Science and Technology: Economy
Viscount Camrose Excerpts(2 weeks, 3 days ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Viscount Camrose (Con)
My Lords, it has been an absolutely brilliant debate, and I join others in thanking the noble Viscount, Lord Stansgate, for bringing it forward. I also join others in congratulating the noble Baroness, Lady Freeman. Many years from now, eventually “Walking with Dinosaurs” will be a fantastic title for her memoir, but we are not there yet. I have been asked to slightly curtail my remarks and I am very happy to do that. I hope noble Lords will forgive me if I do not reflect on everything that has been said in the debate, but rather offer, just to begin with, some of my personal highlights from what I heard.
As a theme, it is clear that we are as one in deeply recognising and valuing the contribution that science and technology can and will make to our economy. Sadly, and frustratingly, many different approaches have been advanced as to how we can best finance that. I hope that we can be on the path of constant improvement to get more investment into this crucial space. I noted a sense of ruefulness from my noble friend Lord Willetts as he said that the role of the Science Minister was to extract money from the Treasury; I am pleased to say that we have somewhat moved on from this position.
I was very struck by the noble Baroness, Lady Neville-Jones, reminding us of the growing importance of international rivalry in this space. I think that is going to play an increasing part in our deliberations here.
The noble Lords, Lord St John of Bletso, Lord Tarassenko and Lord Drayson, asked, one way or another: where are our Metas or Alphabets? It is a question that certainly bugs me. Let us hope that, between us, we can move towards more of an answer. The noble Baroness, Lady Bowles, spoke powerfully about the issue of IP retention in universities, and that is clearly something we need to continue to look at.
The noble Lord, Lord Lucas, raised the issue of standards and regulations. There are not many silver bullets in technology regulation, but standards will be one of them. International global standards, particularly for instance with the copyright issue in AI, are going to be a big part of that solution.
I absolutely share the wish of the right reverend Prelate the Bishop of Newcastle to foster a faster-growing tech community in the north-east of England. If I may, I commend to her the work of the brilliant organisation CyberNorth; she may know it already.
Innovation is not merely an advantage; it is the foundation of economic growth and global competitiveness. Science and tech are no longer confined to laboratories or research institutions; they are part of the fabric of almost all the work we are doing of any kind across this country.
As of last year, we are one of three countries in the world with a trillion-dollar tech sector. Today, that sector contributes £150 billion annually to the UK economy, a figure that reflects not only the sector’s rapid growth to this point but its remarkable potential for expansion. With emerging fields that have been mentioned many times—quantum AI, engineering biology, and so on—we have the opportunity to cement the UK’s status as a global leader in scientific and technological innovation.
Of course, the contributions of science and tech, as I enjoyed hearing from the noble Baroness, Lady Bennett of Manor Castle, are not limited to economic growth. They enhance our resilience in the face of global challenges. I frequently argue that for all the amazing scientific advances we have seen over recent years, perhaps the most impactful was the development of the Covid vaccine, which I think we can all agree underscored, among other things, the power of UK-led scientific innovation, saving lives and demonstrating the critical impact of robust scientific infrastructure.
Investment in science and technology is also an investment in the workforce of tomorrow. The noble Lord, Lord Mair, and others raised this point very powerfully, as did my noble friend Lord Willetts and the noble Lord, Lord Taylor of Warwick. By prioritising education in STEM fields and by fostering partnerships between industry and academia, we are equipping future generations with the skills and knowledge required to thrive in a rapidly evolving landscape. It is not only essential for individual opportunity but vital to our ongoing economic competitiveness.
I want to address some pressing concerns raised by yesterday’s Budget. The Chancellor announced a significant allocation of £20.4 billion for research and development, including £6.1 billion aimed specifically at protecting core research funding. There is no doubt that this funding is crucial for advancing the core of our scientific curriculum. However, the research community has expressed some apprehensions regarding the implications of this. The Budget allocates an increased £2.7 billion for association with EU research programmes and covers the cost of the old Horizon Europe guarantee scheme. This means we are committing with this money not only to new funding but to managing the cost of past obligations. I would welcome some clarity from the Minister on how this is going to break down.
Further, as raised by my noble friend Lord Waldegrave, the abruptness of the decision over the summer to cancel the exascale computing investment—which was, by the way, fully funded through DSIT’s budget, contrary, I am afraid, to statements from the Government that I have heard from time to time—must stand as a significant red flag to AI investors, if only for its unexpectedness and suddenness. When we take this together with the additional costs and risks of hiring staff, the reduction of incentives to invest in technology and the—in my view, rather aggressive—treatment of non-domiciled investors, I think we have grounds for concern. I wonder whether, when the Minister rises, he could tell us to what he attributes our leadership today in science and tech. Is he concerned that these decisions may diminish that leadership and, if so, what do the Government propose to do about it?
That said, I am keen to close on a note of excitement and positivity. Ray Kurzweil, of “singularity” fame, argues that the time between major advances in science and technology diminishes exponentially. If he is right, the technologies available to us at the end of this Parliament will be truly staggering. So let us all be working together to make sure that as many of those breakthroughs as possible are delivered and safely exploited in this science and tech superpower, the United Kingdom.
Artificial Intelligence: Regulation
Viscount Camrose Excerpts(1 month ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Vallance of Balham (Lab)
That is an area that of course comes under several other parts of regulation already. It is also an area where there are massive changes in the way that these models perform. If one looks at GPT-4 versus GPT-3—I know it is not facial recognition, but it gives an indication of the types of advances—it is about twice as good now as it was a year ago. These things are moving fast and there is indeed a need to understand exactly how facial recognition technology is valid and where it has problems in recognition.
Viscount Camrose (Con)
My Lords, the supply chain for the development of the more advanced AI systems is, in almost every case, highly global in nature. That means that it becomes quite straightforward for AI developers to offshore their activities from any jurisdiction whose regulations they might prefer not to follow. This being the case, do the Government agree that the regulations for AI development, as distinguished mostly from use, are going to have to be global in nature? If the Government agree with that, how is it reflected in their plans for AI regulation going forward?
Lord Vallance of Balham (Lab)
The noble Viscount makes an important point. This will be global; there is no question about it. Therefore, there needs to be some degree of interoperability between different regions in terms of the regulations put in place. At the moment, as I said, of the two most advanced, the US is the biggest AI nation in the world and is developing a regulation along similar lines to ours, we believe. The EU is of course the most regulated place in the world for AI and we need to work out, in consultation over the next months, how to make sure that we work out where the areas of interoperability will lie.
Framework Convention on Artificial Intelligence
Viscount Camrose Excerpts(1 month ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Vallance of Balham (Lab)
The convention sets out activities in the life cycle of AI systems, and they should not infringe our values of human rights, democratic processes and the effectiveness of democratic institutions or the rule of law. It applies to the public sector, to the public sector when using the private sector, and there is an obligation to consider how private sector activities can be taken into account when this is implemented in a national framework.
Viscount Camrose (Con)
My Lords, international bodies currently working on AI safety and regulation include the UN, UNESCO, the ITU, the G7, the G20 and the GPI, among several others. Do the Government agree that although each of these groups is crucial and has a very important role to play in creating safe and well-regulated AI globally, they will be successful only to the extent that they are effectively co-ordinated? If so, what steps are the Government taking to bring that about?
Lord Vallance of Balham (Lab)
We are in active discussion with all those partners. As we consider an AI Act, we will work closely with partners in the US and elsewhere and apply it only to the limited number of companies at the very forefront of AI, to those models of tomorrow which carry particular risk and, again, where guard-rails have been asked for.
Digital Markets, Competition and Consumers Bill
Viscount Camrose ExcerptsTuesday 14th May 2024
(6 months, 1 week ago)
Lords ChamberRead Full debate Digital Markets, Competition and Consumers Act 2024 View all Digital Markets, Competition and Consumers Act 2024 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: HL Bill 75-I Marshalled list for Consideration of Commons Reasons and Amendment - (13 May 2024)
Viscount Camrose
That this House do not insist on its Amendments 9 and 19, to which the Commons have disagreed for their Reason 19A.
The Parliamentary Under-Secretary of State, Department for Science, Innovation and Technology (Viscount Camrose) (Con)
My Lords, I will also speak to Motions A1, B, B1, C, C1, C2 and D.
I start by thanking noble Lords for their constructive input and careful scrutiny during the passage of the Bill. We have created legislation that will drive innovation and deliver better outcomes for consumers across the UK by addressing barriers to competition in digital markets and tackling consumer rip-offs.
The Bill has been strengthened in many places in this House. However, today, I will speak to Motions A to D, which address amendments that remain to be agreed across the Bill. The Government ask that this House does not insist on the amendments rejected in the other place and that it agrees to the amendment proposed in lieu of changes proposed by noble Lords.
Lord Tyrie (Non-Afl)
Does the Minister not agree that since, with a merits appeal, a fine could be reduced to nugatory amounts, that what would be considered equivalent to a full merits review of the substantive decision?
Viscount Camrose (Con)
That would be in respect only of the fine itself. Any other element of the decision, such as the imposition of new conduct requirements or other actions taken to correct anti-competitive effects in the market, would stand and would have been standing throughout the appeal in any event.
I turn to Motion B, which addresses Amendments 12 and 13, on the countervailing benefits exemption, moved by the noble Baroness, Lady Jones of Whitchurch. The amendment looks to revert the clause back to its original wording of
“the conduct is indispensable ... to … those benefits”.
The Government’s revised wording, which replaces “indispensable”, does not change the effect of the clause. It still requires the same high threshold to be met and has the same safeguards. To qualify for the exemption, SMS firms must establish that all the criteria are met. There must be no other reasonable, practicable way to achieve the same benefits to consumers with a less anti-competitive effect. I hope that noble Lords feel reassured that the Government’s drafting maintains the same robust threshold and keeps consumers at the heart of the pro-competition regime.
Your Lordships will remember Amendment 38, tabled by my noble friend Lord Lansley, which sought to place in the Bill a 40-day timeframe for the Secretary of State’s approval of CMA guidance. The Government listened carefully to concerns led by my noble friend relating to a risk of delay in the digital markets regime. We are absolutely committed to getting this regime up and running to start fixing competition problems and deliver greater consumer benefit.
To reinforce this commitment, the Government have tabled Amendment 38A in lieu. This takes the spirit of my noble friend’s amendment and merely adjusts the time limit to working days to align with other timelines in the Bill. It also asks for reasons if guidance is not approved within the time limit. I hope that this provides reassurances to noble Lords about our commitment to the digital markets regime. I thank my noble friend for championing this matter in earlier debates and for his support for the amendment in lieu.
Once again, I thank noble Lords for their contributions during the Bill’s passage and I look forward to others during this debate. Across this House, we are all committed to making the DMCC Bill the best and most effective legislation it can be. I therefore invite noble Lords to agree the government Motions before them. I beg to move.
Motion A1 (as an amendment to Motion A)
Viscount Camrose (Con)
My Lords, I thank all noble Lords who have contributed to the debate today and, of course, throughout the development of this legislation. It has been a characteristically brilliant debate; I want to thank all noble Lords for their various and valuable views.
I turn first to the Motions tabled by the noble Lord, Lord Faulks, in relation to appeals and proportionality. I thank him for his continued engagement and constructive debate on these issues. We of course expect the CMA to behave in a proportionate manner at all times as it operates the digital market regime. However, today we are considering specifically the statutory requirement for proportionality in the Bill. We are making it clear that the DMU must design conduct requirements and PCIs to place as little burden as possible on firms, while still effectively addressing competition issues. The proposed amendments would not remove the reference to proportionality in Clause 21 and so, we feel, do not achieve their intended aim, but I shall set out the Government’s position on why proportionality is required.
On the question of the wording of “appropriate” versus “proportionate”, proportionality is a well-understood and precedented concept with a long history of case law. “Appropriate” would be a more subjective threshold, giving the CMA broader discretion. The Government’s position is that proportionality is the right threshold to be met in legislation due to the fact that it applies, in the vast majority of cases, because of ECHR considerations. It is the Government’s view that the same requirement for proportionality should apply whether or not ECHR rights are engaged.
As Article 1 of Protocol 1—A1P1—of the European Convention on Human Rights will apply to the vast majority of conduct requirements and PCIs imposed by the CMA, with the result that the courts will apply a proportionality requirement, we consider it important that it should be explicit that there is a statutory proportionality requirement for all conduct requirements and PCIs. We believe that proportionality should be considered beyond just those cases where A1P1 may apply, in particular when a conduct requirement or PCI would impact future contracts of an SMS firm.
The courts’ approach to proportionality in relation to consideration of ECHR rights has been set out by the Supreme Court, and we do not expect them to take a different approach here. Furthermore, the CAT will accord respect to the expert judgments of the regulator and will not seek to overturn its judgments lightly. I hope this answers the question put by the noble Lord, Lord Faulks.
On appeals, I thank noble Lords for their engagement on this matter, and in particular the noble Baroness, Lady Jones of Whitchurch, for setting out the rationale for her Amendments 32B and 32C, which seek to provide further clarity about where on the merits appeals apply. I want to be clear that the Government’s intention is that only penalty decisions will be appealable on the merits and that this should not extend to earlier decisions about whether an infringement occurred. I do not consider these amendments necessary, for the following reasons.
The Bill draws a clear distinction between penalty decisions and those about infringements, with these being covered by separate Clauses 89 and 103. There is a Court of Appeal precedent in BCL v BASF 2009 that, in considering a similar competition framework, draws a clear distinction between infringement decisions and penalty decisions. The Government consider that the CAT and the higher courts will have no difficulty in making this distinction for digital markets appeals to give effect to the legislation as drafted.
I now turn to the Motion tabled by the noble Lord, Lord Clement-Jones, in respect of the countervailing benefits exemption. I thank the noble Lord for his engagement with me and the Bill team on this important topic. The noble Lord has asked for clarification that the “indispensability” standard in Section 9 of the Competition Act 1998, and the wording,
“those benefits could not be realised without the conduct”,
are equivalent to each other. I want to be clear that the exemption within this regime and the exemption in Section 9 of the Competition Act 1998 are different. This is because they operate in wholly different contexts, with different criteria and processes. This would be the case however the exemption is worded in this Bill. That is why the Explanatory Notes refer to a “similar” exemption, because saying it is “equivalent” would be technically incorrect.
Having said that, the “indispensability” standard and the threshold of the Government’s wording,
“those benefits could not be realised without the conduct”,
are equally high. While the exemptions themselves are different, I hope I can reassure noble Lords that the Government’s view is that the standard—the height of the threshold—is, indeed, equivalent. The Government still believe that the clarity provided by simplifying the language provides greater certainty to all businesses, while ensuring that consumers get the best outcomes.
I thank the noble Lord, Lord Clement-Jones, for his question in relation to the Google privacy sandbox case. The CMA considers a range of consumer benefits under its existing consumer objective. This can include the privacy of consumers. It worked closely with the ICO to assess data privacy concerns in its Google privacy sandbox investigation and we expect it would take a similar approach under this regime.
I urge all noble Lords to consider carefully the Motions put forward by the Government and hope all Members will feel able—
Viscount Camrose (Con)
Indeed. In principle I am very happy to update the Explanatory Notes, but I need to engage with ministerial colleagues. However, I see no reason why that would not be possible.
Meanwhile, I hope all noble Lords will feel able to support the Government’s position.
Lord Pannick (CB)
My Lords, before the Minister sits down, may I just press him on proportionality? I understand the argument to be that a proportionality test should be applied in this context even though it is not required in all cases by the European Convention on Human Rights. I see the Minister nodding. Will that now be the general position of the Government, because it is not the law in relation to judicial review generally that there is a proportionality test? If that is to the position of the Government, it would be a very significant development which some of us would welcome and some of us would not. I declare an interest, of course, as one of those lawyers referred to by the noble Baroness, Lady Jones, as looking to take advantage on behalf of their clients. It is a very real issue; how far does this go?
Viscount Camrose (Con)
It goes only so far as its application to the Bill now. I am not aware of any further measures to take it into other Bills and would not expect to see any.
Lord Faulks (Non-Afl)
My Lords, I am grateful for the Minister’s response on that issue. I asked him the same question that I have asked throughout these proceedings—it is the same question posed by the noble Lord, Lord Pannick—and there does not seem, with great respect, to be an answer to it. The Minister has mostly allowed, to use a cricketing metaphor, the matter to go past the off stump without playing a shot. What really seems to be the position is that he says that proportionality will apply, even if the Human Rights Act or a convention right is not involved. But I think that, in answer to the noble Lord, Lord Pannick, the Minister is saying, “But only in the case of this Bill”. What that means is that big tech is getting a special privilege not afforded to any other litigant in any other context. I ask noble Lords, “Is that a good look?” I do not think that it is.
The Commons reason for preferring “proportionate” to “appropriate” reads as follows:
“Because it is appropriate for the CMA to be required to act proportionately in relation to conduct requirements and pro-competition interventions”.
I do not know whether that was supposed to be a joke, but it is profoundly unsatisfactory. The Government have missed a trick—or rather, they have succumbed to considerable pressure. I welcome the Bill because there is a great deal about it which is good. Having thought very carefully, and with considerable reluctance, I propose to withdraw my amendment.
Viscount Camrose
That this House do not insist on its Amendments 12 and 13, to which the Commons have disagreed for their Reason 13A.
Viscount Camrose (Con)
My Lords, I have already spoken to Motion B. I beg to move.
