lords, whether it is Stargate, the AI Opportunities Action Plan or, indeed, the Palantir contract with the NHS. This has been coming down the track for some years. There are Members on the Government Benches, such as the noble Lords, Lord Mitchell and Lord Hunt of Kings Heath, who have been telling us that we need to work out a fair way of deriving a proper financial return for the benefits of public data assets, and Future Care Capital has done likewise. The noble Lord, Lord Freyberg, has form in this area as well.

The Government’s plan for the national data library and the concept of sovereign data assets raises crucial questions about how to balance the potential benefits of data sharing with the need to protect individual rights, maintain public trust and make sure that we achieve proper value for our public digital assets. I know that the Minister has a particular interest in this area, and I hope he will carry forward the work, even if this amendment does not go through.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I am grateful to the noble Baroness, Lady Kidron, and the noble Lord, Lord Tarassenko, for Amendments 58 and 71, one of which we also considered in Committee. I suspect that we are about to enter an area of broad agreement here. This is a very active policy area, and noble Lords are of course asking exactly the right questions of us. They are right to emphasise the need for speed.

I agree that it is essential that we ensure that legal and policy frameworks are fit for purpose for the modern demands and uses of data. This Government have been clear that they want to maximise the societal benefits from public sector data assets. I said in the House very recently that we need to ensure good data collection, high-quality curation and security, interoperability and ways of valuing data that secure appropriate value returns to the public sector.

On Amendment 58, my officials are considering how we approach the increased demand and opportunity of data, not just public sector data but data across our economy. This is so that we can benefit from the productivity and growth gains of improvements to access to data, and harness the opportunities, which are often greater when different datasets are combined. As part of this, we sought public views on this area as part of the industrial strategy consultation last year. We are examining our current approach to data licensing, data valuation and the legal framework that governs data sharing in the public sector.

Given the complexity, we need to do this in a considered manner, but we of course need to move quickly. Crucially, we must not betray the trust of people or the trust of those responsible for managing and safeguarding these precious data assets. From my time as chair of the Natural History Museum, I am aware that museums and galleries are considering approaches to this very carefully. The noble Lord, Lord Lucas, may well be interested to see some of the work going on on biodiversity datasets there, where there are huge collections of great value that we actually did put value against.

Of course, this issue cuts across the public sector, including colleagues from the Geospatial Commission, NHS, DHSC, National Archives, Department for Education, Ordnance Survey and Met Office, for example. My officials and I are very open to discussing the policy issues with noble Lords. I recently introduced the noble Lord, Lord Tarassenko, to officials from NHSE dealing with the data side of things there and linked him with the national data library to seek his input. As was referred to, yesterday, the noble Baroness, Lady Kidron, the noble Lords, Lord Clement-Jones, Lord Tarassenko and Lord Stevenson, and the noble Viscount, Lord Camrose, all met officials, and we remain open to continuing such in-depth conversations. I hope the noble Baroness appreciates that this is an area with active policy development and a key priority for the Government.

Turning to Amendment 71, also from the noble Baroness, I agree that the national data library represents an enormous opportunity for the United Kingdom to unlock the full value of our public data. I agree that the protection and care of our national data is essential. The scope of the national data library is not yet finalised, so it is not possible to confirm whether a new statutory body or specific statutory functions are the right way to do this. Our approach to the national data library will be guided by the principles of public law and the requirements of the UK’s data protection legislation, including the data protection principles and data subject rights. This will ensure that data sharing is fair, secure and preserves privacy. It will also ensure that we have clear mechanisms for both valuation and value capture. We have already sought, and continue to seek, advice from experts on these issues, including work from the independent Prime Minister’s Council for Science and Technology. The noble Lord, Lord Freyberg, also referred to the work that I was involved with previously at the Tony Blair Institute.

The NDL is still in the early stages of development. Establishing it on a statutory footing at this point would be inappropriate, as work on its design is currently under way. We will engage and consult with a broad range of stakeholders on the national data library in due course, including Members of both Houses.

The Government recognise that our data and its underpinning infrastructure is a strategic national asset. Indeed, it is for that reason that we started by designating the data centres as critical national infrastructure. As the subjects of these amendments remain an active area of policy development, I ask the noble Baroness to withdraw her amendment.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, we have had some discussion already this week on data centres. The noble Lord, Lord Holmes, is absolutely right to raise this broad issue, but I was reassured to hear from the noble Lord, Lord Hunt of Kings Heath, earlier in the week that the building of data centres, their energy requirements and their need may well be included in NESO’s strategic spatial energy plan and the centralised strategic network plan. Clearly, in one part of the forest there is a great deal of discussion about energy use and the energy needs of data centres. What is less clear and, in a sense, reflected in the opportunities plan is exactly how the Government will decide the location of these data centres, which clearly—at least on current thinking about the needs of large language models, AI and so on—will be needed. It is about where they will be and how that will be decided. If the Minister can cast any light on that, we would all be grateful.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, it is clear that Amendment 67 in the name of the noble Lord, Lord Lucas, is very much of a piece with the amendments that were debated and passed last week. On these Benches, our approach will be exactly the same. Indeed, we can rely on what the Minister said last week, when he gave a considerable assurance:

“I can be absolutely clear that we must have a single version of the truth on this. There needs to be a way to verify it consistently and there need to be rules. That is why the ongoing work is so important”.—[Official Report, 21/1/25; col. 1620.]


That is, the work of the Central Digital and Data Office. We are content to rely on his assurance.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, I too am lost in admiration for the noble Baroness, Lady Kidron—still firing on all cylinders at this time of night. Current law is clearly out of touch with the reality of computer systems. It assumes an untruth about computer reliability that has led to significant injustice. We know that that assumption has contributed to miscarriages of justice, such as the Horizon scandal.

Unlike the amendment in Committee, Amendment 68 does not address the reliability of computers themselves but focuses rather on the computer evidence presented in court. That is a crucial distinction as it seeks to establish a framework for evaluating the validity of the evidence presented, rather than questioning the inherent reliability of computers. We believe that the amendment would be a crucial step towards ensuring fairness and accuracy in legal proceedings by enabling courts to evaluate computer evidence effectively. It offers a balanced approach that would protect the interests of both the prosecution and the defence, ensuring that justice is served. The Government really must move on this.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

Amendment 68 from the noble Baroness, Lady Kidron, aims to prevent future miscarriages of justice, such as the appalling Horizon scandal. I thank the noble Baroness and, of course, the noble Lord, Lord Arbuthnot, for the commitment to ensuring that this important issue is debated. The Government absolutely recognise that the law in this area needs to be reviewed. Noble Lords will of course be aware that any changes to the legal position would have significant ramifications for the whole justice system and are well beyond the scope of this Bill.

I am glad to be able to update the noble Baroness on this topic since Committee. On 21 January the Ministry of Justice launched a call for evidence on this subject. That will close on 15 April, and next steps will be set out immediately afterwards. That will ensure that any changes to the law are informed by expert evidence. I take the point that there is a lot of evidence already available, but input is also needed to address the concerns of the Serious Fraud Office and the Crown Prosecution Service, and I am sure they will consider the important issues raised in this amendment.

I hope the noble Baroness appreciates the steps that the Ministry of Justice has taken on this issue. The MoJ will certainly be willing to meet any noble Lords that wish to do so. As such, I hope she feels content to withdraw the amendment.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank the noble Viscount, Lord Camrose, for giving me an opportunity to speak for 45 minutes on genomics, which I know everyone will be very grateful for. I shall resist that temptation and thank him for the amendment on security in genomic data.

As he is aware, the UK is a world leader in genomics, and its various datasets and studies have contributed to health globally. I also note that the UK Biological Security Strategy of 2023 has been endorsed by this Government and a variety of measures are under active consideration. I recognise the noble Viscount’s desire for quick movement on the issue and agree with him that this is of great importance. I reassure him that my officials are working at speed across government on this very issue. I would be very happy to brief him and other noble Lords present today on the findings of the risk assessment in due course. We have not yet engaged with the Joint Committee on National Security Strategy but will do shortly as per standard practice.

I hope that the noble Viscount will appreciate that this work is live and will grant a little patience on this issue. I look forward to engaging with him soon on this but, in the meantime, I would be grateful if he would withdraw his amendment.

Lord Clement-Jones (LD)

- Hansard -

Copy Link

- - Excerpts

My Lords, I have the very dubious privilege of moving the final amendment on Report to this Bill. This is a probing amendment and the question is: what does retrospectivity mean? The noble Lord, Lord Cameron of Lochiel, asked a question of the noble Baroness, Lady Jones, in Committee in December:

“Will the forthcoming changes to data protection law apply to such data that controllers and processors already hold?”


She replied that

“the new lawful ground of recognised legitimate interest will apply from the date of commencement and will not apply retrospectively”.—[Official Report, 10/12/24; cols. GC 435-437.]

But the question is not really whether the lawfulness is retrospective, but whether the changes made in the new law can be applied to any personal data previously collected and already held on the commencement date of the Act—so that is the exam question.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I will speak first to Amendment 76. I reassure noble Lords that the Government do not believe that this amendment has a material policy effect. Instead, it simply corrects the drafting of the Bill and ensures that an interpretation provision in Clause 66 commences on Royal Assent.

Amendment 74, in the name of the noble Lord, Lord Clement Jones, would require the Secretary of State to publish a statement setting out whether any provisions in the Bill apply to controllers and processers retrospectively. Generally, provisions in Bills apply from the date of commencement unless there are strong policy or legal reasons for applying them retrospectively. The provisions in this Bill follow that general rule. For instance, data controllers will only be able to rely on the new lawful ground of recognised legitimate interests introduced by Clause 70 in respect of new processing activities in relation to personal data that take place after the date of commencement.

I recognise that noble Lords might have questions as to whether any of the Bill’s clauses can apply to personal data that is already held. That is the natural intent in some areas and, where appropriate, commencement regulations will provide further clarity. The Government intend to publish their plans for commencement on GOV.UK in due course and the ICO will also be updating its regulatory guidance in several key areas to help organisations prepare. We recognise that there can be complex lifecycles around the use of personal data and we will aim to ensure that how and when any new provisions can be relied on is made clear as part of the implementation process.

I hope that explanation goes some way to reassuring the noble Lord and that he will agree to withdraw his amendment.

The Minister of State, Department for Science, Innovation and Technology (Lord Vallance of Balham) (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank the noble Lord, Lord Holmes, for his Amendment 38 relating to the ICO’s innovation duty. I agree with his comments about the quality of our regulators.

I reiterate the statements made throughout the Bill debates that the Government are committed to the ongoing independence of the ICO as a regulator and have designed the proposals in the Bill with retaining EU adequacy in mind. The commissioner’s status as an independent supervisory authority for data protection is assured. The Information Commissioner has discretion over the application of his new duties. It will be for him to set out and justify his activities in relation to those duties to Parliament.