Motion B1 (as an amendment to Motion B)
Lord Clement-Jones
Tabled by
Leave out from “House” to end and insert “do not insist on its Amendment 12, to which the Commons have disagreed for their Reason 13A, and do insist on its Amendment 13.”
Viscount Camrose
That this House do not insist on its Amendments 26, 27, 28, 31 and 32, to which the Commons have disagreed for their Reason 32A.
Viscount Camrose
That this House do not insist on its Amendment 38, and do agree with the Commons in their Amendment 38A in lieu.
“(5) When the CMA seek the approval of the Secretary of State for guidance, the Secretary of State must— (a) approve the guidance, or
(b) give reasons to the CMA for not approving it.
(6) The Secretary of State must comply with subsection (5) before the end of the 30th working day after the day on which the CMA seek the Secretary of State’s approval.”
Artificial Intelligence (Regulation) Bill [HL]
Viscount Camrose ExcerptsFriday 10th May 2024
(6 months, 1 week ago)
Lords ChamberRead Full debate Artificial Intelligence (Regulation) Bill [HL] 2023-24 View all Artificial Intelligence (Regulation) Bill [HL] 2023-24 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Leong (Lab)
My Lords, I regret that I was unable to speak at Second Reading of the Bill. I am grateful to the government Benches for allowing my noble friend Lady Twycross to speak on my behalf on that occasion. However, I am pleased to be able to return to your Lordships’ House with a clean bill of health, to speak at Third Reading of this important Bill. I congratulate the noble Lord, Lord Holmes of Richmond, on the progress of his Private Member’s Bill.
Having read the whole debate in Hansard, I think it is clear that there is consensus about the need for some kind of AI regulation. The purpose, form and extent of this regulation will, of course, require further debate. AI has the potential to transform the world and deliver life-changing benefits for working people: whether delivering relief through earlier cancer diagnosis or relieving traffic congestion for more efficient deliveries, AI can be a force for good. However, the most powerful AI models could, if left unchecked, spread misinformation, undermine elections and help terrorists to build weapons.
A Labour Government would urgently introduce binding regulation and establish a new regulatory innovation office for AI. This would make Britain the best place in the world to innovate, by speeding up decisions and providing clear direction based on our modern industrial strategy. We believe this will enable us to harness the enormous power of AI, while limiting potential damage and malicious use, so that it can contribute to our plans to get the economy growing and give Britain its future back.
The Bill sends an important message about the Government’s responsibility to acknowledge and address how AI affects people’s jobs, lives, data and privacy, in the rapidly changing technological environment in which we live. Once again, I thank the noble Lord, Lord Holmes of Richmond, for bringing it forward, and I urge His Majesty’s Government to give proper consideration to the issues raised. As ever, I am grateful to noble Lords across the House for their contributions. We support and welcome the principles behind the Bill, and we wish it well as it goes to the other place.
The Parliamentary Under-Secretary of State, Department for Science, Innovation and Technology (Viscount Camrose) (Con)
My Lords, I too sincerely thank my noble friend Lord Holmes for bringing forward the Bill. Indeed, I thank all noble Lords who have participated in what has been, in my opinion, a brilliant debate.
I want to reassure noble Lords that, since Second Reading of the Bill in March, the Government have continued to make progress in their regulatory approach to artificial intelligence. I will take this opportunity to provide an update on just a few developments in this space, some of which speak to the measures proposed by the Bill.
First, the Government want to build public visibility of what regulators are doing to implement our pro-innovation approach to AI. Noble Lords may recall that we wrote to key regulators in February asking them for an update on this. Regulators have now published their updates, which include an analysis of AI-related opportunities and risks in the areas that they regulate, and the actions that they are taking to address these. On 1 May, we published a GOV.UK page where people can access each regulator’s update.
We have taken steps to establish a multidisciplinary risk-monitoring function within the Department for Science, Innovation and Technology, bringing together expertise in risk, regulation and AI. This expertise will provide continuous examination of cross-cutting AI risks, including evaluating the effectiveness of interventions by government and regulators.
Lord Empey (UUP)
Before the noble Viscount sits down, he listed a whole series of activities that are very welcome, but I said at Second Reading that I felt the Government were losing momentum, because the Prime Minister had set an international lead: the United Kingdom was going to lead the world and would be an example to everybody. It seems, with the Minister’s statement, that we have slipped back now. The European Union has set out its stall. If we are not going to have a legislative framework, we need to know that. I just hope the Government will reflect that the position the Prime Minister adopted at the beginning of this process was innovative, positive and good for the United Kingdom as a whole, but I fear that the loss of momentum means we will be slipping back down at a very rapid rate.
Viscount Camrose (Con)
I thank the noble Lord for his comments. I am not sure I accept the characterisation of a loss of momentum. We are, after all, co-hosting the AI safety summit along with our Korean friends in a couple of weeks. On moving very quickly to legislation, it has always been the Government’s position that it is better to have a deeper understanding of the specific risks of AI across each sector and all sectors before legislating too narrowly, and that there is a real advantage to waiting for the right moment to have judicious legislation that addresses specific risks, rather than blanket legislation that goes to all of them.
AI: Intellectual Property Rights
Viscount Camrose Excerpts(6 months, 1 week ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Holmes of Richmond (Con)
My Lords, I beg leave to ask the Question standing in my name on the Order Paper and declare my technology interests, as set out in the register, as an adviser to Boston Ltd.
The Parliamentary Under-Secretary of State, Department for Science, Innovation and Technology (Viscount Camrose) (Con)
My Lords, this is a complex and challenging area. We strongly support AI innovation in the UK, but this cannot be at the expense of our world-leading creative industries. Our goal is that both sectors should be able to grow together in partnership. We are currently working with DCMS to develop a way forward on copyright and AI. We will engage closely with interested stakeholders as we develop our approach.
Lord Holmes of Richmond (Con)
My Lords, our great UK creatives—musicians who make such sweet sounds where otherwise there may be silence; writers who fill the blank page with words of meaning that move us; our photographers; our visual artists—are a creative community contributing billions to the UK economy, growing at twice the rate of the UK economy. In the light of this, why are the Government content for their work, their IP and their copyright to be so disrespected and unprotected in the face of artificial intelligence?
Viscount Camrose (Con)
I thank my noble friend for the important point he raises, particularly stressing the importance to the United Kingdom of the creative industry, which contributes 6% of our GVA every year. The Government are far from content with this position and share the frustrations and concerns of many across the sector in trying to find a way forward on the AI and copyright issue. As I say, it is challenging and deeply complex. No jurisdiction anywhere has identified a truly satisfactory solution to this issue, but we continue to work internationally and nationally to seek one.
Baroness Stowell of Beeston (Con)
My Lords, I am grateful to my noble friend for giving way. As I said in my letter last week to the Secretary of State on behalf of the Communications and Digital Select Committee, the Government’s reluctance to take a clear position on copyright in the context of AI and large language models is leading to
“problematic business models … becoming entrenched and normalised”.
The Government urgently need to take a clear position, and soon. On a practical basis, what support are they giving to market-led initiatives to improve licensing deals for news publishers and to get collective licensing regimes off the ground, to ensure that smaller rights-holders are also not left behind?
Viscount Camrose (Con)
I thank my noble friend and her committee for that important letter. First, we must not underestimate the difficulty and complexity of the issues involved in resolving this question; there are very problematic jurisdictional and technical issues. That said, the Government greatly welcome any arrangement between private sector organisations finding a way forward on this; we can all learn a great deal from the success of those arrangements. We believe that a collaborative way forward on both sides, in partnership, will be a very important part of the eventual solution.
Baroness Jones of Whitchurch (Lab)
My Lords, the Minister was right to say that we should recognise that AI can bring opportunities to the creative sector. For example, nearly a decade after a near-fatal stroke, the musician Randy Travis has released a new song featuring AI-generated vocals. This has been done with his consent and the involvement of his record label, but elsewhere, as we have heard, AI tools are being widely used to create music in the style of established artists, despite no permission having been given and a total lack of creative control on the part of those artists and their representatives. Can the Minister outline how the Government are actively involving musicians, artists and writers in determining how best to protect that very precious intellectual property, while allowing creativity to flourish? I echo the noble Baroness’s theme: this is an urgent matter and we would like to hear how the Government will address it.
Viscount Camrose (Con)
The issue raised by the noble Baroness is of deep concern to everybody. As I say, there are some very serious problems, not least regarding the jurisdiction where any alleged infringement may or may not have taken place. Of course, any jurisdiction that implements rules one way or the other will find that the AI work she sets out so compellingly is simply offshored elsewhere. The Government engage very closely with creative groups, including fair remuneration groups for musicians and many others, and will continue to do so, looking for a solution to this difficult problem.
Lord Foster of Bath (LD)
My Lords, the noble Viscount told the Lords Communications and Digital Select Committee that he did not
“believe that infringing the rights of copyright holders is a necessary precondition for developing successful AI”.
Does he still hold to that view, and does he accept that it should be the clearly stated view of the Government?
Viscount Camrose (Con)
I do not believe that the AI industry, in the long term, will require long-standing copyright infringement for its success. That is and continues to be the Government’s view; any unauthorised use or copying of intellectual property or copyrighted material is an infringement. Of course, there is a range of exceptions to that, and there is the possibility of giving permission for that to happen. It becomes a very complex area, both legally and technologically, but, as I say, we continue to look for a solution.
Lord Cromwell (CB)
I am most grateful. AI is already creating IP of its own, but it is unable to register it because, by law, a human being needs to register IP. In trying to create a legislative bottle into which this genie could be reinserted, have the Government taken that into account?
Viscount Camrose (Con)
The noble Lord raises a very interesting question. The laws surrounding the copyrighting of machine-generated content are getting fairly elderly now and certainly need to be looked at as part of the overall position going forward.
Lord Ranger of Northwood (Con)
My Lords, it is clear from the questions being raised that this is a very complex area, not least because we are bringing together the creative and legal industries and the technologists who are programming, developing and trying to stay ahead of the curve on this. What plans do the two departments involved in developing the code of practice have urgently to engage with industry—especially over the summer, when there will be a number of events and activities, including London Tech Week—so that we can more quickly develop the code and other requirements?
Viscount Camrose (Con)
Perhaps my noble friend will forgive me if I gaze into a crystal ball for a moment and predict that the eventual solution to this will involve three elements: first, some modifications to our copyright legislation; secondly, some use of technology to enable a solution; and thirdly, internationally accepted standards of interoperability in any eventual solution. We engage widely with techUK and other technology partners, but above all we engage extensively internationally. I point to our specific engagements with the World Intellectual Property Organization, the UN agency the ITU, and of course the follow-up to the AI Safety Summit, which we are co-hosting in Seoul in a couple of weeks’ time.
Baroness Featherstone (LD)
My Lords, what action are the Government taking to compel AI companies to implement measures to monitor and report IP infringements?
Viscount Camrose (Con)
One of the principles we set out in our AI White Paper is transparency. That principle—repeated across the OECD and in the EU’s AI Act—will go a long way towards doing what the noble Baroness asks. There are, though, a number of technical difficulties in implementing transparency—not legally, from our side, but rather, the computer science problems associated with processing the very large quantities of data required to generate true transparency.
Lord Kirkhope of Harrogate (Con)
My Lords, a lot of people are excited by the prospects for AI. Indeed, this country is in the lead in developing such policies and the associated opportunities. As one of those involved in preparing the GDPR in Brussels, I am concerned that the opportunities and excitement associated with the use of AI must be balanced against the protection of individual privacy and the rights of corporate structures and individuals who are worried about the abuses that might occur unless legislators are up to date and moving fast enough to deal with these matters.
Viscount Camrose (Con)
My noble friend makes some important points: AI must advance on the back of well-executed data protection. Let me take the opportunity to thank him for his outstanding contributions during the recently completed Committee stage of the Data Protection and Digital Information Bill. We continue to share the goal that he set up.
Deepfakes: General Election
Viscount Camrose Excerpts(6 months, 1 week ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Jones of Whitchurch
To ask His Majesty’s Government what steps they are taking to ensure political deepfakes on social media are not used to undermine the outcome of the general election.
The Parliamentary Under-Secretary of State, Department for Science, Innovation and Technology (Viscount Camrose) (Con)
My Lords, we are working to ensure we are ready to respond to the full range of threats to our democratic processes, including through the Defending Democracy Taskforce. It is already an election offence to make false statements of fact about the personal character or conduct of a candidate before or during an election. Additionally, under the Online Safety Act, where illegal political deepfakes are shared on social media, they must be removed.
Baroness Jones of Whitchurch (Lab)
My Lords, Google’s Kent Walker has talked of the “very serious” threat posed by AI-generated deepfakes and disinformation. The Prime Minister, the Leader of the Opposition and the Mayor of London have all been the subject of deepfakes, so it is not surprising that the Home Secretary has identified a critical window for collective action to preserve the integrity of the forthcoming election. Obviously, monitoring online content is important, but that will not prevent malign individuals or hostile foreign states trying to interfere in the forthcoming elections at home and abroad. Will the Minister finally take up our proposals to use the Data Protection Bill to fill the deepfake gap left by the Online Safety Act so that we can all have confidence in the outcome of the general election?
Viscount Camrose (Con)
I start by saying that I very much share the view of the importance of protecting the forthcoming general election—and indeed every election—from online deepfakes, whether generated by AI or any other means. I think it is worth reminding the House that a range of existing criminal offences, such as the foreign interference offence, the false communications offence and offences under the Representation of the People Act, already address the use of deepfakes to malignly influence elections. While these Acts will go some way to deterring, I also think it is important to remind the House of the crucial non-legislative measures that we can take, continue to take and will take up to the completion of the election.
Lord Kirkhope of Harrogate (Con)
My Lords, would my noble friend not agree that there is an issue regarding the distortion of what politicians say, both through video and through the written word? Would he give me some indication of what the position is regarding Hansard and the coverage of what is said in this House and in the other place? Are we sufficiently protected if that written record is distorted or abused by others in the media?
Viscount Camrose (Con)
Indeed—and let me first thank my noble friend for bringing up this important matter. That sounds to me like something that would be likely to be applied under the false communications offence in the Online Safety Act—Section 179—although I would not be able to say for sure. The tests that it would need to meet are that the information would have to be knowingly false and cause non-trivial physical or psychological harm to those offended, but that would seem to be the relevant offence.
Lord Clement-Jones (LD)
My Lords, does not the Question from the noble Baroness, Lady Jones, highlight that we must hold to account with legal liability not only those who create this kind of deepfake content and facilitate its spread, but those who enable the production of deepfakes with software, such as by having standards and risk-based regulation for generative AI systems, which the Government in their White Paper have resolutely refused to do?
Viscount Camrose (Con)
The Government set out in their White Paper response that off-the-shelf AI software that can in part be used to create these kinds of deepfakes is not, in and of itself, something that we are considering placing any ban on. However, there are ranges of software, a sort of middle layer to the AI production, that can greatly facilitate the production of deepfakes of all kinds, not just political but other kinds of criminal deepfakes—and there the Government would be actively considering moving against those purpose-built criminal tools.
Lord Alton of Liverpool (CB)
My Lords, given the use of deepfakes and malign disinformation facilitated by data theft, has the noble Viscount taken note of what the Biden Administration decided to do last week? The President signed into law the ability to ban TikTok, and the Chinese-owned company that owns it, because of America’s experience in the mid-term elections in 2022 and the elections in Taiwan earlier this year. Does the Minister not worry that, unless we take similar powers in the United Kingdom, the same thing will happen here?
Viscount Camrose (Con)
Well, some of the enforcement measures under the Online Safety Act do allow for very significant moves against social media platforms that misuse their scale and presence to malign ends in this way, but of course the noble Lord is absolutely right and we will continue to look closely at the moves by the Biden Administration to see what we can learn from them for our approach.
Lord Browne of Ladyton (Lab)
My Lords, I pay tribute to Andy Street for the way he responded to the circumstances in what was an incredibly close race. He must have been hugely disappointed. Sadly, another candidate in that race has since made false accusations of racism against a Labour volunteer, posting the volunteer’s name, picture and social media account, with the result that the volunteer subsequently received death threats in both calls and emails. Will the Minister join all noble Lords in condemning this kind of behaviour and confirm that, in his view, attacking party volunteers falls fully within the range of threats to the democratic process?
Viscount Camrose (Con)
First, let me absolutely endorse the noble Lord’s sentiment: this is a deplorable way to behave that should not be tolerated. From hearing the noble Lord speak of the actions, my assumption is that they would fall foul of the false communications offence under Section 179 of the Online Safety Act. As I say, these actions are absolutely unacceptable.
Viscount Colville of Culross (CB)
My Lords, noble Lords will be aware of the threat of AI-generated deepfake election messages flooding the internet during an election campaign. At the moment, only registered users have to put a digital imprint giving the provenance of the content on unpaid election material. Does the Minister think that a requirement to put a digital imprint on all unpaid election material should be introduced to counter fake election messages?
Viscount Camrose (Con)
The noble Viscount is right to point to the digital imprint regime as one of the tools at our disposal for limiting the use of deepfakes. I think we would hesitate to have a blanket law that all materials of any kind would be required to have a digital imprint on them—but, needless to say, we will take away the idea and consider it further.
Viscount Stansgate (Lab)
My Lords, if, at the very height of the forthcoming general election, deepfakes were to emerge, what would be the role of Ofcom, in particular regarding the taking down of material that is manifestly false? Does Ofcom have the resources necessary to do this?
Viscount Camrose (Con)
In the regrettable scenario mentioned by the noble Lord, such actions would generally fall to the Joint Election Security and Preparedness Unit and the election cell that will have been set up for the duration of the election to conduct rapid operational rebuttal and other responses to such things. We would not necessarily look to Ofcom until after the event because of the speed at which things would have to move.
Lord Sikka (Lab)
My Lords, it is not just technology that can undermine the outcome of general elections; the Government are facilitating it, too. Jacob Rees-Mogg, former Business Secretary, famously said that voter ID rules were an attempt to “gerrymander” the electoral system. Does the Minister have any empirical evidence to show that the introduction of the voter ID system has reduced alleged fraud or encouraged more people to vote?
Viscount Camrose (Con)
It is a very interesting question, but I am afraid I have no information on that as it is not DSIT’s area at all. I will be very happy to find out and write to the noble Lord if that would help.
Universities: Sensitive Research
Viscount Camrose Excerpts(6 months, 3 weeks ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Young of Cookham
To ask His Majesty’s Government what steps they are taking to protect sensitive research at universities from national security threats.
The Parliamentary Under-Secretary of State, Department for Science, Innovation and Technology (Viscount Camrose) (Con)
The Government are implementing a range of legislative and non-legislative measures, including the Research Collaboration Advice Team, which provides advice to academia on national security risks in international collaboration. The integrated review refresh committed to review the effectiveness of existing protections. The Department for Science, Innovation and Technology is leading this review, and the Deputy Prime Minister announced last week that the Government will consult on the response in the summer.
Lord Young of Cookham (Con)
I am grateful to my noble friend, but are our universities not compromising their independence by becoming overreliant on China? Some 25% of the students, or 10,000, at UCL are Chinese, which risks the infiltration of academic research and, in the words of the Deputy Prime Minister, coercion, exploitation and vulnerability. While I welcome the recent Statement, what steps will the Government take to replace lost Chinese funding for our universities, so that the UK remains at the forefront of technological research?
Viscount Camrose (Con)
I thank my noble friend for the question. The first thing to say is that the independence of universities is absolutely critical to the quality of their research. While the integrated review refresh has of course indicated a great many concerns about working closely with China, and necessitated a reduction of academic collaboration with China, I hope our recent reassociation to the Horizon programme, and a number of other third countries also considering or being very close to associating with Horizon, will go some way towards providing a new pool of collaboration partners in academic research.
Lord Reid of Cardowan (Lab)
My Lords, I am sure that all of us agree with the noble Lord, Lord Young, that we need to protect scientific development from malign actors. But is there not a real problem here—that new technology and advances in scientific knowledge not only require international collaboration, on a scale hitherto unknown, but that most of it, ever since the bow and arrow, is dual-purpose? In other words, it can be used for benevolent or malign reasons. How do the departments charged with this responsibility distinguish between these two, so that in protecting us from the misuse of scientific advances, they are not smothering scientific research as a whole?
Viscount Camrose (Con)
The noble Lord is absolutely right in his analysis of the problem, which I agree with wholeheartedly. The most powerful tool we have at our disposal in this is RCAT—the Research Collaboration Advice Team—which provides hundreds of individual items of advice in these areas, where it can actually be quite subtle whether something is dual or single-use or has a military or defence application. It is not something that can be very easily defined up front, and does require a certain wisdom and delicacy of advice to provide that.
Baroness Smith of Newnham (LD)
My Lords, last week the Statement did not seem to say very much about which actors might be under consideration. The noble Lord, Lord Young, has already mentioned China, but do His Majesty’s Government also think that Iran and other countries might be a problem—not by giving funding, but by researchers and students coming? If that is the case, can His Majesty’s Government really expect universities to vet individuals? Is that not the role for government? I declare my interest as a professor at Cambridge.
Viscount Camrose (Con)
The noble Baroness raises a very important point; it is not about naming one or more countries and targeting them. The non-legislative and legislative elements of the entire approach to this are about being actor agnostic, and simply looking at the cases as they arise.
Viscount Stansgate (Lab)
My Lords, further to the points made by my noble friend, the Government said they are taking a range of measures, but if you take an area like biosecurity, which I am sure the Minister will agree is a very significant potential future threat, with people perhaps developing pathogens, aided possibly by using AI technology to do them more easily and quickly, is there not a case for mandatory surveillance over, for example, access to materials, which would indicate where somebody might be trying to do something that has that dual purpose—in other words, something bad rather than something good? Does the Minister agree that a voluntary scheme, such as I understand exists at the moment, may not be enough?
Viscount Camrose (Con)
Indeed, and we must recognise that there are limits to a voluntary scheme, particularly where actors are genuinely malign. I reassure the noble Viscount that any research contracted for purposes of defence, or indeed for purposes that might be used for defence, would be subject to vetting in the usual way. Depending on the nature of the research, the greater the vetting.
Baroness Goldie (Con)
My Lords, I declare an interest as an honorary fellow of the University of Strathclyde. This challenge to our universities is both fast-moving and intensifying in complexity. Now, the Russell group comprises some universities across the United Kingdom, but not all. Universities UK represents many universities across the United Kingdom, but not all. Is there, or are there plans for, a United Kingdom Government security portal, accessible to all universities across the United Kingdom, for immediate advice and information, if they have concerns?
Viscount Camrose (Con)
I thank my noble friend for that. Yes, the university sector absolutely does go far beyond just the Russell group. We must take account of all its needs. The review of protections for higher education and academia is now entering its second phase. There will be consultation on that over the summer. An area it will look at is precisely the mechanics that my noble friend puts forward as to how this kind of transparency can best be delivered with the minimum possible administrative overhead.
Lord Alton of Liverpool (CB)
My Lords, does the noble Viscount recall that, as long ago as September 2023, his noble friend Lord Johnson of Marylebone, in conjunction with King’s College, produced a report warning about the dangers which the noble Lord, Lord Young of Cookham, mentioned to the House? It called for diversification of the population base of our universities, which had become too reliant on money flowing in from China. Will he also comment on the case that was raised in the media last month of Professor Michelle Shipworth, who was banned from teaching what was called a “provocative” course at a prestigious university, UCL, simply because it might compromise commercial interests—that is, the flow of money from China?
Viscount Camrose (Con)
I certainly recognise the concern that overseas undergraduates tend to come very largely from a small number of countries, and the value of diversifying from that. I am afraid I am not familiar with the case the noble Lord mentions. I am very happy to write to him about it. It sounds extremely concerning.
Baroness Jones of Whitchurch (Lab)
My Lords, upholding national security is the first duty of any Government. To that end, we welcome the Government’s recent briefing for vice-chancellors and the intention to consult on how better to protect UK research from academic espionage. Given the importance of and the likely increase in these threats, does the Minister think it would be reasonable for the Deputy Prime Minister and the Secretary of State to offer similar briefings to their shadow counterparts?
Viscount Camrose (Con)
I would be very happy to raise that with them and ask them to do so. I take the noble Baroness’s point. There is nothing more important for us to do than look after our security, and research security is a very serious component of that.
Baroness Manningham-Buller (CB)
Would the Minister recognise that it is extremely important that his department works closely with the Home Office on this? I noticed last week the warning, from my successor but three at MI5, to vice-chancellors of the threat from Chinese espionage in universities, much of which will be by students under coercion. If I may answer the noble Baroness’s question about who you can go to, there is an organisation but such is my senility that I cannot remember its name. I will look it up. It is connected very closely to MI5, but it is the public-facing organisation to which you go with concerns. It starts “National Protective Security”, I think, but a quick look on my telephone has not revealed the answer, so I will talk to her later. The Minister probably knows the answer, but I am afraid I do not.
Viscount Camrose (Con)
I am consulting the lengthy list of acronyms that I wrote down in preparing for this, but I am not sure I have the right one. I take the noble Baroness’s point very seriously. We work extremely closely on this with the Home Office. A number of the legislative provisions keeping our research secure belong to the Home Office and we continue to work closely with it. As to the exact agency she mentioned, I will find out from my officials and write to her.
Data Protection and Digital Information Bill
Viscount Camrose ExcerptsWednesday 24th April 2024
(6 months, 3 weeks ago)
Grand CommitteeRead Full debate Data Protection and Digital Information Bill 2022-23 View all Data Protection and Digital Information Bill 2022-23 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 30-VII Seventh marshalled list for Grand Committee - (23 Apr 2024)
Viscount Camrose
Member’s explanatory statement
This amendment makes a technical change to wording about investigations by a coroner or procurator fiscal. The omitted words are not required because there is no stage at which a coroner or procurator fiscal would be “due to” conduct an investigation into a death (as opposed to conducting an investigation into it).
The Parliamentary Under-Secretary of State, Department for Science, Innovation and Technology (Viscount Camrose) (Con)
My Lords, having listened carefully to representations from across the House at Second Reading, I am introducing this amendment to address concerns about the data preservation powers established in the Bill. The amendment provides for coroners, and procurators fiscal in Scotland, to initiate the data preservation process when they decide it is necessary and appropriate to support their investigations into a child’s death, irrespective of the suspected cause of death.
This amendment demonstrates our commitment to ensuring that coroners and procurators fiscal can access the online data they may need to support their investigation into a child’s death. It is important to emphasise that coroners and procurators fiscal, as independent judges, have discretion about whether to trigger the data preservation process. We are grateful to the families, Peers and coroners whom we spoke to in developing these measures. In particular, I thank the noble Baroness, Lady Kidron, who is in her place. I beg to move.
Baroness Kidron (CB)
My Lords, it is an unusual pleasure to support the Minister and to say that this is a very welcome amendment to address a terrible error of judgment made when the Government first added the measure to the Bill in the other place and excluded data access for coroners in respect of children who died by means other than suicide. I shall not replay here the reasons why it was wrong, but I am extremely glad that the Government have put it right. I wish to take this opportunity to pay tribute to those past and present at 5Rights and the NSPCC for their support and to those journalists who understood why data access for coroners is a central plank of online safety.
I too recognise the role of the Bereaved Families for Online Safety. They bear the pain of losing a child and, as their testimony has repeatedly attested, not knowing the circumstances surrounding that death is a particularly cruel revictimisation for families, who never lose their grief but simply learn to live with it. We owe them a debt of gratitude for putting their grief to work for the benefit of other families and other children.
Lord Leong (Lab)
My Lords, I thank the Minister for setting out the amendment and all noble Lords who spoke. I am sure the Minister will be pleased to hear that we support his Amendment 236 and his Amendment 237, to which the noble Baroness, Lady Kidron, has added her name.
Amendment 236 is a technical amendment. It seeks the straightforward deletion of words from a clause, accounting for the fact that investigations by a coroner, or procurator fiscal in Scotland, must start upon them being notified of the death of a child. The words
“or are due to conduct an investigation”
are indeed superfluous.
We also support Amendment 237. The deletion of this part of the clause would bring into effect a material change. It would empower Ofcom to issue a notice to an internet service provider to retain information in all cases of a child’s death, not just cases of suspected suicide. Sadly, as many of us have discovered in the course of our work on this Bill, there is an increasing number of ways in which communication online can be directly or indirectly linked to a child’s death. These include areas of material that is appropriate for adults only; the inability to filter harmful information, which may adversely affect mental health and decision-making; and, of course, the deliberate targeting of children by adults and, in some cases, by other children.
There are adults who use the internet with the intention of doing harm to children through coercion, grooming or abuse. What initially starts online can lead to contact in person. Often, this will lead to a criminal investigation, but, even if it does not, the changes proposed by this amendment could help prevent additional tragic deaths of children, not just those caused by suspected child suicides. If the investigating authorities have access to online communications that may have been a contributing factor in a child’s death, additional areas of concern can be identified by organisations and individuals with responsibility for children’s welfare and action taken to save many other young lives.
Before I sit down, I want to take this opportunity to say a big thank you to the noble Baroness, Lady Kidron, the noble Lord, Lord Kennedy, and all those who have campaigned on this issue relentlessly and brought it to our attention.
Viscount Camrose (Con)
Let me begin by reiterating my thanks to the noble Baroness, Peers, families and coroners for their help in developing these measures. My momentary pleasure in being supported on these amendments is, of course, tempered by the desperate sadness of the situations that they are designed to address.
I acknowledge the powerful advocacy that has taken place on this issue. I am glad that we have been able to address the concerns with the amendment to the Online Safety Act, which takes a zero-tolerance approach to protecting children by making sure that the buck stops with social media platforms for the content they host. I sincerely hope that this demonstrates our commitment to ensuring that coroners can fully access the online data needed to provide answers for grieving families.
On the point raised by the noble Baroness, Lady Kidron, guidance from the Chief Coroner is likely to be necessary to ensure both that this provision works effectively and that coroners feel supported in their decisions on whether to trigger the data preservation process. Decisions on how and when to issue guidance are a matter for the Chief Coroner, of course, but we understand that he is very likely to issue guidance to coroners on this matter. His office is working with my department and Ofcom to ensure that our processes are aligned. The Government will also work with the regulators and interested parties to see whether any guidance is required to support parents in understanding the data preservation process. Needless to say, I would be more than happy to arrange a meeting with the noble Baroness to discuss the development of the guidance; other Members may wish to join that as well.
Once again, I thank noble Lords for their support on this matter.
Viscount Camrose
Member's explanatory statement
This amendment concerns OFCOM’s power to issue a notice requiring an internet service provider to retain information about the use of the service by a child who has died, where a coroner or procurator fiscal is investigating the child’s death. The amendment has the effect that the power is no longer limited to cases of suspected child suicide.
Viscount Camrose
Member's explanatory statement
This amendment is consequential on the amendment to this clause in my name moving provision about the initial upload of information into the National Underground Asset Register into a new section to be inserted into Part 3A of the New Roads and Street Works Act 1991 (inserted by this clause).
Viscount Camrose (Con)
My Lords, I now turn to the national underground asset register, which I will refer to as NUAR. It is a new digital map of buried pipes and cables that is revolutionising the way that we install, maintain, operate and repair our buried infrastructure. The provisions contained in the Bill will ensure workers have complete and up-to-date access to the data that they need, when they need it, through the new register. NUAR is estimated to deliver more than £400 million per year of economic growth through increased efficiency, reduced accidental damage and fewer disruptions for citizens and businesses. I am therefore introducing several government amendments, which are minor in nature and aim to improve the clarity of the Bill. I hope that the Committee will be content if I address these together.
Amendment 244 clarifies responsibilities in relation to the licensing of NUAR data. As NUAR includes data from across public and private sector organisations, it involves both Crown and third-party intellectual property rights, including database rights. This amendment clarifies that the role of the Keeper of the National Archives in determining the licence terms for Crown IP remains unchanged. This will require the Secretary of State to work through the National Archives to determine licence terms for Crown data, as was always intended. Amendments 243 and 245 are consequential to this change.
Similarly, Amendment 241 moves the provision relating to the first initial upload of data to the register under new Part 3A to make the Bill clearer, with Amendments 248 and 249 consequential to this change.
Amendment 242 is a minor and technical amendment that clarifies that regulations made under new Section 106B(1) can be made “for or in connection with”—rather than solely “in connection with”—the making of information kept in NUAR available, with or without a licence.
Amendment 247 is another minor and technical amendment to ensure that consistent language is used throughout Schedule 13 and so further improve the clarity of these provisions. These amendments provide clarity to the Bill; they do not change the underlying policy.
Although Amendment 298 is not solely focused on NUAR, this might perhaps be a convenient point for me to briefly explain it to your Lordships. Amendment 298 makes a minor and technical amendment to Clause 154, the clause which sets out the extent of the Bill. Subsection (4) of that clause currently provides that an amendment, repeal or revocation made by the Bill
“has the same extent as the enactment amended, repealed or revoked”.
Subsection (4) also makes clear that this approach is subject to subsection (3), which provides for certain provisions to extend only to England and Wales and Northern Ireland. Upon further reviewing the Bill, we have identified that subsection (4) should, of course, also be subject to subsection (2), which provides for certain provisions to extend only to England and Wales. Amendment 298 therefore makes provision to ensure that the various subsections of Clause 154 operate effectively together as a coherent package.
I now turn to a series of amendments raised by the noble Lord, Lord Clement-Jones. Amendments 240A and 240B relate to new Section 106A, which places a duty on the Secretary of State to keep a register of information relating to apparatus in streets in England and Wales. Section 106A allows for the Secretary of State to make regulations that establish the form and manner in which the register is kept. The Bill as currently drafted provides for these regulations to be subject to the negative procedure. Amendment 240A calls for this to be changed to the affirmative procedure, while Amendment 240B would require the publication of draft regulations, a call for evidence and the subsequent laying before Parliament of a statement by the Secretary of State before such regulations can be made.
Viscount Camrose (Con)
I start by thanking the noble Lords, Lord Clement-Jones and Lord Bassam, for their respective replies. As I have said, the Geospatial Commission has been engaging extensively with stakeholders, including the security services, on NUAR since 2018. This has included a call for evidence, a pilot project, a public consultation, focus groups, various workshops and other interactions. All major gas and water companies have signed up, as well as several large telecoms firms.
Lord Clement-Jones (LD)
While the Minister is speaking, maybe the Box could tell him whether the figure of only 33% of asset owners having signed up is correct? Both I and the noble Lord, Lord Bassam, mentioned that; it would be very useful to know.
Viscount Camrose (Con)
It did complete a pilot phase this year. As it operationalises, more and more will sign up. I do not know the actual number that have signed up today, but I will find out.