To answer the specific point, as well as that raised by the noble Lord, Lord Clement-Jones, considerations of innovations will not come at the expense of the commissioner’s primary objective to secure an appropriate level of protection for personal data. I hope that reassures the noble Lord.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, it is a pleasure to follow the noble Baroness, Lady Harding. I have added a few further words to my speech in response, because she made an extremely good point. I pay tribute to the noble Baroness, Lady Kidron, and her tenacity in trying to make sure that we secure a code for children’s data and education, which is so needed. The education sector presents unique challenges for protecting children’s data.

Like the noble Baronesses, Lady Kidron and Lady Harding, I look forward to what the Minister has to say. I hope that whatever is agreed is explicit; I entirely agree with the noble Baroness, Lady Harding. I had my own conversation with the Minister about Ofcom’s approach to categorisation which, quite frankly, does not follow what we thought the Online Safety Act was going to imply. It is really important that we absolutely tie down what the Minister has to say.

The education sector is a complex environment. The existing regulatory environment does not adequately address the unique challenges posed by edtech, as we call it, and the increasing use of children’s data in education. I very much echo what the noble Baroness, Lady Kidron, said: children attend school for education, not to be exploited for data mining. Like her, I cross over into considering the issues related to the AI and IP consultation.

The worst-case scenario is using an opt-in system that might incentivise learners or parents to consent, whether that is to state educational institutions such as Pearson, exam boards or any other entity. I hope that, in the other part of the forest, so to speak, that will not take place to the detriment of children. In the meantime, I very much look forward to what the Minister has to say on Amendment 44.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank the noble Baroness, Lady Kidron, for raising this important topic today, and thank noble Lords for the impassioned speeches that we have heard. As my noble friend Lady Jones mentioned in Committee, the ICO has been auditing the practices of several edtech service providers and is due to publish its findings later this year. I am pleased to be able to give the noble Baroness, Lady Kidron, a firm commitment today that the Government will use powers under the Data Protection Act 2018 to require the ICO to publish a new code of practice addressing edtech issues.

The noble Baronesses, Lady Kidron and Lady Harding, both raised important points about the specificity, and I will try to address some of those. I am grateful to the noble Baroness for her suggestions about what the code should include. We agree that the starting point for the new code should be that children merit special protection in relation to their personal data because they may be less aware of the risks and their rights in relation to its processing. We agree that the code should include guidance for schools on how to comply with their controller duties in respect of edtech services, and guidance for edtech services on fulfilling their duties under the data protection framework—either as processors, controllers or joint controllers. We also agree that the code should provide practical guidance for organisations on how to comply with their so-called:

“Data protection by design and by default”


duties. This would help to ensure that appropriate technical and organisational measures are implemented in the development and operation of processing activities undertaken by edtech services.

The noble Baroness suggested that the new code should include requirements for the ICO to develop the code in consultation with children, parents, educators, children’s rights advocates, devolved Governments and industry. The commissioner must already consult trade associations, data subjects and persons who appear to the commissioner to represent the interest of data subjects before preparing a code, but these are very helpful suggestions. The development of any new code will also follow the new procedures introduced by Clause 92 of this Bill. The commissioner would be required to convene an expert panel to inform the development of the code and publish the draft code. Organisations and individuals affected by the code would be represented on the panel, and the commissioner would be required to consider its recommendations before publishing the code.

Beyond this, we do not want to pre-determine the outcome of the ICO’s audits by setting out the scope of the code on the face of the Bill now. The audits might uncover new areas where guidance is needed. Ensuring a clear scope for a code, grounded in evidence, will be important. We believe that allowing the ICO to complete its audits, so that the findings can inform the breadth and focus of the code, is appropriate.

The ICO will also need to carefully consider how its codes interrelate. For example, the noble Baroness suggested that the edtech code should cover edtech services that are used independently by children at home and the use of profiling to make predictions about a child’s attainment. Such processing activities may also fall within the scope of the age-appropriate design code and the proposed AI code, respectively. We need to give the ICO the flexibility to prepare guidance for organisations in a way that avoids duplication. Fully understanding the problems uncovered by the ICO audits will be essential to getting the scope and content of each code right and reducing the risk of unintended consequences.

To complement any recommendations that come from the ICO and its audits, the Department for Education will continue to work with educators and parents to help them to make informed choices about the products and services that they choose to support teaching and learning. The noble Baroness’s suggestion that there should be a certification scheme for approved edtech service providers is an interesting one that we will discuss with colleagues in the Department for Education. However, there might be other solutions that could help schools to make safe procurement decisions, and it would not be appropriate to use the ICO code to mandate a specific approach.

The point about schools and the use of work by children is clearly important; our measures are intended to increase the protections for children, not to reduce them. The Government will continue to work closely with noble Lords, the Department for Education, the ICO and the devolved regions as we develop the necessary regulations following the conclusion of the ICO audit. I hope that the noble Baroness is pleased with this commitment and as such feels content to withdraw her amendment.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, I can be pretty brief. We have had some fantastic speeches, started by the noble Baroness, Lady Kidron, with her superb rallying cry for these amendments, which we 100% support on these Benches. As she said, there is cross-party support. We have heard support from all over the House and, as the noble and learned Baroness, Lady Butler-Sloss, has just said, there has not been a dissenting voice.

I have a long association with the creative industries and with AI policy and yield to no one in my enthusiasm for AI—but, as the noble Baroness said, it should not come at the expense of the creative industries. It should not just be for the benefit of DeepSeek or Silicon Valley. We are very clear where we stand on this.

I pay tribute to the Creative Rights in AI Coalition and its campaign, which has been so powerful in garnering support, and to all those in the creative industries and creators themselves who briefed noble Lords for this debate.