NUAR does not duplicate existing commercial services. It is a standardised, interactive digital map of buried infrastructure, which no existing service is able to provide. It will significantly enhance data sharing and access efficiency. Current services—
Lord Bassam of Brighton (Lab)
I am concerned. We get the principle behind NUAR, but is there an interface between NUAR and this other service—which, on the face of it, looks quite extensive—currently in place? Is there a dialogue between the two? That seems to be quite important, given that there is some doubt over NUAR’s current scope.
Viscount Camrose (Con)
I am not sure that there is doubt over the current scope of NUAR; it is meant to address all buried infrastructure in the United Kingdom. LSBUD does make extensive representations, as indeed it has to parliamentarians of both Houses, and has spoken several times to the Geospatial Commission. I am very happy to commit to continuing to do so.
Lord Clement-Jones (LD)
My Lords, the noble Lord, Lord Bassam, is absolutely right to be asking that question. We can go only on the briefs we get. Unlike the noble Lord, Lord Bassam, I have not been underground very recently, but we do rely on the briefings we get. LSBUD is described as a
“sustainably-funded UK success story”—
okay, give or take a bit of puff—that
“responds to most requests in 5 minutes or less”.
It has
“150+ asset-owners covering nearly 2 million km and 98% of high-risk assets—like gas, electric, and fuel pipelines”.
That sounds as though we are in the same kind of territory. How can the Minister just baldly state that NUAR is entirely different? Can he perhaps give us a paragraph on how they differ? I do not think that “completely different” can possibly characterise this relationship.
Viscount Camrose (Con)
As I understand it, LSBUD services are provided on a pdf, on request. It is not interactive; it is not vector-based graphics presented on a map, so it cannot be interrogated in the same way. Furthermore, as I understand it—and I am happy to be corrected if I am misstating—LSBUD has a great many private sector asset owners, but no public sector data is provided. All of it is provided on a much more manualised basis. The two services simply do not brook comparison. I would be delighted to speak to LSBUD.
Lord Clement-Jones (LD)
My Lords, we are beginning to tease out something quite useful here. Basically, NUAR will be pretty much an automatic service, because it will be available online, I assume, which has implications on data protection, on who owns the copyright and so on. I am sure there are all kinds of issues there. It is the way the service is delivered, and then you have the public sector, which has not taken part in LSBUD. Are those the two key distinctions?
Viscount Camrose (Con)
Indeed, there are two key distinctions. One is the way that the information is provided online, in a live format, and the other is the quantity and nature of the data that is provided, which will eventually be all relevant data in the United Kingdom under NUAR, versus those who choose to sign up on LSBUD and equivalent services. I am very happy to write on the various figures. Maybe it would help if I were to arrange a demonstration of the technology. Would that be useful? I will do that.
Lord Clement-Jones (LD)
Unlike the noble Lord, Lord Bassam, I do not have that background in seeing what happens with the excavators, but I would very much welcome that. The Minister again is really making the case for greater co-operation. The public sector has access to the public sector information, and LSBUD has access to a lot of private sector information. Does that not speak to co-operation between the two systems? We seem to have warring camps, where the Government are determined to prove that they are forging ahead with their new service and are trampling on quite a lot of rights, interests and concerns in doing so—by the sound of it. The Minister looks rather sceptical.
Viscount Camrose (Con)
I am not sure whose rights are being trampled on by having a shared database of these things. However, I will arrange a demonstration, and I confidently state that nobody who sees that demonstration will have any cynicism any more about the quality of the service provided.
Lord Clement-Jones (LD)
All I can say is that, in that case, the Minister has been worked on extremely well.
Viscount Camrose (Con)
In addition to the situation that the noble Lord, Lord Bassam, described, I was braced for a really horrible situation, because these things very often lead to danger and death, and there is a very serious safety argument to providing this information reliably and rapidly, as NUAR will.
Lord Bassam of Brighton (Lab)
My Lords, it took them half a day to discover where the hole had gone and what the damage was. The water flooded several main roads and there were traffic delays and the rest. So these things are very serious. I was trying to make a serious point while being slightly frivolous about it.
Viscount Camrose (Con)
No, indeed, it is a deeply serious point. I do not know the number off the top of my head but there are a number of deaths every year as a result of these things.
As I was saying, a thorough impact assessment was undertaken for the NUAR measures, which received a green rating from the Regulatory Policy Committee. Impacts on organisations that help facilitate the exchange of data related to assets in the street were included in the modelling. Although NUAR could impact existing utility—
Lord Davies of Brixton (Lab)
I cannot resist drawing the Minister’s attention to the story in today’s Financial Times, which reports that two major water companies do not know where their sewers are. So I think the impact is going to be a little bit greater than he is saying.
Viscount Camrose (Con)
I saw that story. Obviously, regardless of how they report the data, if they do not know, they do not know. But my thought was that, if there are maps available for everything that is known, that tends to encourage people who do not know to take better control of the assets that they manage.
A discovery project is under way to potentially allow these organisations—these alternative providers—to access NUAR data; LSBUD has been referenced, among others. It attended the last three workshops we conducted on this, which I hope could enable it to adapt its services and business models potentially to mitigate any negative impacts. Such opportunities will be taken forward in future years should they be technically feasible, of value, in the public interest and in light of the views of stakeholders, including asset owners.
A national underground asset register depends on bringing data together from asset owners on to a single standardised database. This will allow data to be shared more efficiently than was possible before. Asset owners have existing processes that have been developed to allow them to manage risks associated with excavations. These processes will be developed in compliance with existing guidance in the form of HSG47. To achieve this, those working on NUAR are already working closely with relevant stakeholders as part of a dedicated adoption group. This will allow for a safe and planned rollout of NUAR to those who will benefit from it.
Lord Clement-Jones (LD)
Before the Minister’s peroration, I just want to check something. He talked about the discovery project and contact with the industry; by that, I assume he was talking about asset owners as part of the project. What contact is proposed with the existing company, LinesearchbeforeUdig, and some of its major supporters? Can the Government assure us that they will have greater contact or try to align? Can they give greater assurance than they have been able to give today? Clearly, there is suspicion here of the Government’s intentions and how things will work out. If we are to achieve this safety agenda—I absolutely support it; it is the fundamental issue here—more work needs to be done in building bridges, to use another construction metaphor.
Viscount Camrose (Con)
As I said, the Government have met the Geospatial Commission many times. I would be happy to meet it in order to help it adapt its business model for the NUAR future. As I said, it has attended the last three discovery workshops, allowing this data.
I close by thanking noble Lords for their contributions. I hope they look forward to the demonstration.
Viscount Camrose
“106AA Initial upload of information into NUAR(1) Before the end of the initial upload period an undertaker having apparatus in a street must enter into NUAR— (a) all information that is included in the undertaker’s records under section 79(1) on the archive upload date, and(b) any other information of a prescribed description that is held by the undertaker on that date.(2) The duty under subsection (1) does not apply in such cases as may be prescribed.(3) Information must be entered into NUAR under subsection (1) in such form and manner as may be prescribed.(4) For the purposes of subsection (1) the Secretary of State must by regulations—(a) specify a date as “the archive upload date”, and(b) specify a period beginning with that date as the “initial upload period”.(5) Regulations under this section are subject to the negative procedure.”Member’s explanatory statement
This amendment moves provision about the initial upload of information into the National Underground Asset Register into a new section to be inserted into Part 3A of the New Roads and Street Works Act 1991 (inserted by this clause).
Viscount Camrose
Member’s explanatory statement
This amendment makes clear that regulations under section 106B(1) of the New Roads and Street Works Act 1991 (inserted by this clause) may make provision for, as well as provision in connection with, making information kept in the National Underground Asset Register available.
Viscount Camrose
Member’s explanatory statement
This amendment ensures that language used in paragraphs 2 and 3 of Schedule 5A to the New Roads and Street Works Act 1991 (inserted by this Schedule) is consistent.
Viscount Camrose
“(f) after subsection (3A) insert—“(3B) Except in such cases as may be prescribed, where an undertaker records information as required by subsection (1) or (1B), or updates such information, the undertaker must, within a prescribed period, enter the recorded or updated information into NUAR.(3C) Information must be entered into NUAR under subsection (3B) in such form and manner as may be prescribed.””Member’s explanatory statement
This amendment and the next amendment to this clause in my name are consequential on the amendment to clause 138 in my name moving provision about the initial upload of information into the National Underground Asset Register into a new section to be inserted into Part 3A of the New Roads and Street Works Act 1991 (inserted by clause 138).
Lord Leong (Lab)
My Lords, I support this probing amendment, Amendment 251. I thank all noble Lords who have spoken. From this side of the Committee, I say how grateful we are to the noble Lord, Lord Arbuthnot, for all that he has done and continues to do in his campaign to find justice for those sub-postmasters who have been wronged by the system.
This amendment seeks to reinstate the substantive provisions of Section 69 of PACE, the Police and Criminal Evidence Act 1984, revoking this dangerous assumption. I would like to imagine that legislators in 1984 were perhaps alert to the warning in George Orwell’s novel Nineteen Eighty-Four, written some 40 years earlier, about relying on an apparently infallible but ultimately corruptible technological system to define the truth. The Horizon scandal is, of course, the most glaring example of the dangers of assuming that computers are always right. Sadly, as hundreds of sub-postmasters have known for years, and as the wider public have more recently become aware, computer systems can be horribly inaccurate.
However, the Horizon system is very primitive compared to some of the programs which now process billions of pieces of our sensitive data every day. The AI revolution, which has already begun, will exponentially accelerate the risk of compounded errors being multiplied. To take just one example, some noble Lords may be aware of the concept of AI hallucinations. This is a term used to describe when computer models make inaccurate predictions based on seeing incorrect patterns in data, which may be caused by incomplete, biased or simply poor-quality inputs. In an earlier debate, the noble Viscount, Lord Younger of Leckie, said that account information notices will be decided. How will these decisions be made? Will they be made by individual human beings or by some AI-configured algorithms? Can the Minister share with us how such decisions will be taken?
Humans can look at clouds in the sky or outlines on the hillside and see patterns that look like faces, animals or symbols, but ultimately we know that we are looking at water vapour or rock formations. Computer systems do not necessarily have this innate common sense—this reality check. Increasingly, we will depend on computer systems talking to each other without any human intervention. This will deliver some great efficiencies, but it could lead to greater injustices on a scale which would terrify even the most dystopian science fiction writers. The noble Baroness, Lady Kidron, has already shared with us some of the cases where a computer has made errors and people have been wronged.
Amendment 251 would reintroduce the opportunity for some healthy human scepticism by enabling the investigation of whether there are reasonable grounds for questioning information in documents produced by a computer. The digital world of 2024 depends more on computers than the world of Nineteen Eighty-Four in actual legislation or in an Orwellian fiction. Amendment 251 enables ordinary people to question whether our modern “Big Brother” artificial intelligence is telling the truth when he or it is watching us. I look forward to the Minister’s responses to all the various questions and on the current assumption in law that information provided by the computer is always accurate.
Viscount Camrose (Con)
My Lords, I recognise the feeling of the Committee on this issue and, frankly, I recognise the feeling of the whole country with respect to Horizon. I thank all those who have spoken for a really enlightening debate. I thank the noble Baroness, Lady Kidron, for tabling the amendment and my noble friend Lord Arbuthnot for speaking to it and—if I may depart from the script—his heroic behaviour with respect to the sub-postmasters.
There can be no doubt that hundreds of innocent sub-postmasters and sub-postmistresses have suffered an intolerable miscarriage of justice at the hands of the Post Office. I hope noble Lords will indulge me if I speak very briefly on that. On 13 March, the Government introduced the Post Office (Horizon System) Offences Bill into Parliament, which is due to go before a Committee of the whole House in the House of Commons on 29 April. The Bill will quash relevant convictions of individuals who worked, including on a voluntary basis, in Post Office branches and who have suffered as a result of the Post Office Horizon IT scandal. It will quash, on a blanket basis, convictions for various theft, fraud and related offences during the period of the Horizon scandal in England, Wales and Northern Ireland. This is to be followed by swift financial redress delivered by the Department for Business and Trade.
On the amendment laid by the noble Baroness, Lady Kidron—I thank her and the noble Lords who have supported it—I fully understand the intent behind this amendment, which aims to address issues with computer evidence such as those arising from the Post Office cases. The common law presumption, as has been said, is that the computer which has produced evidence in a case was operating effectively at the material time unless there is evidence to the contrary, in which case the party relying on the computer evidence will need to satisfy the court that the evidence is reliable and therefore admissible.
This amendment would require a party relying on computer evidence to provide proof up front that the computer was operating effectively at the time and that there is no evidence of improper use. I and my fellow Ministers, including those at the MoJ, understand the intent behind this amendment, and we are considering very carefully the issues raised by the Post Office cases in relation to computer evidence, including these wider concerns. So I would welcome the opportunity for further meetings with the noble Baroness, alongside MoJ colleagues. I was pleased to hear that she had met with my right honourable friend the Lord Chancellor on this matter.
We are considering, for example, the way reliability of evidence from the Horizon system was presented, how failures of investigation and disclosure prevented that evidence from being effectively challenged, and the lack of corroborating evidence in many cases. These issues need to be considered carefully, with the full facts in front of us. Sir Wyn Williams is examining in detail the failings that led to the Post Office scandal. These issues are not straightforward. The prosecution of those cases relied on assertions that the Horizon system was accurate and reliable, which the Post Office knew to be wrong. This was supported by expert evidence, which it knew to be misleading. The issue was that the Post Office chose to withhold the fact that the computer evidence itself was wrong.
This amendment would also have a significant impact on the criminal justice system. Almost all criminal cases rely on computer evidence to some extent, so any change to the burden of proof would or could impede the work of the Crown Prosecution Service and other prosecutors.
Although I am not able to accept this amendment for these reasons, I share the desire to find an appropriate way forward along with my colleagues at the Ministry of Justice, who will bear the brunt of this work, as the noble Lord, Lord Clement-Jones, alluded to. I look forward to meeting the noble Baroness to discuss this ahead of Report. Meanwhile, I hope she will withdraw her amendment.
Lord Clement-Jones (LD)
Can the Minister pass on the following suggestion? Paul Marshall, who has been mentioned by all of us, is absolutely au fait with the exact procedure. He has experience of how it has worked in practice, and he has made some constructive suggestions. If there is not a full return to Section 69, there could be other, more nuanced, ways of doing this, meeting the Minister’s objections. But can I suggest that the MoJ has contact with him and discusses what the best way forward would be? He has been writing about this for some years now, and it would be extremely useful, if the MoJ has not already engaged with him, to do so.
Viscount Camrose (Con)
It may have already done so, but I will certainly pass that on.
Baroness Kidron (CB)
I thank everyone who spoke and the Minister for the offer of a meeting alongside his colleagues from the MoJ. I believe he will have a very busy diary between Committee and Report, based on the number of meetings we have agreed to.
However, I want to be very clear here. We have all recognised that the story of the Post Office sub-postmasters makes this issue clear, but it is not about the sub-postmasters. I commend the Government for what they are doing. We await the inquiry with urgent interest, and I am sure I speak for everyone in wishing the sub-postmasters a fair settlement—that is not in question. What is in question is the fact that we do not have unlimited Lord Arbuthnots to be heroic about all the other things that are about to happen. I took it seriously when he said not one moment longer: it could be tomorrow.
Viscount Camrose
“(3A) In section 205(2) (references to periods of time)—(a) omit paragraph (l), and(b) after that paragraph insert—“(la) paragraph 22(6) of Schedule 12A;”Member’s explanatory statement
This amendment provides that Article 3 of Regulation No 1182/71 (rules of interpretation regarding periods of time etc) does not apply to paragraph 22(6) of Schedule 12A to the Data Protection Act 2018 (inserted by Schedule 15 to the Bill).
Viscount Camrose
“Supplementary powers
23A The Commission may do anything it thinks appropriate for the purposes of, or in connection with, its functions.”Member’s explanatory statement
This amendment makes clear that the Information Commission has power to do things to facilitate the exercise of its functions.
Viscount Camrose
“(3) For the purposes of paragraph 7(3) of Schedule 12A to the 2018 Act (extension of chair’s term), the term of the person’s appointment as chair of the Information Commission is to be treated as a term beginning when the person began to hold the office of Information Commissioner.”Member’s explanatory statement
This amendment ensures that provision limiting the extension of a person’s term of appointment as chair of the Information Commission (in paragraph 7 of new Schedule 12A to the Data Protection Act 2018, read with section 205(2) of that Act) applies in the same manner to the transitional appointment of the current Information Commissioner as chair.
Baroness Jones of Whitchurch (Lab)
My Lords, I am pleased that we were able to sign this amendment. Once again, the noble Baroness, Lady Kidron, has demonstrated her acute ability to dissect and to make a brilliant argument about why an amendment is so important.
As the noble Lord, Lord Clement-Jones, and others have said previously, what is the point of this Bill? Passing this amendment and putting these new offences on the statute book would give the Bill the purpose and clout that it has so far lacked. As the noble Baroness, Lady Kidron, has made clear, although it is currently an offence to possess or distribute child sex abuse material, it is not an offence to create these images artificially using AI techniques. So, quite innocent images of a child—or even an adult—can be manipulated to create child sex abuse imagery, pornography and degrading or violent scenarios. As the noble Baroness pointed out, this could be your child or a neighbour’s child being depicted for sexual gratification by the increasingly sophisticated AI creators of these digital models or files.
Yesterday’s report from the Internet Watch Foundation said that a manual found on the dark web encourages “nudifying” tools to remove clothes from child images, which can then be used to blackmail them into sending more graphic content. The IWF reports that the scale of this abuse is increasing year on year, with 275,000 web pages containing child sex abuse being found last year; I suspect that this is the tip of the iceberg as much of this activity is occurring on the dark web, which is very difficult to track. The noble Baroness, Lady Kidron, made a powerful point: there is a danger that access to such materials will also encourage offenders who then want to participate in real-world child sex abuse, so the scale of the horror could be multiplied. There are many reasons why these trends are shocking and abhorrent. It seems that, as ever, the offenders are one step ahead of the legislation needed for police enforcers to close down this trade.
As the noble Baroness, Lady Kidron, made clear, this amendment is “laser focused” on criminalising those who are developing and using AI to create these images. I am pleased to say that Labour is already working on a ban on creating so-called nudification tools. The prevalence of deepfakes and child abuse on the internet is increasing the public’s fear of the overall safety of AI, so we need to win their trust back if we are to harness the undoubted benefits that it can deliver to our public services and economy. Tackling this area is one step towards that.
Action to regulate AI by requiring transparency and safety reports from all those at the forefront of AI development should be a key part of that strategy, but we have a particular task to do here. In the meantime, this amendment is an opportunity for the Government to take a lead on these very specific proposals to help clean up the web and rid us of these vile crimes. I hope the Minister can confirm that this amendment, or a government amendment along the same lines, will be included in the Bill. I look forward to his response.
Viscount Camrose (Con)
I thank the noble Baroness, Lady Kidron, for tabling Amendment 291, which would create several new criminal offences relating to the use of AI to collect, collate and distribute child abuse images or to possess such images after they have been created. Nobody can dispute the intention behind this amendment.
We recognise the importance of this area. We will continue to assess whether and what new offences are needed to further bolster the legislation relating to child sexual abuse and AI, as part of our wider ongoing review of how our laws need to adapt to AI risks and opportunities. We need to get the answers to these complex questions right, and we need to ensure that we are equipping law enforcement with the capabilities and the powers needed to combat child sexual abuse. Perhaps, when I meet the noble Baroness, Lady Kidron, on the previous group, we can also discuss this important matter.
However, for now, I reassure noble Lords that any child sex abuse material, whether AI generated or not, is already illegal in the UK, as has been said. The criminal law is comprehensive with regard to the production and distribution of this material. For example, it is already an offence to produce, store or share any material that contains or depicts child sexual abuse, regardless of whether the material depicts a real child or not. This prohibition includes AI-generated child sexual abuse material and other pseudo imagery that may have been AI or computer generated.
We are committed to bringing to justice offenders who deliberately misuse AI to generate child sexual abuse material. We demonstrated this as part of the road to the AI Safety Summit, where we secured agreement from NGO, industry and international partners to take action to tackle AI-enabled child sexual abuse. The strongest protections in the Online Safety Act are for children, and all companies in scope of the legislation will need to tackle child sexual abuse material as a priority. Applications that use artificial intelligence will not be exempt and must incorporate robust guard-rails and safety measures to ensure that AI models and technology cannot be manipulated for child sexual abuse purposes.
Furthermore, I reassure noble Lords that the offence of taking, making, distributing and possessing with a view to distribution any indecent photograph or pseudophotograph of a child under the age of 18 carries a maximum sentence of 10 years’ imprisonment. Possession alone of indecent photographs or pseudophotographs of children can carry a maximum sentence of up to five years’ imprisonment.
However, I am not able to accept the amendment, as the current drafting would capture legitimate AI models that have been deliberately misused by offenders without the knowledge or intent of their creators to produce child sexual abuse material. It would also inadvertently criminalise individual users who possess perfectly legal digital files with no criminal intent, due to the fact that they could, when combined, enable the creation of child sexual abuse material.
I therefore ask the noble Baroness to withdraw the amendment, while recognising the strength of feeling and the strong arguments made on this issue and reiterating my offer to meet with her to discuss this ahead of Report.
Baroness Kidron (CB)
I do not know how to express in parliamentary terms the depth of my disappointment, so I will leave that. Whoever helped the noble Viscount draft his response should be ashamed. We do not have a comprehensive system and the police do not have the capability; they came to me after months of trying to get the Home Office to act, so that is an untruth: the police do not have the capability.
I remind the noble Viscount that in previous debates his response on the bigger picture of AI has been to wait and see, but this is a here and now problem. As the noble Baroness, Lady Jones, set out, this would give purpose and reason—and here it is in front of us; we can act.
Viscount Camrose (Con)
I thank the noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Jones of Whitchurch, for tabling the amendments in this important group. I very much share the concerns about all the uses of deepfake images that are highlighted by these amendments. I will speak more briefly than I otherwise would with a view to trying to—
Lord Clement-Jones (LD)
My Lords, I would be very happy to get a letter from the Minister.
Viscount Camrose (Con)
I would be happy to write one. I will go for the abbreviated version of my speech.
I turn first to the part of the amendment that would seek to criminalise the creation, alteration or otherwise generation of deepfake images depicting a person engaged in an intimate act. The Government recognise that there is significant public concern about the simple creation of sexually explicit deepfake images, and this is why they have announced their intention to table an amendment to the Criminal Justice Bill, currently in the other place, to criminalise the creation of purposed sexual images of adults without consent.
The noble Lord’s Amendment 294 would create an offence explicitly targeting the creation or alteration of deepfake content when a person knows or suspects that the deepfake will be or is likely to be used to commit fraud. It is already an offence under Section 7 of the Fraud Act 2006 to generate software or deepfakes known to be designed for or intended to be used in the commission of fraud, and the Online Safety Act lists fraud as a priority offence and as a relevant offence for the duties on major services to remove paid-for fraudulent advertising.
Amendment 295 in the name of the noble Baroness, Lady Jones of Whitchurch, seeks to create an offence of creating or sharing political deepfakes. The Government recognise the threats to democracy that harmful actors pose. At the same time, the UK also wants to ensure that we safeguard the ability for robust debate and protect freedom of expression. It is crucial that we get that balance right.
Let me first reassure noble Lords that the UK already has criminal offences that protect our democratic processes, such as the National Security Act 2023 and the false communications offence introduced in the Online Safety Act 2023. It is also already an election offence to make false statements of fact about the personal character or conduct of a candidate or about the withdrawal of a candidate before or during an election. These offences have appropriate tests to ensure that we protect the integrity of democratic processes while also ensuring that we do not impede the ability for robust political debate.
I assure noble Lords that we continue to work across government to ensure that we are ready to respond to the risks to democracy from deepfakes. The Defending Democracy Taskforce, which seeks to protect the democratic integrity of the UK, is engaging across government and with Parliament, the UK’s intelligence community, the devolved Administrations, local authorities and others on the full range of threats facing our democratic institutions. We also continue to meet regularly with social media companies to ensure that they continue to take action to protect users from election interference.
Turning to Amendments 295A to 295F, I thank the noble Lord, Lord Clement-Jones, for them. Taken together, they would in effect establish a new regulatory regime in relation to the creation and dissemination of deepfakes. The Government recognise the concerns raised around harmful deepfakes and have already taken action against illegal content online. We absolutely recognise the intention behind these amendments but they pose significant risks, including to freedom of expression; I will write to noble Lords about those in order to make my arguments in more detail.
For the reasons I have set out, I am not able to accept these amendments. I hope that the noble Lord will therefore withdraw his amendment.
Lord Clement-Jones (LD)
My Lords, I thank the Minister for that rather breathless response and his consideration. I look forward to his letter. We have arguments about regulation in the AI field; this is, if you like, a subset of that—but a rather important subset. My underlying theme is “must try harder”. I thank the noble Lord, Lord Leong, for his support and pay tribute to Control AI, which is vigorously campaigning on this subject in terms of the supply chain for the creation of these deepfakes.
Pending the Minister’s letter, which I look forward to, I beg leave to withdraw my amendment.
Lord Bassam of Brighton (Lab)
The Committee will be relieved to know that I will be brief. I do not have much to say because, in general terms, this seems an eminently sensible amendment.
We should congratulate the noble Lord, Lord Clement-Jones, on his drafting ingenuity. He has managed to compose an amendment that brings together the need for scrutiny of emerging national security and data privacy risks relating to advanced technology, aims to inform regulatory developments and guidance that might be required to mitigate risks, and would protect the privacy of people’s genomics data. It also picks up along the way the issue of the security services scrutinising malign entities and guiding researchers, businesses, consumers and public bodies. Bringing all those things together at the end of a long and rather messy Bill is quite a feat—congratulations to the noble Lord.
I am rather hoping that the Minister will tell the Committee either that the Government will accept this wisely crafted amendment or that everything it contains is already covered. If the latter is the case, can he point noble Lords to where those things are covered in the Bill? Can he also reassure the Committee that the safety and security issues raised by the noble Lord, Lord Clement-Jones, are covered? Having said all that, we support the general direction of travel that the amendment takes.
Lord Clement-Jones (LD)
I would be extremely happy for the Minister to write.
Viscount Camrose (Con)
Nothing makes me happier than the noble Lord’s happiness. I thank him for his amendment and the noble Lord, Lord Bassam, for his points; I will write to them on those, given the Committee’s desire for brevity and the desire to complete this stage tonight.
I wish to say some final words overall. I sincerely thank the Committee for its vigorous—I think that is the right word—scrutiny of this Bill. We have not necessarily agreed on a great deal, but I am in awe of the level of scrutiny and the commitment to making the Bill as good as possible. Let us be absolutely honest—this is not the most entertaining subject, but it is something that we all take extremely seriously and I pay tribute to the Committee for its work. I also extend sincere thanks to the clerks and our Hansard colleagues for agreeing to stay a little later than agreed, although that may not even be necessary. I very much look forward to engaging with noble Lords again before and during Report.
Lord Clement-Jones (LD)
My Lords, I thank the Minister, the noble Baroness, Lady Jones, and all the team. I also thank the noble Lord, Lord Harlech, whose first name we now know; these things are always useful to know. This has been quite a marathon. I hope that we will have many conversations between now and Report. I also hope that Report is not too early as there is a lot to sort out. The noble Baroness, Lady Jones, and I will be putting together our priority list imminently but, in the meantime, I beg leave to withdraw my amendment.
Viscount Camrose
“(3A) Regulations under this section made in consequence of section 183A of the 2018 Act (inserted by section 49 of this Act) may amend, repeal or revoke provision which refers to the data protection legislation (as defined in section 3 of the 2018 Act) as they could if the provision referred instead to the main data protection legislation (as defined in section 183A of the 2018 Act).”Member’s explanatory statement
This amendment makes clear that regulations making amendments consequential on new section 183A of the Data Protection Act 2018 (inserted by clause 49 of the Bill) can remove provision which duplicates the effect of that section but which refers to the “data protection legislation” generally, rather than the “main data protection legislation”.
Viscount Camrose
Member’s explanatory statement
This amendment provides that subsection (4) of this clause is subject to subsection (2) of this clause, as well as subsection (3).
Data Protection and Digital Information Bill
Viscount Camrose ExcerptsWednesday 17th April 2024
(7 months ago)
Grand CommitteeRead Full debate Data Protection and Digital Information Bill 2022-23 View all Data Protection and Digital Information Bill 2022-23 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 30-V Fifth marshalled list for Grand Committee - (16 Apr 2024)
Baroness Jones of Whitchurch (Lab)
My Lords, I listened carefully to the explanation given by the noble Lord, Lord Clement-Jones, for his stand part notice on Clause 44. I will have to read Hansard, as I may have missed something, but I am not sure I am convinced by his arguments against Clause 44 standing part. He described his stand part notice as “innocuous”, but I am concerned that if the clause were removed it would have a slightly wider implication than that.
We feel that there are some advantages to how Clause 44 is currently worded. As it stands, it simply makes it clear that data subjects have to use the internal processes to make complaints to controllers first, and then the controller has the obligation to respond without undue delay. Although this could place an extra burden on businesses to manage and reply to complaints in a timely manner, I would have thought that this was a positive step to be welcomed. It would require controllers to have clear processes in place for handling complaints; I hope that that in itself would be an incentive against their conducting the kind of unlawful processing that prompts complaints in the first place. This seems the best practice, which would apply anyway in most organisations and complaint and arbitration systems, including, perhaps, ombudsmen, which I know the noble Lord knows more about than I do these days. There should be a requirement to use the internal processes first.
The clause makes it clear that the data subject has a right to complain directly to the controller and it makes clear that the controller has an obligation to respond. Clause 45 then goes on to make a different point, which is that the commissioner has a right to refuse to act on certain complaints. We touched on this in an earlier debate. Clearly, to be in line with Clause 44, the controller would have to have finished handling the case within the allotted time. We agree with that process. However, an alternative reason for the commissioner to refuse is when the complaint is “vexatious or excessive”. We have rehearsed our arguments about the interpretation of those words in previous debates on the application of subject access requests. I do not intend to repeat them here, but our concern about that wording rightly remains. What is important here is that the ICO should not be able to reject complaints simply because the complainant is distressed or angry. It is helpful that the clause states that in these circumstances,
“the Commissioner must inform the complainant”
of the reasons it is considered vexatious or excessive. It is also helpful that the clause states that this
“does not prevent the complainant from making it a complaint again”,
presumably in a way more compliant with the rules. Unlike the noble Lord, Lord Clement Jones—as I said, I will look at what he said in more detail—on balance, we are content with the wording as it stands.
On a slightly different tack, we have added our name to Amendment 154, in the name of the noble Lord, Lord Clement-Jones, and we support Amendment 287 on a similar subject. This touches on a similar principle to our previous debate on the right of data communities to raise data-breach complaints on behalf of individuals. In these amendments, we are proposing that there should be a collective right for organisations to raise data-breach complaints for individuals or groups of individuals who do not necessarily feel sufficiently empowered or confident to raise the complaints on their own behalf. There are many reasons why this reticence might occur, not least that the individuals may feel that making a complaint would put their employment on the line or that they would suffer discrimination at work in the future. We therefore believe that these amendments are important to widen people’s access to work with others to raise these complaints.
Since these amendments were tabled, we have received the letter from the Minister that addresses our earlier debate on data communities. I am pleased to see the general support for data intermediaries that he set out in his letter. We argue that a data community is a separate distinct collective body, which is different from the wider concept of data intermediaries. This seems to be an area in which the ICO could take a lead in clarifying rights and set standards. Our Amendment 154 would therefore set a deadline for the ICO to do that work and for those rights to be enacted.
The noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Kidron, made a good case for broadening these rights in the Bill and, on that basis, I hope the Minister will agree to follow this up, and follow up his letter so that we can make further progress on this issue.
The noble Lord, Lord Clement-Jones, has tabled a number of amendments that modify the courts and tribunals functions. I was hoping that when I stood here and listened to him, I would understand a bit more about the issues. I hope he will forgive me for not responding in detail to these arguments. I do not feel that I know enough about the legal background to the concerns but he seems to have made a clear case in clarifying whether the courts or tribunals should have jurisdiction in data protection issues.
On that basis, I hope that the Minister will also provide some clarification on these issues and I look forward to his response.
The Parliamentary Under-Secretary of State, Department for Science, Innovation and Technology (Viscount Camrose) (Con)
My Lords, I thank the noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Jones, for tabling these amendments to Clauses 44 and 45, which would reform the framework for data protection complaints to the Information Commissioner.
The noble Lord, Lord Clement-Jones, has given notice of his intention to oppose Clause 44 standing part of the Bill. That would remove new provisions from the Bill that have been carefully designed to provide a more direct route to resolution for data subjects’ complaints. I should stress that these measures do not limit rights for data subjects to bring complaints forward, but instead provide a more direct route to resolution with the relevant data controller. The measures formalise current best practice, requiring the complainant to approach the relevant data controller, where appropriate, to attempt to resolve the issue prior to regulatory involvement.
The Bill creates a requirement for data controllers to facilitate the making of complaints and look into what may have gone wrong. This should, in most cases, result in a much quicker resolution of data protection-related complaints. The provisions will also have the impact of enabling the Information Commissioner to redeploy resources away from handling premature complaints where such complaints may be dealt with more effectively, in the first instance, by controllers and towards value-added regulatory activity, supporting businesses to use data lawfully and in innovative ways.
The noble Lord’s Amendment 153 seeks, in effect, to expand the scope of the Information Commissioner’s duty to investigate complaints under Section 165 of the Data Protection Act. However, that Section of the Act already provides robust redress routes, requiring the commissioner to take appropriate steps to respond to complaints and offer an outcome or conclude an investigation within a specified period.
The noble Lord raised the enforcement of the UK’s data protection framework. I can provide more context on the ICO’s approach, although noble Lords will be aware that it is enforced independently of government by the ICO; it would of course be inappropriate for me to comment on how the ICO exercises its enforcement powers. The ICO aims to be fair, proportionate and effective, focusing on areas with the highest risk and most harm, but this does not mean that it will enforce every case that crosses its books.
The Government have introduced a new requirement on the ICO—Clause 43—to publish an annual report on how it has exercised its enforcement powers, the number and nature of investigations, the enforcement powers used, how long investigations took and the outcome of the investigations that ended in that period. This will provide greater transparency and accountability in the ICO’s exercise of its enforcement powers. For these reasons, I am not able to accept these amendments.