These amendments respond to deep concerns that AI companies are using copyright material without permission or compensation. With the new government consultation, I do not believe that their preferred option is a straw man for a text and data mining exemption, with an opt out that we thought was settled under the previous Government. It starts from the false premise of legal uncertainty, as we have heard from a number of noble Lords. As the News Media Association has said, the Government’s consultation is based on a mistaken idea, promoted by tech lobbyists and echoed in the consultation, that there is a lack of clarity in existing copyright law. This is completely untrue. The use of copyrighted content without a licence by gen AI firms is theft on a mass scale and there is no objective case for a new text and data mining exception.

No effective opt-out system for the use of content by gen AI models has been proposed or implemented anywhere in the world, making the Government’s proposals entirely speculative. It is vital going forward that we ensure that AI companies cannot use copyrighted material without permission or compensation; that AI development does not exploit loopholes to bypass copyright laws; that AI developers disclose the sources of the data they use for training their models, allowing for accountability and addressing infringement; and that we reinforce the existing copyright framework, rather than creating new exceptions that disadvantage creators.

These amendments would provide a mechanism for copyright holders to contest the use of their work and ensure a route for payment. They seek to ensure that AI innovation does not come at the expense of the rights and livelihoods of creators. There is no market failure. We have a well-established licensing system as an alternative to the Government’s proposed opt-out scheme for AI developers using copyrighted works. A licensing system is the only sustainable solution that benefits both creative industries and the AI sector. We have some of the most effective collective rights organisations in the world. Licensing is their bread and butter. Merely because AI platforms are resisting claims, does not mean that the law in the UK is uncertain.

Amending UK law to address the challenges posed by AI development, particularly in relation to copyright and transparency, is essential to protect the rights of creators, foster responsible innovation and ensure a sustainable future for the creative industries. This should apply regardless of which country the scraping of copyright material takes place in, if developers market their product in the UK, regardless of where the training takes place. It would also ensure that AI start-ups based in the UK are not put at a competitive disadvantage due to the ability of international firms to conduct training in a different jurisdiction.

As we have heard throughout this debate, it is clear that the options proposed by the Government have no proper economic assessment underpinning them, no technology for an opt-out underpinning them and no enforcement mechanism proposed. It baffles me why the Conservative Opposition is not supporting these amendments, and I very much hope that the voices we have heard on the Conservative Benches will make sure that these amendments pass with acclamation.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I congratulate the noble Baroness, Lady Kidron, on her excellent speech. I know that she feels very strongly about this topic and the creative industries, as do I, but I also recognise what she said about junior Ministers. I have heard the many noble Lords who have spoken, and I hope they will forgive me if I do not mention everyone by name.

It is vital that we get this right. We need to give creators better, easier and practical control over their rights, allow appropriate access to training material by AI firms and, most importantly, ensure there is real transparency in the system, something that is currently lacking. We need to do this so that we can guarantee the continued success of our creative industries and fully benefit from what AI will bring.

I want to make it clear, as others have, that these two sectors are not mutually exclusive; it is not a case of picking sides. Many in the creative industries are themselves users or developers of AI technology. We want to ensure that the benefits of this powerful new technology are shared, which was a point made by the noble Baroness, Lady Stowell, and her committee.

It is obvious that these are complex issues. We know that the current situation is unsatisfactory in practice for the creative industries and the AI sector. That is why we have launched a detailed consultation on what package of measures can be developed to benefit both the creative industries and the AI sector. This is a genuine consultation. Many people from a range of sectors are engaging with us to share their views and evidence. It is important, and indeed essential, that we fully consider all responses provided in the consultation before we act. Not to do so would be a disservice to all those who are providing important input and would narrow our chance to get the right solution.

I agree wholeheartedly with the noble Baroness and many other noble Lords, including the noble Lord, Lord Freyberg, on the importance of transparency about the creative content used to train AI. Transparency, about both inputs and outputs, is a key objective in the Government’s consultation on copyright and AI. This very ability to provide transparency is at the centre of what is required. The consultation also contains two other vital objectives alongside transparency: practical and clear control and reward for rights holders over the use of their work. This is quite the opposite of the notion of giving away their hard work or theft. It is about increasing their control and ensuring access to data for AI training.

The Government certainly agree with the spirit of the amendments on transparency and web crawlers and the aims they are trying to achieve—that creators should have more clarity over which web crawlers can access their works and be able to block them if they wish, and that they should be able to know what has been used and by whom and have mechanisms to be appropriately reimbursed. However, it would be premature to commit to very specific solutions at this stage of the consideration of the consultation.

We want to consider these issues more broadly than the amendments before us, which do not take into account the fact that web crawling is not the only way AI models are trained. We also want to ensure that any future measures are not disproportionate for small businesses and individuals. There is a risk that legislating in this way will not be flexible enough to keep pace with rapid developments in the AI sector or new web standards. A key purpose of our consultation is to ensure that we have the full benefit of views on how to approach these issues, so that any legislation will be future-proof and able to deliver concrete and sustainable benefits for the creators. The preferred option in the consultation is one proposal; this is a consultation to try to find the right answer and all the proposals will be considered on their merits.

The Government are also committed to ensuring that rights holders have real control over how their works are used. At the moment, many feel powerless over the use of their works by AI models. Our consultation considers technological and other means that can help to ensure that creators’ wishes are respected in practice. We want to work with industry to develop simple and reliable ways to do this that meet agreed standards, in reference to the point made by the noble Viscount, Lord Camrose.

Technical standards are an important part of this. There are technical standards that will be required to prevent web crawlers accessing certain datasets. Standards will be needed for control at the metadata level and for watermarking. I agree with the noble Viscount, Lord Camrose, that standards on the use of watermarks or metadata could have a number of benefits for those who wish to control or license the use of their content with AI. Standards on the use of web crawlers may also improve the ability of rights holders to prevent the use of their works against their wishes. We will actively support the development of new standards and the application of existing ones. We see this as a key part of what is needed. We do not intend to implement changes in this area until we are confident that they will work in practice and are easy to use.