I also thank the noble Baroness and the noble Lord for their Amendments 154 and 287 concerning Section 190 of the Data Protection Act. These amendments would require the Secretary of State to legislate to give effect to Article 80(2) of the UK GDPR to enable relevant non-profit organisations to make claims against data controllers for alleged data breaches on behalf of data subjects, without those data subjects having requested or agreeing to the claim being brought. Currently, such non-profit organisations can already pursue such actions on behalf of individuals who have granted them specific authorisation, as outlined in Article 80(1).
In 2021, following consultation, the Government concluded that there was insufficient evidence to justify implementing Article 80(2) to allow non-profit organisations to bring data protection claims without the authorisation of the people affected. The Government’s response to the consultation noted that the regulator can and does investigate complaints raised by civil society groups, even when they are not made on behalf of named individuals. The ICO’s investigations into the use of live facial recognition technology at King’s Cross station and in some supermarkets in southern England are examples of this.
I also thank the noble Baroness, Lady Kidron, for raising her concerns about the protection of children throughout the debate—indeed, throughout all the days in Committee. The existing regime already allows civil society groups to make complaints to the ICO about data-processing activities that affect children and vulnerable people. The ICO has a range of powers to investigate systemic data breaches under the current framework and is already capable of forcing data controllers to take decisive action to address non-compliance. We are strengthening its powers in this Bill. I note that only a few member states of the EU have allowed non-governmental organisations to launch actions without a mandate, in line with the possibility provided by the GDPR.
I turn now to Amendments 154A, 154B—
Lord Bassam of Brighton (Lab)
Before the noble Lord gets there and we move too far from Amendment 154, where does the Government’s thinking leave us regarding a group of class actions? Trade unions take up causes on behalf of their membership at large. I guess, in the issue of the Post Office and Mr Bates, not every sub-postmaster or sub-postmistress would have signed up to that class action, even though they may have ended up being beneficiaries of its effects. So where does it leave people with regard to data protection and the way that the data protection scheme operates where there might be a class action?
Viscount Camrose (Con)
If the action is raised on behalf of named individuals, those named individuals have to have given consent for that. If the action is for a general class of people, those people would not have to give their explicit consent, because they are not named in the action. Article 80(2) of the GDPR said that going that further step was optional for all member states. I do not know which member states have taken it up, but a great many have not, just because of the complexities to which it gives rise.
Lord Clement-Jones (LD)
My Lords, just so that the Minister might get a little note, I will ask a question. He has explained what is possible—what can be done—but not why the Government still resist putting Article 80(2) into effect. What is the reason for not adopting that article?
Viscount Camrose (Con)
The reason was that an extensive consultation was undertaken in 2021 by the Government, and the Government concluded at that time that there was insufficient evidence to take what would necessarily be a complex step. That was largely on the grounds that class actions of this type can go forward either as long as they have the consent of any named individuals in the class action or on behalf of a group of individuals who are unnamed and not specifically raised by name within the investigation itself.
Lord Clement-Jones (LD)
Perhaps the Minister could in due course say what evidence would help to persuade the Government to adopt the article.
Lord Bassam of Brighton (Lab)
I want to help the Minister. Perhaps he could give us some more detail on the nature of that consultation and the number of responses and what people said in it. It strikes me as rather important.
Viscount Camrose (Con)
Fair enough. Maybe for the time being, it will satisfy the Committee if I share a copy of that consultation and what evidence was considered, if that would work.
I will turn now to Amendments 154A to 155 and Amendment 175, which propose sweeping modifications to the jurisdiction of the court and tribunal for proceedings under the Data Protection Act 2018. These amendments would have the effect of making the First-tier Tribunal and Upper Tribunal responsible for all data protection cases, transferring both ongoing and future cases out of the court system and to the relevant tribunals.
The Government of course want to ensure that proceedings for enforcement of data protection rules, including redress routes available to data subjects, are appropriate for the nature of the complaint. As the Committee will be well aware, at present there is a mixture of jurisdiction for tribunals and courts under data protection legislation, depending on the precise nature of the proceedings in question. Tribunals are indeed the appropriate venue for some data protection proceedings, and the legislation already recognises that—for example, for application by data subjects for an order requiring the ICO to progress their complaint. However, courts are generally the more appropriate venue for cases involving claims for compensation and successful parties can usually recover their costs. Courts also apply stricter rules of procedure and evidence than tribunals. That is because some cases are appropriate to fall under the jurisdiction of the tribunal, while others are more appropriate for court jurisdiction. For example, claims by individuals against organisations for breaches of legal requirements can result in awards of compensatory damages for the individuals and financial and reputational damage for the organisations. It is appropriate that such cases are handled by a court in accordance with its strict procedural and evidential rules, where the data subject may recover their costs if successful.
As such, the Government are confident that the current system is balanced and proportionate and provides clear and effective administrative and judicial redress routes for data subjects seeking to exercise their rights.
Lord Clement-Jones (LD)
My Lords, is the Minister saying that there is absolutely no confusion between the jurisdiction of the tribunals and the courts? That is, no court has come to a different conclusion about jurisdiction—for example, as to whether procedural matters are for tribunals and merits are for courts or vice versa. Is he saying that everything is hunky-dory and clear and that we do not need to concern ourselves with this crossover of jurisdiction?
Viscount Camrose (Con)
No, as I was about to say, we need to take these issues seriously. The noble Lord raised a number of specific cases. I was unfamiliar with them at the start of the debate—
Viscount Camrose (Con)
I will go away and look at those; I look forward to learning more about them. There are obvious implications in what the noble Lord said as to the most effective ways of distributing cases between courts and other channels.
For these reasons, I hope that the noble Lord will withdraw his amendment.
Lord Bassam of Brighton (Lab)
I am intrigued by the balance between what goes to a tribunal and what goes to the courts. I took the spirit behind the stand-part notice in the name of the noble Lord, Lord Clement-Jones, as being about finding the right place for the right case and ensuring that the wheels of justice are much more accessible. I am not entirely persuaded by what the Minister has said. It would probably help the Committee if we had a better understanding of where the cases go, how they are distributed and on what basis.
Viscount Camrose (Con)
I thank the noble Lord; that is an important point. The question is: how does the Sorting Hat operate to distribute cases between the various tribunals and the court system? We believe that the courts have an important role to play in this but it is about how, in the early stages of a complaint, the case is allocated to a tribunal or a court. I can see that more detail is needed there; I would be happy to write to noble Lords.
Baroness Kidron (CB)
Before we come to the end of this debate, I just want to raise something. I am grateful to the Minister for offering to bring forward the 2021 consultation on Article 80(2)—that will be interesting—but I wonder whether, as we look at the consultation and seek to understand the objections, the Government would be willing to listen to our experiences over the past two or three years. I know I said this on our previous day in Committee but there is, I hope, some point in ironing out some of the problems of the data regime that we are experiencing in action. I could bring forward a number of colleagues on that issue and on why it is a blind spot for both the ICO and the specialist organisations that are trying to bring systemic issues to its attention. It is very resource-heavy. I want a bit of goose and gander here: if we are trying to sort out some of the resourcing and administrative nightmares in dealing with the data regime, from a user perspective, perhaps a bit of kindness could be shown to that problem as well as to the problem of business.
Viscount Camrose (Con)
I would be very happy to participate in that discussion, absolutely.
Lord Clement-Jones (LD)
My Lords, I thank the Minister for his response. I have surprised myself: I have taken something positive away from the Bill.
The noble Baroness, Lady Jones, was quite right to be more positive about Clause 44 than I was. The Minister unpacked its relationship with Clause 45 well and satisfactorily. Obviously, we will read Hansard before we jump to too positive a conclusion.
On Article 80(2), I am grateful to the Minister for agreeing both to go back to the consultation and to look at the kinds of evidence that were brought forward, because this is a really important aspect for many civil society organisations. He underestimates the difficulties faced when bringing complaints of this nature. I would very much like this conversation to go forward because this issue has been quite a bone of contention; the noble Baroness, Lady Kidron, remembers that only too well. We may even have had ping-pong on the matter back in 2017. There is an appetite to keep on the case so, the more we can discuss this matter—between Committee and Report in particular—the better, because there is quite a head of steam behind it.
As far as the jurisdiction point is concerned, I think this may be the first time I have heard a Minister talk about the Sorting Hat. I was impressed: I have often compared this place to Hogwarts but the concept of using the Sorting Hat to decide whether a case goes to a tribunal or a court is a wonderful one. You would probably need artificial intelligence to do that kind of thing nowadays; that in itself is a bit of an issue because, after all, these may be elaborate amendments but, as the noble Lord, Lord Bassam, said, the case being made here is about the possibility of there being confusion and things not being clear in terms of where jurisdiction lies. It is really important that we determine whether the courts and tribunals themselves understand this and, perhaps more appropriately, whether they have differing views about it.
We need to get to grips with this; the more the Minister can dig into it, and into Delo, Killock and so on, the better. We are all in the foothills here but I am certainly not going to try to unpack those two judgments and the differences between Mrs Justice Farbey and Mr Justice Mostyn, which are well beyond my competency. I thank the Minister.
Viscount Camrose
Member's explanatory statement
This amendment adjusts the language of new section 165A(3) of the Data Protection Act 2018 to ensure that Article 3 of Regulation No 1182/71 (rules of interpretation regarding periods of time etc) will apply to it.
Viscount Camrose
Member's explanatory statement
This amendment is consequential on the amendments in my name inserting additional subsections into this clause.
Viscount Camrose (Con)
My Lords, the UK has rightly moved away from the EU concept of supremacy, under which retained EU law would always take precedence over domestic law when they were in conflict. That is clearly unacceptable now that we have left the EU. However, we understand that the effective functioning of our data protection legislation is of critical importance and it is appropriate for us to specify the appropriate relationship between UK and EU-derived pieces of legislation following implementation of the Retained EU Law (Revocation and Reform) Act, or REUL. That is why I am introducing a number of specific government amendments to ensure that the hierarchy of legislation works in the data protection context. These are Amendments 156 to 164 and 297.
Noble Lords may be aware that Clause 49 originally sought to clarify the relationship between the UK’s data protection legislation, specifically the UK GDPR and EU-derived aspects of the Data Protection Act 2018, and future data processing provisions in other legislation, such as powers to share or duties to disclose personal data, as a result of some legal uncertainty created by the European Union (Withdrawal) Act 2018. To resolve this uncertainty, Clause 49 makes it clear that all new data processing provisions in legislation should be read consistently with the key requirements of the UK data protection legislation unless it is expressly indicated otherwise. Since its introduction, the interpretation of pre-EU exit legislation has been altered and there is a risk that this would produce the wrong effect in respect of the interpretation of existing data processing provisions that are silent about their relationship with the data protection legislation.
Amendment 159 will make it clear that the full removal of the principle of EU law supremacy and the creation of a reverse hierarchy in relation to assimilated direct legislation, as provided for in the REUL Act, do not change the relationship between the UK data protection legislation and existing legislation that is in force prior to commencement of Clause 49(2). Amendment 163 makes a technical amendment to the EU withdrawal Act, as amended, to support this amendment.
Amendment 162 is similar to the previous amendment but it concerns the relationship between provisions relating to certain obligations and rights under data protection legislation and on restrictions and prohibitions on the disclosure of information under other existing legislation. Existing Section 186 of the Data Protection Act 2018 governs this relationship. Amendment 162 makes it clear that the relationship between these two types of provision is not affected by the changes to the interpretation of legislation that I have already referred to made by the REUL Act. Additionally, it clarifies that, in relation to pre-commencement legislation, Section 186(1) may be disapplied expressly or impliedly.
Amendment 164 relates to the changes brought about by the REUL Act and sets out that the provisions detailed in earlier Amendments 159, 162 and 163 are to be treated as having come into force on 1 January 2024—in other words, at the same time as commencement of the relevant provisions of the REUL Act.
Amendment 297 provides a limited power to remove provisions that achieve the same effect as new Section 183A from legislation made or passed after this Bill receives Royal Assent, as their presence could cause confusion.
Finally, Amendments 156 and 157 are consequential. Amendments 158, 160 and 161 are minor drafting changes made for consistency, updating and consequential purposes.
Turning to the amendments introduced by the noble Lord, Lord Clement-Jones, I hope that he can see from the government amendments to Clause 49 that we have given a good deal of thought to the impact of the REUL Act 2023 on the UK’s data protection framework and have been prepared to take action on this where necessary. We have also considered whether some of the changes made by the REUL Act could cause confusion about how the UK GDPR and the Data Protection Act 2018 interrelate. Following careful analysis, we have concluded that they would largely continue to be read alongside each other in the intended way, with the rules of the REUL Act unlikely to interfere with this. Any new general rule such as that suggested by the noble Lord could create confusion and uncertainty.
Amendments 168 to 170, 174, 174A and 174B seek to reverse changes introduced by the REUL Act at the end of 2023, specifically the removal of EU general principles from the statute book. EU general principles and certain EU-derived rights had originally been retained by the European Union (Withdrawal) Act to ensure legal continuity at the end of the transition period, but this was constitutionally novel and inappropriate for the long term.
The Government’s position is that EU law concepts should not be used to interpret domestic legislation in perpetuity. The REUL Act provided a solution to this by repealing EU general principles from UK law and clarifying the approach to be taken domestically. The amendments tabled by the noble Lord, Lord Clement-Jones, would undo this important work by reintroducing to the statute book references to rights and principles which have not been clearly defined and are inappropriate now that we have left the EU.
The protection of personal data already forms part of the protection offered by the European Convention on Human Rights, under the Article 8 right to respect for private and family life, and is further protected by our data protection legislation. The UK GDPR and the Data Protection Act 2018 provide a comprehensive set of rules for organisations to follow and rights for people in relation to the use of their data. Seeking to apply an additional EU right to data protection in UK law would not significantly affect the way the data protection framework functions or enhance the protections it affords to individuals. Indeed, doing so may well add unnecessary uncertainty and complexity.
Amendments 171 to 173 pertain to exemptions to specified data subject rights and obligations on data controllers set out in Schedules 2 to 4 to the DPA 2018. The 36 exemptions apply only in specified circumstances and are subject to various safeguards. Before addressing the amendments the noble Lord has tabled, it is perhaps helpful to set out how these exemptions are used. Personal data must be processed according to the requirements set out in the UK GDPR and the DPA 2018. This includes the key principles of lawfulness, fairness and transparency, data minimisation and purpose limitation, among others. The decision to restrict data subjects’ rights, such as the right to be notified that their personal data is being processed, or limit obligations on the data controller, comes into effect only if and when the decision to apply an exemption is taken. In all cases, the use of the exemption must be both necessary and proportionate.
One of these exemptions, the immigration exemption, was recently amended in line with a court ruling that found it was incompatible with the requirements set out in Article 23. This exemption is used by the Home Office. The purpose of Amendments 171 to 173 is to extend the protections applied to the immigration exemption across the other exemptions subject to Article 23, apart from in Schedule 4, where the requirement to consider whether its application prejudices the relevant purposes is not considered relevant.
The other exemptions are each used in very different circumstances, by different data controllers—from government departments to SMEs—and work by applying different tests that function in a wholly different manner from the immigration exemption. This is important to bear in mind when considering these broad-brush amendments. A one-size-fits-all approach would not work across the exemption regime.
It is the Government’s position that any changes to these important exemptions should be made only after due consideration of the circumstances of that particular exemption. In many cases, these amendments seek to make changes that run counter to how the exemption functions. Making changes across the exemptions via this Bill, as the noble Lord’s amendments propose, has the potential to have significant negative impacts on the functioning of the exemptions regime. Any potential amendments to the other exemptions would require careful consideration. The Government note that there is a power to make changes to the exemptions in the DPA 2018, if deemed necessary.
For the reasons I have given, I look forward to hearing more from the noble Lord on his amendments, but I hope that he will not press them. I beg to move.
Lord Clement-Jones (LD)
My Lords, I thank the Minister for that very careful exposition. I feel that we are heavily into wet towel, if not painkiller, territory here, because this is a tricky area. As the Minister might imagine, I will not respond to his exposition in detail, at this point; I need to run away and get some external advice on the impact of what he said. He is really suggesting that the Government prefer a pick ‘n’ mix approach to what he regards as a one size fits all. I can boil it down to that. He is saying that you cannot just apply the rules, in the sense that we are trying to reverse some of the impacts of the previous legislation. I will set out my stall; no doubt the Minister and I, the Box and others, will read Hansard and draw our own conclusions at the end, because this is a complicated area.
Until the end of 2023, the Data Protection Act 2018 had to be read compatibly with the UK GDPR. In a conflict between the two instruments, the provisions of the UK GDPR would prevail. The reversing of the relationship between the 2018 Act and the UK GDPR, through the operation of the Retained EU Law (Revocation and Reform) Act—REUL, as the Minister described it—has had the effect of lowering data protection rights in the UK. The case of the Open Rights Group and the3million v the Secretary of State for the Home Office and the Secretary of State for Digital, Culture, Media and Sport was decided after the UK had left the EU, but before the end of 2023. The Court of Appeal held that exemptions from data subject rights in an immigration context, as set out in the Data Protection Act, were overly broad, contained insufficient safeguards and were incompatible with the UK GDPR. The court disapplied the exemptions and ordered the Home Office to redraft them to include the required safeguards. We debated the regulations the other day, and many noble Lords welcomed them on the basis that they had been revised for the second time.
This sort of challenge is now not possible, because the relationship between the DPA and the UK GDPR has been turned on its head. If the case were brought now, the overly broad exemptions in the DPA would take precedence over the requirement for safeguards set out in the UK GDPR. These points were raised by me in the debate of 12 December, when the Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023 were under consideration. In that debate, the noble Baroness, Lady Swinburne, stated that
“we acknowledge the importance of making sure that data processing provisions in wider legislation continue to be read consistently with the data protection principles in the UK GDPR … Replication of the effect of UK GDPR supremacy is a significant decision, and we consider that the use of primary legislation is the more appropriate way to achieve these effects, such as under Clause 49 where the Government consider it appropriate”.—[Official Report, 12/12/23; col. GC 203.]
This debate on Clause 49 therefore offers an opportunity to reinstate the previous relationship between the UK GDPR and the Data Protection Act. The amendment restores the hierarchy, so that it guarantees the same rights to individuals as existed before the end of 2023, and avoids unforeseen consequences by resetting the relationship between the UK GDPR and the DPA 2018 to what the parliamentary draftsmen intended when the Act was written. The provisions in Clause 49, as currently drafted, address the relationship between domestic law and data protection legislation as a whole, but the relationship between the UK GDPR and the DPA is left in its “reversed” state. This is confirmed in the Explanatory Notes to the Bill at paragraph 503.
The purpose of these amendments is to restore data protection rights in the UK to what they were before the end of 2023, prior to the coming into force of REUL. The amendments would restore the fundamental right to the protection of personal data in UK law; ensure that the UK GDPR and the DPA continue to be interpreted in accordance with the fundamental right to the protection of personal data; ensure that there is certainty that assimilated case law that references the fundamental right to the protection of personal data still applies; and apply the protections required in Article 23 of the UK GDPR to all the relevant exemptions in Schedule 2 to the Data Protection Act. This is crucial in avoiding diminishing trust in our data protection frameworks. If people do not trust that their data is protected, they will refuse to share it. Without this data, new technologies cannot be developed, because these technologies rely on personal data. By creating uncertainty and diminishing standards, the Government are undermining the very growth in new technologies that they want.
Lord Bassam of Brighton (Lab)
My Lords, I have looked at the government amendments in this group and have listened very carefully to what the Minister has said—that it is largely about interpretation. There are no amendments that I wish to comment on, save to say that they seem to be about consistency of language and bringing in part EU positions into UK law. They seem also to be about consistency of meaning, and for the most part the intention seems to be to ensure that nothing in EU retained law undoes the pre-existing legal framework.
However, I would appreciate the Minister giving us a bit more detail on the operation of Amendment 164. Amendment 297 seems to deal with a duplication issue, so perhaps he can confirm for the Committee that this is the case. We have had swathes of government amendments of a minor and technical nature, largely about chasing out gremlins from the drafting process. Can he confirm that this is the case and assure the Committee that we will not be left with any nasty surprises in the drafting that need correction at a later date?
The amendments tabled in the name of the noble Lord, Lord Clement-Jones, are of course of a different order altogether. The first two—Amendments 165 and 166—would restore the relationship between the UK GDPR and the 2018 Act and the relevant provisions of the Retained EU Law (Revocation and Reform) Act 2023. Amendment 168 would ensure that assimilated case law referring to the European Charter of Fundamental Rights would still be relevant in interpreting the UK GDPR. It would give greater certainty in how the UK’s data protection framework is interpreted. Amendment 169 would ensure that the interpretation is carried over from the UK GDPR and 2018 legislation in accordance with the general principle of the protection of personal data.
The noble Lord’s Amendments 170 to 174B would bring back into law protections that existed previously when UK law was more closely aligned with EU law and regulation. There is also an extension of the EU data protection of personal data to the assimilated standard that existed by virtue of Section 4 of the European Union (Withdrawal) Act 2018. I can well understand the noble Lord’s desire to take the UK back to a position where we are broadly in the same place in terms of protections as our former EU partners. First, having—broadly speaking—protections that are common across multiple jurisdictions makes it easier and simpler for companies operating in those markets. Secondly, from the perspective of data subjects, it is much easier to comprehend common standards of data protection and to seek redress when required. The Government, for their part, will no doubt argue that there is some sort of big Brexit benefit in this, although I think that advisers and experts are divided on the degree of that benefit, and indeed who benefits.
Later, we will get to discuss data adequacy standards. Concern exists in some quarters as to whether we have this right and what this legislative opportunity might be missing to ensure that the UK meets those international standards that the EU requires. That is a debate for later, but we are broadly sympathetic to the desire of the noble Lord, Lord Clement-Jones, to find the highest level of protection for UK citizens. That is the primary motivation for many of the amendments and debates that we have had today. We do not want to weaken what were previously carefully crafted and aligned protections. I do not entirely buy the argument that the Minister made earlier about this group of amendments causing legal uncertainty. I believe it is the reverse of that: the noble Lord, Lord Clement-Jones, is trying to provide greater certainty and a degree of jurisdictional uniformity.
I hope that I have understood what the noble Lord is trying to achieve here. For those reasons, we will listen to the Minister’s concluding comments—and read Hansard—very carefully.
Viscount Camrose (Con)
I thank the noble Lords, Lord Clement-Jones and Lord Bassam, for their comments. As the noble Lord, Lord Clement-Jones, points out, it is a pretty complex and demanding area, but that in no way diminishes the importance of getting it right. I hope that in my remarks I can continue that work, but of course I am happy to discuss this: it is a very technical area and, as all speakers have pointed out, it is crucial for our purposes that it be executed correctly.
While the UK remains committed to strong protections for personal data through the UK GDPR and Data Protection Act, it is important that it is able to diverge from the EU legislation where this is appropriate for the UK. We have carefully assessed the effects of EU withdrawal legislation and the REUL Act and are making adjustments to ensure that the right effect is achieved. The government amendments are designed to ensure legal certainty and protect the coherence of the data protection framework following commencement of the REUL Act—for example, by maintaining the pre-REUL Act relationship in certain ways between key elements of the UK data protection legislation and other existing legislation.
The purpose of the REUL Act is to ensure that the UK has control over its laws. Resurrecting the principle of EU law supremacy in its entirety or continuing to apply case law principles is not consistent with the UK’s departure from the EU and taking back control over our own laws. These amendments make it clear that changes made to the application of the principle of EU law supremacy and new rules relating to the interpretation of direct assimilated legislation under the REUL Act do not have any impact on existing provisions that involve the processing of personal data.
The noble Lord, Lord Bassam, asked for more detail about Amendment 164. It relates to changes brought about by the REUL Act and sets out that the provisions detailed in Amendments 159, 162 and 163 are to be treated as having come into force on 1 January 2024—in other words, at the same time as commencement of the relevant provisions of the REUL Act. The retrospective effect of this provision addresses the gap between the commencement of the REUL Act 2023 and the Data Protection and Digital Information Bill.
On the immigration exemption case, I note that it was confined to the immigration exemption and did not rule on the other exemptions. The Government will continue to keep the exemptions under review and, should it be required, the Government have the power to amend the other exemptions using an existing power in the DPA 2018. Before doing so, of course the Government would want to ensure that due consideration is given to how the particular exemptions are used. Meanwhile, I thank noble Lords for what has been a fascinating, if demanding, debate.
Viscount Camrose
Member’s explanatory statement
This amendment is consequential on the amendment in my name inserting section 183B of the Data Protection Act 2018.
Viscount Camrose
“2A After Article 4 insert—“Article 4APeriods of time1. References in this Regulation to a period expressed in hours, days, weeks, months or years are to be interpreted in accordance with Article 3 of the Periods of Time Regulation, except in—(a) Article 91A(8) and (9);(b) paragraphs 14, 15 and 16 of Annex 1.2. In this Article, “the Periods of Time Regulation” means Regulation (EEC, Euratom) No. 1182/71 of the Council of 3 June 1971 determining the rules applicable to periods, dates and time limits.””Member’s explanatory statement
This amendment provides for the rules of interpretation in Article 3 of Regulation No 1182/71 (rules of interpretation regarding periods of time etc) to apply to the UK GDPR, subject to some listed exceptions.
Viscount Camrose (Con)
I thank the noble Lord, Lord Clement-Jones, the noble Baroness, Lady Jones, and my noble friend Lord Kamall for their amendments. To address the elephant in the room first, I can reassure noble Lords that the use of digital identity will not be mandatory, and privacy will remain one of the guiding principles of the Government’s approach to digital identity. There are no plans to introduce a centralised, compulsory digital ID system for public services, and the Government’s position on physical ID cards remains unchanged. The Government are committed to realising the benefits of digital identity technologies without creating ID cards.
I shall speak now to Amendment 177, which would require the rules of the DVS trust framework to be set out in regulations subject to the affirmative resolution procedure. I recognise that this amendment, and others in this group, reflect recommendations from the DPRRC. Obviously, we take that committee very seriously, and we will respond to that report in due course, but ahead of Report.
Part 2 of the Bill will underpin the DVS trust framework, a document of auditable rules, which include technical standards. The trust framework refers to data protection legislation and ICO guidance. It has undergone four years of development, consultation and testing within the digital identity market. Organisations can choose to have their services certified against the trust framework to prove that they provide secure and trustworthy digital verification services. Certification is provided by independent conformity assessment bodies that have been accredited by the UK Accreditation Service. Annual reviews of the trust framework are subject to consultation with the ICO and other appropriate persons.
Requiring the trust framework to be set out in regulations would make it hard to introduce reactive changes. For example, if a new cybersecurity threat emerged which required the rapid deployment of a fix across the industry, the trust framework would need to be updated very quickly. Developments in this fast-growing industry require an agile approach to standards and rule-making. We cannot risk the document becoming outdated and losing credibility with industry. For these reasons, the Government feel that it is more appropriate for the Secretary of State to have the power to set the rules of the trust framework with appropriate consultation, rather than for the power to be exercised by regulations.
I turn to Amendments 178 to 195, which would require the fees that may be charged under this part of the Bill to be set out in regulations subject to the negative resolution procedure. The Government have committed to growing a market of secure and inclusive digital identities as an alternative to physical proofs of identity, for those that choose to use them. Fees will be introduced only once we are confident that doing so will not restrict the growth of this market, but the fee structure, when introduced, is likely to be complex and will need to flex to support growth in an evolving market.
There are built-in safeguards to this fee-charging power. First, there is a strong incentive for the Secretary of State to set fees that are competitive, fair and reasonable, because failing to do so would prevent the Government realising their commitment to grow this market. Secondly, these fee-raising powers have a well-defined purpose and limited scope. Thirdly, the Secretary of State will explain in advance what fees she intends to charge and when she intends to charge them, which will ensure the appropriate level of transparency.
The noble Baroness, Lady Jones, asked about the arrangements for the office for digital identities and attributes. It will not initially be independent, as it will be located within the Department for Science, Innovation and Technology. As we announced in the government response to our 2021 consultation, we intend for this to be an interim arrangement until a suitable long-term home for the governing body can be identified. Delegating the role of Ofdia—as I suppose we will call it—to a third party in the future, is subject to parliamentary scrutiny, as provided for by the clauses in the Bill. Initially placing Ofdia inside government will ensure that its oversight role could mature in the most effective way and that it supports the digital identity market in meeting the needs of individual users, relying parties and industry.
Digital verification services are independently certified against the trust framework rules by conformity assessment bodies. Conformity assessment bodies are themselves independently accredited by the UK Accreditation Service to ensure that they have the competence and impartiality to perform certification. The trust framework certification scheme will be accredited by the UK Accreditation Service to give confidence that the scheme can be efficiently and competently used to certify products, processes and services. All schemes will need to meet internationally agreed standards set out by the UK Accreditation Service. Ofdia, as the owner of the main code, will work with UKAS to ensure that schemes are robust, capable of certification and operated in line with the trust framework.
Amendment 184A proposes to exclude certified public bodies from registering to provide digital verification services. The term “public bodies” could include a wide range of public sector entities, including institutions such as universities, that receive any public funding. The Government take the view that this exclusion would be unnecessarily restrictive in the UK’s nascent digital identity market.
Amendment 195ZA seeks to mandate organisations to implement a non-digital form of verification in every instance where a digital method is required. The Bill enables the use of secure and inclusive digital identities across the economy. It does not force businesses or individuals to use them, nor does it insist that businesses which currently accept non-digital methods of verification must transition to digital methods. As Clause 52 makes clear, digital verification services are services that are provided at the request of the individual. The purpose of the Bill is to ensure that, when people want to use a digital verification service, they know which of the available products and services they can trust.
Some organisations operate only in the digital sphere, such as online-only banks and energy companies. To oblige such organisations to offer manual document checking would place obligations on them that would go beyond the Government’s commitment to do only what is necessary to enable the digital identity market to grow. In so far as this amendment would apply to public authorities, the Equality Act requires those organisations to consider how their services will affect people with protected characteristics, including those who, for various reasons, might not be able or might choose not to use a digital identity product.
Lord Clement-Jones (LD)
Is the Minister saying that, as a result of the Equality Act, there is an absolute right to that analogue—if you like—form of identification if, for instance, someone does not have access to digital services?
Viscount Camrose (Con)
On this point, the argument that the Government are making is that, where consumers want to use a digital verification service, all the Bill does is to provide a mechanism for those DVSs to be certified and assured to be safe. It does not seek to require anything beyond that, other than creating a list of safe DVSs.
The Equality Act applies to the public sector space, where it needs to be followed to ensure that there is an absolute right to inclusive access to digital technologies.
Lord Clement-Jones (LD)
My Lords, in essence, the Minister is admitting that there is a gap when somebody who does not have access to digital services needs an identity to deal with the private sector. Is that right?
Lord Vaux of Harrowden (CB)
In the example I gave, I was not willing to use a digital system to provide a guarantee for my son’s accommodation in the private sector. I understand that that would not be protected and that, therefore, someone might not be able to rent a flat, for example, because they cannot provide physical ID.
Viscount Camrose (Con)
The Bill does not change the requirements in this sense. If any organisation chooses to provide its services on a digital basis only, that is up to that organisation, and it is up to consumers whether they choose to use it. It makes no changes to the requirements in that space.
I will now speak to the amendment that seeks to remove Clause 80. Clause 80 enables the Secretary of State to ask accredited conformity assessment bodies and registered DVS providers to provide information which is reasonably required to carry out her functions under Part 2 of the Bill. The Bill sets out a clear process that the Secretary of State must follow when requesting this information, as well as explicit safeguards for her use of the power. These safeguards will ensure that DVS providers and conformity assessment bodies have to provide only information necessary for the functioning of this part of the Bill.
Lord Clement-Jones (LD)
My Lords, the clause stand part amendment was clearly probing. Does the Minister have anything to say about the relationship with OneLogin? Is he saying that it is only information about systems, not individuals, which does not feed into the OneLogin identity system that the Government are setting up?
Viscount Camrose (Con)
It is very important that the OneLogin system is entirely separate and not considered a DVS. We considered whether it should be, but the view was that that comes close to mandating a digital identity system, which we absolutely want to avoid. Hence the two are treated entirely differently.
Lord Clement-Jones (LD)
That is a good reassurance, but if the Minister wants to unpack that further by correspondence, I would be very happy to have that.
Viscount Camrose (Con)
I am very happy to do so.
I turn finally to Amendments 289 and 300, which aim to introduce a criminal offence of digital identity theft. The Government are committed to tackling fraud and are confident that criminal offences already exist to cover the behaviour targeted by these amendments. Under the Fraud Act 2006, it is a criminal offence to make a gain from the use of another person’s identity or to cause or risk a loss by such use. Where accounts or databases are hacked into, the Computer Misuse Act 1990 criminalises the unauthorised access to a computer programme or data held on a computer.
Furthermore, the trust framework contains rules, standards and good practice requirements for fraud monitoring and responding to fraud. These rules will further defend systems and reduce opportunities for digital identity theft.
Lord Clement-Jones (LD)
My Lords, I am sorry, but this is a broad-ranging set of amendments, so I need to intervene on this one as well. When the Minister does his will write letter in response to today’s proceedings, could he tell us what guidance there is to the police on this? Because when the individual, Mr Arron, approached the police, they said, “Oh, sorry, there’s nothing we can do; identity theft is not a criminal offence”. The Minister seems to be saying, “No, it is fine; it is all encompassed within these provisions”. While he may be saying that, and I am sure he will be shouting it from the rooftops in the future, the question is whether the police have guidance; does the College of Policing have guidance and does the Home Office have guidance? The ordinary individual needs to know that it is exactly as the Minister says, and identity theft is covered by these other criminal offences. There is no point in having those offences if nobody knows about them.
Viscount Camrose (Con)
That is absolutely fair enough: I will of course write. Sadly, we are not joined today by ministerial colleagues from the Home Office, who have some other Bill going on.
Viscount Camrose (Con)
I have no doubt that its contribution to the letter will be equally enjoyable. However, for all the reasons I set out above, I am not able to accept these amendments and respectfully encourage the noble Baroness and noble Lords not to press them.
Baroness Jones of Whitchurch (Lab)
My Lords, I suppose I am meant to say that I thank the Minister for his response, but I cannot say that it was particularly optimistic or satisfying. On my amendments, the Minister said he would be responding to the DPRRC in due course, and obviously I am interested to see that response, but as the noble Lord, Lord Clement-Jones, said, the committee could not have been clearer and I thought made a very compelling case for why there should be some parliamentary oversight of this main code and, indeed, the fees arrangements.