I also want to stress that our data mining proposals relate only to content that has been lawfully made available, so they will not apply to pirated copies. Existing copyright law will continue to apply to the outputs of AI models, as it does today. People will not be able to use AI as a cover for copyright piracy. With improved transparency and control over inputs, we expect that the likelihood of models generating infringing output will be greatly reduced.

Lord Clement-Jones (LD)

- Hansard -

Copy Link

- - Excerpts

My Lords, Amendment 46 seeks a review of court jurisdiction. As I said in Committee, the current system’s complexity leads to confusion regarding where to bring data protection claims—tribunals or courts? This is exacerbated by contradictory legal precedents from different levels of the judiciary, and it creates barriers for individuals seeking to enforce their rights.

Transferring jurisdiction to tribunals would simplify the process and reduce costs for individuals, and it would align with the approach for statutory appeals against public bodies, which are typically handled by tribunals. In the Killock v Information Commissioner case, Mrs Justice Farbey explicitly called for a “comprehensive strategic review” of the appeal mechanisms for data protection rights. That is effectively what we seek to do with this amendment.

In Committee, the noble Baroness, Lady Jones, raised concerns about transferring jurisdiction and introducing a new appeals regime. She argued that the tribunals lacked the capacity to handle complex data protection cases, but tribunals are, in fact, better suited to handle such matters due to their expertise and lower costs for individuals. Additionally, the volume of applications under Section 166—“Orders to progress complaints”—suggests significant demand for tribunal resolution, despite its current limitations.

The noble Baroness, Lady Jones, also expressed concern about the potential for a new appeal right to encourage “vexatious challenges”, but introducing a tribunal appeal system similar to the Freedom of Information Act could actually help filter out unfounded claims. This is because the tribunal would have the authority to scrutinise cases and potentially dismiss those deemed frivolous.

The noble Baroness, Lady Jones, emphasised the existing judicial review process as a sufficient safeguard against errors by the Information Commissioner. However, judicial review is costly and complex, presenting a significant barrier for individuals. A tribunal system would offer a much more accessible and less expensive avenue for redress.

I very much hope that, in view of the fact that this is a rather different amendment—it calls for a review—the Government will look at this. It is certainly called for by the judiciary, and I very much hope that the Government will take this on board at this stage.

Lord Clement-Jones (LD)

- Hansard -

Copy Link

- - Excerpts

My Lords, before the noble Viscount sits down, I wonder whether he has actually read the amendment; it calls for a review, not for transfer. I think that his speech is a carryover from Committee.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank the noble Lord, Lord Clement-Jones, for Amendment 46. It would require a review of the impact of transferring all data protection-related cases to the relevant tribunals. Currently there is a mixture of jurisdictions for tribunals and courts for data protection cases, depending on the nature of the proceedings. This is on the basis that certain claims are deemed appropriate for tribunal, while others are appropriate for courts, where stricter rules of evidence and procedure apply—for example, in dealing with claims by data subjects against controllers for compensation due to breaches of data protection legislation. As such, the current system already provides clear and appropriate administrative and judicial redress routes for data subjects seeking to exercise their rights.

Tribunals are in many cases the appropriate venue for data protection proceedings, including appeals by controllers against enforcement action or applications by data subjects for an order that the ICO should progress a complaint. Claims by individuals against businesses or other organisations for damages arising from breach of data protection law fall under the jurisdiction of courts rather than tribunals. This is appropriate, given the likely disparity between the resources of the respective parties, because courts apply stricter rules of evidence and procedures than tribunals. While court proceedings can, of course, be more costly, successful parties can usually recover their costs, which would not always be the case in tribunals.

I hope that the noble Lord agrees that there is a rationale for these different routes and that a review to consider transfer of jurisdictions to tribunals is therefore not necessary at this time.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, I support Amendments 47 and 48, which I was delighted to see tabled by the noble Lords, Lord Holmes and Lord Arbuthnot. I have long argued for changes to the Computer Misuse Act. I pay tribute to the CyberUp campaign, which has been extremely persistent in advocating these changes.

The CMA was drafted some 35 years ago—an age ago in computer technology—when internet usage was much lower and cybersecurity practices much less developed. This makes the Act in its current form unfit for the modern digital landscape and inhibits security professionals from conducting legitimate research. I will not repeat the arguments made by the two noble Lords. I know that the Minister, because of his digital regulation review, is absolutely apprised of this issue, and if he were able to make a decision this evening, I think he would take them on board. I very much hope that he will express sympathy for the amendments, however he wishes to do so—whether by giving an undertaking to bring something back at Third Reading or by doing something in the Commons. Clearly, he knows what the problem is. This issue has been under consideration for a long time, in the bowels of the Home Office—what worse place is there to be?—so I very much hope that the Minister will extract the issue and deal with it as expeditiously as he can.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I am grateful to the noble Lord, Lord Holmes, for raising this topic through Amendments 47 and 48. I am very aware of this issue and understand the strength of feeling about reforming the Computer Misuse Act, as we have heard from the noble Lord, Lord Arbuthnot, and the noble Earl, Lord Erroll.

As the noble Lord, Lord Clement-Jones, rightly pointed out, when I was the Government Chief Scientific Adviser I conducted a review making recommendations on pro-innovation regulation of technologies and I made recommendations on the issues these amendments raise. These recommendations were accepted by the previous Government.

The Government are actively taking forward these recommendations as part of the Act’s ongoing review. These issues are, of course, complex and require careful consideration. The introduction of these specific amendments could unintentionally pose more risk to the UK’s cybersecurity, not least by inadvertently creating a loophole for cybercriminals to exploit to defend themselves against a prosecution.

Our engagement with stakeholders has revealed differing views, even among industry. While some industry partners highlight the noble Lord’s view that the Computer Misuse Act may prevent legitimate public interest activity, others have concerns about the unintended consequences. Law enforcement has considerable concerns that allowing unauthorised access to systems under the pretext of identifying vulnerabilities could be exploited by cybercriminals. Without robust safeguards and oversight, this amendment could significantly hinder investigations and place a burden on law enforcement partners to establish whether a person’s actions were in the public interest.

Further work is required to consider the safeguards that would need to accompany any introduction of statutory defences. The Government will continue to work with the cybersecurity industry, the National Cyber Security Centre and law enforcement agencies on this issue. The Home Office will provide an update in due course, once the proposals have been finalised—or, in the words of the noble Lord, Lord Clement-Jones, they will pop out of the bowels of the Home Office in due course. With these reassurances in mind, I hope the noble Lord will feel able to withdraw his amendments.

Lord Clement-Jones (LD)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, I will speak to Amendment 48B. In our view, cookie paywalls create an unfair choose for users, essentially forcing them to pay for privacy. We tabled an amendment in Committee to ban cookie paywalls, but in the meantime, as the noble Baroness, Lady Jones, heralded at the time, the Information Commissioner’s Office has provided updated guidance on the “consent or pay” model for cookie compliance. It is now available for review. This guidance clarifies how organisations can offer users a choice between accepting personalised ads for free access or paying for an ad-free experience while ensuring compliance with data protection laws. It has confirmed that the “consent or pay” model is acceptable for UK publishers, provided certain conditions are met. Key requirements for a valid consent under this model include: users must have genuine free choice; the alternative to consent—that is, payment—must be reasonably priced; and users must be fully informed about their options.

The guidance is, however, contradictory. On the one hand, it says that cookie paywalls

“can be compliant with data protection law”

and that providers must document their assessments of how it is compliant with DPL. On the other, it says that, to be compliant with data protection law, cookie paywalls must allow users to choose freely without detriment. However, users who do not wish to pay the fee to access a website will be subject to detriment, because with a cookie paywall they will pay a fee if they wish to refuse consent. This is addressed as the “power imbalance”. It is also worth noting that this guidance does not constitute legal advice; it leaves significant latitude for legal interpretation and argument as to the compatibility of cookie paywalls with data protection law.

The core argument against “consent or pay” models is that they undermine the principle of freely given consent. The ICO guidance emphasises that organisations using these models must be able to demonstrate that users have a genuine choice and are not unfairly penalised for refusing to consent to data processing for personalised advertising. Yet in practice, given the power imbalance, on almost every occasion this is not possible. This amendment seeks to ensure that individuals maintain control over their personal data. By banning cookie paywalls, users can freely choose not to consent to cookies without having to pay a fee. I very much hope that the Government will reconsider the ICO’s guidance in particular, and consider banning cookie paywalls altogether.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, I will start with Amendments 48A and 50A in the name of the noble Lord, Lord Lucas. The Government are aware that some financial services firms have raised concerns that the direct marketing rules in the privacy and electronic communications regulations prevent them supporting consumers in some instances. I appreciate the importance of the support that financial services firms provide to their customers to help them make informed decisions on matters such as their financial investments. The Government and the FCA are working closely together to improve the support available to consumers.

In December, the FCA launched an initial consultation on a new type of support for consumers with their investments and pensions called “targeted support”. Through this consultation, the FCA will seek feedback on any interactions of the proposals and direct marketing rules. As my noble friend Lady Jones explained in the debate in Grand Committee, firms can already provide service or regulatory communication messages to their customers without permission, provided these messages are neutral in tone, factual and do not include promotional content. Promotional content can be sent if a consumer consents to receiving direct marketing. Messages which are not directed to a particular individual, such as online adverts shown to everyone who views a website, are also not prevented by the rules. I hope this explanation and the fact that there is ongoing work provide some reassurance to the noble Lord, Lord Lucas, that the Government are actively looking into this issue, and that, as such, he is content to withdraw his amendment.

Amendment 48B from the noble Lord, Lord Clement-Jones, is aimed at banning cookie paywalls. These generally work by giving web users the option to pay for a cookie-free browsing experience. Many websites are funded by advertising, and some publishers think that people should pay for a viewing experience without personalised advertising. As he rightly pointed out, the ICO released updated guidance on how organisations can deploy “consent or pay” models while still ensuring that consent is “freely given”. The guidance is detailed and outlines important factors that organisations should consider in order to operate legally. We encourage businesses to read this guidance and respond accordingly.

I note the important points that the noble Lord makes, and the counterpoints made by the noble Viscount, Lord Camrose. The Government will continue to engage with businesses, the ICO and users on these models, and on the guidance, but we do not think there is currently a case for taking action to ban the practice. I therefore hope the noble Lord will not press his amendment.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank the noble Baroness, Lady Kidron, for the amendments on researchers’ access to data for online safety research, an incredibly important topic. It is clear from Committee that the Government’s proposals in this clause are broadly welcomed. They will ensure that researchers can access the vital data they need to undertake an analysis of online safety risks to UK users, informing future online safety interventions and keeping people safe online.

Amendment 51 would compel the Secretary of State to make regulations for a researcher access framework, and to do so within 12 months. While I am sympathetic to the spirit of the noble Baroness’s amendment, a fixed 12-month timescale and requirement to make regulations may risk compressing the time and options available to develop the most effective and appropriate solution, as my noble friend Lady Jones outlined in Committee. Getting this right is clearly important. While we are committed to introducing a framework as quickly as possible, we do not want to compromise its quality. We need adequate time to ensure that the framework is fit for purpose, appropriately safeguarded and future-proofed for a fast-evolving technological environment.

As required by the Online Safety Act, Ofcom is currently preparing a report into the ways in which researchers can access data and the barriers that they face, as well as exploring how additional access might be achieved. This report will be published in July of this year. We are also committed to conducting a thorough consultation on the issue prior to any enforceable requirements coming into force. The Government intend to consult on the framework as soon as practicable after the publication of Ofcom’s report this summer.

Sufficient time is required for a thorough consultation with the wide range of interested stakeholders in this area, including the research community, civil society and industry. I know that the noble Baroness raised a concern in Committee that the Government would rely on Ofcom’s report to set the framework for the regime, but I can assure her that a robust evidence-gathering process is already under way. The framework will be informed by collaboration with key stakeholders and formal consultation, as well as being guided by evidence from Ofcom’s report on the matter. Once all interested parties have had their say and the consultation is completed, the Government expect to make regulations to install the framework. It is right that the Government commit to a full consultation process and do not seek to prejudge the outcomes of that process by including a mandatory requirement for regulations now.

Amendment 53 would seek to expand the list of examples of the types of provision that the regulations might make. Clause 123 gives non-exhaustive examples of what may be included in future regulations; it certainly does not limit those regulations to the examples given. Given the central importance of protecting children and vulnerable users online, a key aim of any future regulations would be to support researchers to conduct research into the different ways that various groups of people experience online safety, without the need for this amendment. Indeed, a significant driving force for establishing this framework in the first place is to improve the quality of research that is possible to understand the risks to users online, particularly those faced by children. I acknowledge the point that the noble Baroness made about people of all ages. We would be keen to discuss this further with her as we consult on specific requirements as part of developing regulations.

I will touch on the point about legal privilege. We believe that routinely copying a lawyer on to all emails and documents is not likely to attract legal privilege. Legal privilege protects communication specifically between legal advisers and their clients being created for the purpose of giving or receiving legal advice, or for the sole or dominant purpose of litigation. It would not be satisfactory just to copy everyone on everything.

We are confident that we can draft regulations that will make it entirely clear that the legal right to data for research purposes cannot be avoided by tech companies seeking to rely on contractual provisions that purport to prevent the sharing of data for research purposes. Therefore, there is no need for a specific requirement in the Bill to override a terms of service.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, government Amendment 18 is similar to government Amendment 40 in the previous group, which added an express reference to children meriting specific protection to the new ICO duty. This amendment will give further emphasis to the need for the Secretary of State to consider the fact that children merit specific protection when deciding whether to use powers to amend the list of recognised legitimate interests.

Turning to Amendment 17 from the noble Lord, Lord Clement-Jones, I understand the concerns that have been raised about the Secretary of State’s power to add or vary the list of recognised legitimate interests. This amendment seeks to remove the power from the Bill.

In response to some of the earlier comments, including from the committees, I want to make it clear that we have constrained these powers more tightly than they were in the previous data Bill. Before making any changes, the Secretary of State must consider the rights and freedoms of individuals, paying particular attention to children, who may be less aware of the risks associated with data processing. Furthermore, any addition to the list must meet strict criteria, ensuring that it serves a clear and necessary public interest objective as described in Article 23.1 of the UK GDPR.

The Secretary of State is required to consult the Information Commissioner and other stakeholders before making any changes, and any regulations must then undergo the affirmative resolution procedure, guaranteeing parliamentary scrutiny through debates in both Houses. Retaining this regulation-making power would allow the Government to respond quickly if future public interest activities are identified that should be added to the list of recognised legitimate interests. However, the robust safeguards and limitations in Clause 70 will ensure that these powers are used both sparingly and responsibly.

I turn now to Amendment 21. As was set out in Committee, there is already a relevant power in the current Data Protection Act to provide exceptions. We are relocating the existing exemptions, so the current power, so far as it relates to the purpose limitation principle, will no longer be relevant. The power in Clause 71 is intended to take its place. In seeking to reassure noble Lords, I want to reiterate that the power cannot be used for purposes other than the public interest objectives listed in Article 23.1 of the UK GDPR. It is vital that the Government can act quickly to ensure that public interest processing is not blocked. If an exemption is misused, the power will also ensure that action can be swiftly taken to protect data subjects by placing extra safeguards or limitations on it.

Lord Vallance of Balham (Lab)

- Hansard -

Copy Link

- - Excerpts

There is a requirement. Going back to the issue of principles, which was discussed earlier on, one of the existing principles—which I am now trying to locate and cannot—is transparency. I expect that we would make as much of the information public as we can in order to ensure good decision-making and assure people as to how the decisions have been reached.

Baroness Harding of Winscombe (Con)

- View Speech - Hansard -

Copy Link

- - Excerpts

My Lords, I will speak very briefly, given the hour, just to reinforce three things that I have said as the wingman to the noble Baroness, Lady Kidron, many times, sadly, in this Chamber in child safety debates. The age-appropriate design code that we worked on together and which she championed a decade ago has driven real change. So we have evidence that setting in place codes of conduct that require technology companies to think in advance about the potential harms of their technologies genuinely drives change. That is point one.

Point two is that we all know that AI is a foundational technology which is already transforming the services that our children use. So we should be applying that same principle that was so hard fought 10 years ago for non-AI digital to this foundational technology. We know that, however well meaning, technology companies’ development stacks are always contended. They always have more good things that they think they can do to improve their products for their consumers, that will make them money, than they have the resources to do. However much money they have, they just are contended. That is the nature of technology businesses. This means that they never get to the safety-by-design issues unless they are required to. It was no different 150 or 200 years ago as electricity was rolling through the factories of the mill towns in the north of England. It required health and safety legislation. AI requires health and safety legislation. You start with codes of conduct and then you move forward, and I really do not think that we can wait.

Lord Vallance of Balham (Lab)

- Hansard -

Copy Link

- - Excerpts

I thank the noble Lord, Lord Clement-Jones, for Amendment 33, and the noble Baroness, Lady Kidron, for Amendment 41, and for their thoughtful comments on AI and automated decision-making throughout this Bill’s passage.

The Government have carefully considered these issues and agree that there is a need for greater guidance. I am pleased to say that we are committing to use our powers under the Data Protection Act to require the ICO to produce a code of practice on AI and solely automated decision-making through secondary legislation. This code will support controllers in complying with their data protection obligations through practical guidance. I reiterate that the Government are committed to this work as an early priority, following the Bill receiving Royal Assent. The secondary legislation will have to be approved by both Houses of Parliament, which means it will be scrutinised by Peers and parliamentarians.

I can also reassure the noble Baroness that the code of practice will include guidance about protecting data subjects, including children. The new ICO duties set out in the Bill will ensure that where children’s interests are relevant to any activity the ICO is carrying out, it should consider the specific protection of children. This includes when preparing codes of practice, such as the one the Government are committing to in this area.

I understand that noble Lords will be keen to discuss the specific contents of the code. The ICO, as the independent data protection regulator, will have views as to the scope of the code and the topics it should cover. We should allow it time to develop those thoughts. The Government are also committed to engaging with noble Lords and other stakeholders after Royal Assent to make sure that we get this right. I hope noble Lords will agree that working closely together to prepare the secondary legislation to request this code is the right approach instead of pre-empting the exact scope.

The noble Lord, Lord Clement-Jones, mentioned edtech. I should add—I am getting into a habit now—that it is discussed in a future group.

Lord Thomas of Cwmgiedd (CB)

- View Speech - Hansard -

Copy Link

- - Excerpts

I have added my name to this amendment, about which the noble Lord, Lord Clement-Jones, has spoken so eloquently, because of the importance to our economic growth of maintaining data adequacy with the EU. I have two points to add to what he said.

First, as I said and observed on some occasions in Committee, this is legislation of unbelievable complexity. It is a bad read, except if you want a cure for insomnia. Secondly, it has the technique of amending and reamending earlier legislation. Thirdly, this is not the time to go into detail of the legal problems that arise, some of which we canvassed in Committee, as to whether this legislation has no holes in it. I do not think I would be doing any favours either to the position of the United Kingdom or to those who have been patient enough to stay and listen to this part of the debate by going into any of those in any detail, particularly those involving the European Convention on Human Rights and the fundamental charter. That is my first point, on the inherent nature of the legislative structure that we have created. As I said earlier, I very much hope we will never have such legislation again.

Secondly, in my experience, there is a tendency among lawyers steeped in an area or department often to feel, “Well, we know it’s all right; we built it. The legislation’s fine”. Therefore, there is an additional and important safeguard that I think we should adopt, which is for a fresh pair of eyes, someone outside the department or outside those who have created the legislation, to look at it again to see whether there are any holes in it. We cannot afford to go into this most important assessment of data adequacy without ensuring that our tackle is in order. I appreciate what the Minister said on the last occasion in Committee—it is for the EU to pick holes in it—but the only prudent course when dealing with anything of this complexity in a legal dispute or potential dispute is to ensure that your own tackle is in order and not to go into a debate about something without being sure of that, allowing the other side to make all the running. We should be on top of this and that is why I very much support this amendment.

Lord Vallance of Balham (Lab)

- View Speech - Hansard -

Copy Link

- - Excerpts

I thank the noble Lord, Lord Clement-Jones, for his amendment, and the noble and learned Lord, Lord Thomas, for his contribution. I agree with them on the value and importance placed on maintaining our data adequacy decisions from the EU this year. That is a priority for the Government, and I reassure those here that we carefully considered all measures in the light of the EU’s review of our adequacy status when designing the Bill.

The Secretary of State wrote to the House of Lords European Affairs Committee on 20 November 2024 on this very point and I would be happy to share this letter with noble Lords if that would be helpful. The letter sets out the importance this Government place on renewal of our EU adequacy decisions and the action we are taking to support this process.

It is important to recognise that the EU undertakes its review of its decisions for the UK in a unilateral, objective and independent way. As the DSIT Secretary of State referenced in his appearance before the Select Committee on 3 December, it is important that we acknowledge the technical nature of the assessments. For that reason, we respect the EU’s discretion about how it manages its adequacy processes. I echo some of the points made by the noble Viscount, Lord Camrose.

That being said, I reassure noble Lords that the UK Government are doing all they can to support a swift renewal of our adequacy status in both technical preparations and active engagement. The Secretary of State met the previous EU Commissioner twice last year to discuss the importance of personal data sharing between the UK and EU. He has also written to the new Commissioner for Justice responsible for the EU’s review and looks forward to meeting Commissioner McGrath soon.

I also reassure noble Lords that DSIT and the Home Office have dedicated teams that have been undertaking preparations ahead of this review, working across government as needed. Those teams are supporting European Commission officials with the technical assessment as required. UK officials have met with the European Commission four times since the introduction of the Bill, with future meetings already in the pipeline.