I understand that it is a fast-moving sector, but the sort of things that the Delegated Powers Committee was talking about was that the main code should have some fundamental principles, some user rights and so on. We are not trying to spell out every sort of service that is going to be provided—as the Minister said, it is a fast-moving sector—but people need to have some trust in it and they need to know what this verification service is going to be about. Just saying that there is going to be a code, on such an important area, and that the Secretary of State will write it, is simply not acceptable in terms of basic parliamentary democracy. If it cannot be done through an affirmative procedure, the Government need to come up with another way to make sure that there is appropriate parliamentary input into what is being proposed here.
On the subject of the fees, the Delegated Powers Committee and our amendment was saying only that there should be a negative SI. I thought that was perfectly reasonable on its part and I am sorry that the Minister is not even prepared to accept that perfectly suggestion. All in all, I thought that the response on that element was very disappointing.
The response was equally disappointing on the whole issue that the noble Lords, Lord Kamall and Lord Vaux, raised about the right not to have to use the digital verification schemes but to do things on a non-digital basis. The arguments are well made about the numbers of people who are digitally excluded. I was in the debate that the noble Lord referred to, and I cannot remember the statistics now, but something like 17% of the population do not have proper digital access, so we are excluding a large number of people from a whole range of services. It could be applying for jobs, accessing bank accounts or applying to pay the rent for your son’s flat or whatever. We are creating a two-tier system here, for those who are involved and those who are on the margins who cannot use a lot of the services. I would have hoped that the Government would have been much more engaged in trying to find ways through that and providing some guarantees to people.
We know that we are taking a big leap, with so many different services going online. There is a lot of suspicion about how these services are going to work and people do not trust that computers are always as accurate as we would like them to be, so they would like to feel that there is another way of doing it if it all goes wrong. It worries me that the Minister is not able to give that commitment.
I have to say that I am rather concerned by what the Minister said about the private sector—in effect, that it can already have a requirement to have digital only. Surely, in this brave new world we are going towards, we do not want a digital-only service; this goes back to the point about a whole range of people being excluded. What is wrong with saying, even to people who collect people’s bank account details to pay their son’s rent, “There is an alternative way of doing this as well as you providing all the information digitally”? I am very worried about where all this is going, including who will be part of it and who will not. If the noble Lords, Lord Kamall and Lord Vaux, wish to pursue this at a later point, I would be sympathetic to their arguments.
On identity theft, the noble Lord, Lord Clement-Jones, made a compelling case. The briefing that he read out from the Metropolitan Police said that your data is one of your most valuable assets, which is absolutely right. He also rightly made the point that this is linked to organised crime. It does not happen by accident; some major people are farming our details and using them for all sorts of nefarious activities. There is a need to tighten up the regulation and laws on this. The Minister read out where he thinks this is already dealt with under existing legislation but we will all want to scrutinise that and see whether that really is the case. There are lots of examples of where the police have not been able to help people and do not know what their rights are, so we just need to know exactly what advice has been given to the police.
I feel that the Minister could have done more on this whole group to assure us that we are not moving towards a two-tier world. I will withdraw my amendment, obviously, but I have a feeling that we will come back to this issue; it may be something that we can talk to the Minister about before we get to Report.
Viscount Camrose (Con)
My Lords, I thank the noble Baronesses, Lady Bennett, Lady Young of Old Scone and Lady Jones, for their proposed amendments on extending the definition of business data in smart data schemes, the disclosure of climate and nature information to improve public service delivery and the publication of an EU adequacy risk assessment.
On Amendment 195A, we consider that information about the carbon and energy intensity of goods, services or digital content already falls within the scope of “business data” as information about goods, services and digital content supplied or provided by a trader. Development of smart data schemes will, where relevant, be informed by—among other things—the Government’s Environmental Principles Policy Statement, under the Environment Act 2021.
With regard to Amendment 218, I thank the noble Baroness, Lady Young of Old Scone, for her sympathies; they are gratefully received. I will do my best in what she correctly pointed out is quite a new area for me. The powers to share information under Part 5 of the Digital Economy Act 2017—the DEA—are supplemented by statutory codes of practice. These require impact assessments to be carried out, particularly for significant changes or proposals that could have wide-ranging effects on various sectors or stakeholders. These impact assessments are crucial for understanding the implications of the Digital Economy Act and ensuring that it achieves its intended objectives, while minimising any negative consequences for individuals, businesses and society as a whole. As these assessments already cover economic, social and environmental impact, significant changes in approach are already likely to be accounted for. This is in addition to the duty placed on Ministers by the Environment Act 2021 to have due regard to the Environmental Principles Policy Statement.
Lastly, turning to Amendment 296, the Government are committed to maintaining their data adequacy decisions from the EU, which we absolutely recognise play a pivotal role in enabling trade and fighting crime. As noble Lords alluded to, we maintain regular engagement with the European Commission on the Bill to ensure that our reforms are understood.
The EU adequacy assessment of the UK is, of course, a unilateral, autonomous process for the EU to undertake. However, we remain confident that our reforms deliver against UK interests and are compatible with maintaining EU adequacy. As the European Commission itself has made clear, a third country—the noble Lord, Lord Clement-Jones, alluded to this point—is not required to have the same rules as the EU to be considered adequate. Indeed, 15 countries have EU adequacy, including Japan, Israel and the Republic of Korea. All these nations pursue independent and, often, more divergent approaches to data protection.
The Government will provide both written and oral evidence to the House of Lords European Affairs Committee inquiry on UK-EU data adequacy and respond to its final report, which is expected to be published in the summer. Many expert witnesses already provided evidence to the committee and have stated that they believe that the Bill is compatible with maintaining adequacy.
As noble Lords have noted, the Government have published a full impact assessment alongside the Bill, which sets out in more detail what both the costs and financial benefits of the Bill would be—including in the unlikely scenario of the EU revoking the UK’s adequacy decision. I also note that UK adequacy is good for the EU too: every EU company, from multinationals to start-ups, with customers, suppliers or operations in the UK relies on EU-UK data transfers. Leading European businesses and organisations have consistently emphasised the importance of maintaining these free flows of data to the UK.
For these reasons, I hope that the noble Baronesses will agree to withdraw or not move these amendments.
Lord Bassam of Brighton (Lab)
The Minister made the point at the end there that it is in the EU’s interest to agree to our data adequacy. That is an important point but is that what the Government are relying on—the fact that it is in the EU’s interest as much as ours to continue to agree to our data adequacy provisions? If so, what the Minister has said does not make me feel more reassured. If the Government are relying on just that, it is not a particularly strong argument.
Lord Vaux of Harrowden (CB)
My Lords, can I point out, on the interests of the EU, that it does not go just one way? There is a question around investment as well. For example, any large bank that is currently running a data-processing facility in this country that covers the whole of Europe may decide, if we lose data adequacy, to move it to Europe. Anyone considering setting up such a thing would probably go for Europe rather than here. There is therefore an investment draw for the EU here.
Viscount Camrose (Con)
I do not know what I could possibly have said to create the impression that the Government are flying blind on this matter. We continue to engage extensively with the EU at junior official, senior official and ministerial level in order to ensure that our proposed reforms are fully understood and that there are no surprises. We engage with multiple expert stakeholders from both the EU side and the UK side. Indeed, as I mentioned earlier, a number of experts have submitted evidence to the House’s inquiry on EU-UK data adequacy and have made clear their views that the DPDI reforms set out in this Bill are compatible with EU adequacy. We continue to engage with the EU throughout. I do not want to be glib or blithe about the risks; we recognise the risks but it is vital—
Lord Bassam of Brighton (Lab)
Could we have a list of the people the noble Lord is talking about?
Viscount Camrose (Con)
Yes. I would be happy to provide a list of the people we have spoken to about adequacy; it may be a long one. That concludes the remarks I wanted to make, I think.
Lord Clement-Jones (LD)
Perhaps the Minister could just tweak that a bit by listing not just the people who have made positive noises but those who have their doubts.
Viscount Camrose
Member's explanatory statement
This amendment provides that the restriction in clause 96(3) on the exercise of the regulation-making power in clause 96(1) (power to impose a levy) applies in connection with regulations imposing a levy on authorised persons or third party recipients as well as regulations imposing a levy on data holders.
Viscount Camrose
“(9A) The requirement in subsection (9) may be satisfied by consultation undertaken before the coming into force of this section.”Member's explanatory statement
This amendment makes clear that the requirement under clause 103(9) to consult before making regulations described in clause 103(7) may be satisfied by consultation carried out before clause 103 comes into force.
Viscount Camrose (Con)
I thank my noble friend Lord Holmes, the noble Baroness, Lady Jones, and the noble Lord, Lord Clement-Jones, as well as other co-signatories for detailed examination of the Bill through these amendments.
I begin by addressing Amendments 197A, 197B and 197C tabled by my noble friend Lord Holmes, which seek to establish a biometrics office responsible for overseeing biometric data use, and place new obligations on organisations processing such data. The Information Commissioner already has responsibility for monitoring and enforcing the processing of biometric data, and these functions will continue to sit with the new information commission, once established. For example, in March 2023 it investigated the use of live facial recognition in a retail security setting by Facewatch. In February 2024, it took action against Serco Leisure in relation to its use of biometric data to monitor attendance of leisure centre employees.
Schedule 15 to this Bill will also enable the information commission to establish committees of external experts with skills in any number of specialist areas, including biometrics, to provide specialist advice to the commission. Given that the Information Commissioner already has responsibility for monitoring and enforcing the processing of biometric data, the Government are therefore of the firm view that the information commission is best placed to continue to oversee the processing of biometric data. The Bill also allows the new information commission to establish specialist committees and require them to provide the commission with specialist advice. The committees may include specialists from outside the organisation, with key skills and expertise in specific areas, including biometrics.
The processing of biometric data for the purpose of uniquely identifying an individual is also subject to heightened safeguards, and organisations can process such data only if they meet one of the conditions of Article 9 of UK GDPR—for example, where processing is necessary to comply with employment law provisions, or for reasons of substantial public interest. Without a lawful basis and compliance with relevant conditions, such processing of biometric data is prohibited.
Amendments 197B and 197C in the name of my noble friend Lord Holmes would also impose new, prescriptive requirements on organisations processing, and intending to process, biometric data and setting unlimited fines for non-compliance. We consider that such amendments would have significant unintended consequences. There are many everyday uses of biometrics data, such as using your thumbprint to access your phone. If every organisation that launched a new product had to comply with the proposed requirements, it would introduce significant and unnecessary new burdens and would discourage innovation, undermining the aims of this Bill. For these reasons, I respectfully ask my noble friend not to move these amendments.
The Government deem Amendment 238 unnecessary, as using biometric data—
Baroness Jones of Whitchurch (Lab)
I am sorry, but I am wondering whether the Minister is going to say any more on the amendment in the name of the noble Lord, Lord Holmes. Can I be clear? The Minister said that the ICO is the best place to oversee these issues, but the noble Lord’s amendment recognises that; it just says that there should be a dedicated biometrics unit with specialists, et cetera, underneath it. I am looking towards the noble Lord—yes, he is nodding in agreement. I do not know that the Minister dismissed that idea, but I think that this would be a good compromise in terms of assuaging our concerns on this issue.
Viscount Camrose (Con)
I apologise if I have misunderstood. It sounds like it would be a unit within the ICO responsible for that matter. Let me take that away if I have misunderstood—I understood it to be a separate organisation altogether.
The Government deem Amendment 238 unnecessary, as using biometric data to categorise or make inferences about people, whether using algorithms or otherwise, is already subject to the general data protection principles and the high data protection standards of the UK’s data protection framework as personal data. In line with ICO guidance, where the processing of biometric data is intended to make an inference linked to one of the special categories of data—for example, race or ethnic origin—or the biometric data is processed for the intention of treating someone differently on the basis of inferred information linked to one of the special categories of data, organisations should treat this as special category data. These protections ensure that this data, which is not used for identification purposes, is sufficiently protected.
Similarly, Amendment 286 intends to widen the scope of the Forensic Information Databases Service—FINDS—strategy board beyond oversight of biometrics databases for the purpose of identification to include “classification” purposes as well. The FINDS strategy board currently provides oversight of the national DNA database and the national fingerprint database. The Bill puts oversight of the fingerprint database on the same statutory footing as that of the DNA database and provides the flexibility to add oversight of new biometric databases, where appropriate, to provide more consistent oversight in future. The delegated power could be used in the medium term to expand the scope of the board to include a national custody image database, but no decisions have yet been taken. Of course, this will be kept under review, and other biometric databases could be added to the board’s remit in future should these be created and should this be appropriate. For the reasons I have set out, I hope that the noble Baroness, Lady Jones of Whitchurch, will therefore agree not to move Amendments 238 and 286.
Responses to the data reform public consultation in 2021 supported the simplification of the complex oversight framework for police use of biometrics and surveillance cameras. Clauses 147 and 148 of the Bill reflect that by abolishing the Biometrics and Surveillance Camera Commissioner’s roles while transferring the commissioner’s casework functions to the Investigatory Powers Commissioner’s Office.
Noble Lords referred to the CRISP report, which was commissioned by Fraser Sampson—the previous commissioner—and directly contradicts the outcome of the public consultation on data reform in 2021, including on the simplification of the oversight of biometrics and surveillance cameras. The Government took account of all the responses, including from the former commissioner, in developing the policies set out in the DPDI Bill.
There will not be a gap in the oversight of surveillance as it will remain within the statutory regulatory remit of other organisations, such as the Information Commissioner’s Office, the Equality and Human Rights Commission, the Forensic Science Regulator and the Forensic Information Databases Service strategy board.
Lord Clement-Jones (LD)
One of the crucial aspects has been the reporting of the Biometrics and Surveillance Camera Commissioner. Where is there going to be and who is going to have a comprehensive report relating to the use of surveillance cameras and the biometric data contained within them? Why have the Government decided that they are going to separate out the oversight of biometrics from, in essence, the surveillance aspects? Are not the two irretrievably brought together by things such as live facial recognition?
Viscount Camrose (Con)
Yes. There are indeed a number of different elements of surveillance camera oversight; those are reflected in the range of different bodies doing that it. As to the mechanics of the production of the report, I am afraid that I do not know the answer.
Lord Clement-Jones (LD)
Does the Minister accept that the police are one of the key agencies that will be using surveillance cameras? He now seems to be saying, “No, it’s fine. We don’t have one single oversight body; we had four at the last count”. He probably has more to say on this subject but is that not highly confusing for the police when they have so many different bodies that they need to look at in terms of oversight? Is it any wonder that people think the Bill is watering down the oversight of surveillance camera use?
Viscount Camrose (Con)
No. I was saying that there was extensive consultation, including with the police, and that that has resulted in these new arrangements. As to the actual mechanics of the production of an overall report, I am afraid that I do not know but I will find out and advise noble Lords.
His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services also inspects, monitors and reports on the efficiency and effectiveness of the police, including their use of surveillance cameras. All of these bodies have statutory powers to take the necessary action when required. The ICO will continue to regulate all organisations’ use of these technologies, including being able to take action against those not complying with data protection law, and a wide range of other bodies will continue to operate in this space.
On the first point made by the noble Lord, Lord Vaux, where any of the privacy concerns he raises concern information that relates to an identified or identifiable living individual, I can assure him that this information is covered by the UK’s data protection regime. This also includes another issue raised by the noble Lord—where the ANPR captures a number-plate that can be linked to an identifiable living individual—as this would be the processing of personal data and thus governed by the UK’s data protection regime and regulated by the ICO.
For the reasons I have set out, I maintain that these clauses should stand part of the Bill. I therefore hope that the noble Lord, Lord Clement-Jones, will withdraw his stand part notices on Clauses 147 and 148.
Clause 149 does not affect the office of the Biometrics and Surveillance Camera Commissioner, which the noble Lord seeks to maintain through his amendment. The clause’s purpose is to update the name of the national DNA database board and update its scope to include the national fingerprint database within its remit. It will allow the board to produce codes of practice and introduce a new delegated power to add or remove biometric databases from its remit in future via the affirmative procedure. I therefore maintain that this clause should stand part of the Bill and hope that the noble Lord will withdraw his stand part notice.
Clauses 147 and 148 will improve consistency in the guidance and oversight of biometrics and surveillance cameras by simplifying the framework. This follows public consultation, makes the most of the available expertise, improves organisational resilience, and ends confusing and inefficient duplication. The Government feel that a review, as proposed, so quickly after the Bill is enacted is unnecessary. It is for these reasons that I cannot accept Amendment 292 in the name of the noble Lord, Lord Clement-Jones.
I turn now to the amendments tabled by the noble Lord, Lord Clement-Jones, which seek to remove Clauses 130 to 132. These clauses make changes to the Counter-Terrorism Act 2008, which provides the retention regime for biometric data held on national security grounds. The changes have been made only following a formal request from Counter Terrorism Policing to the Home Office. The exploitation of biometric material, including from international partners, is a valuable tool in maintaining the UK’s national security, particularly for ensuring that there is effective tripwire coverage at the UK border. For example, where a foreign national applies for a visa to enter the UK, or enters the UK via a small boat, their biometrics can be checked against Counter Terrorism Policing’s holdings and appropriate action to mitigate risk can be taken, if needed.
Lord Vaux of Harrowden (CB)
My Lords, to go back to some of the surveillance points, one of the issues is the speed at which technology is changing, with artificial intelligence and all the other things we are seeing. One of the roles of the commissioner has been to keep an eye on how technology is changing and to make recommendations as to what we do about the impacts of that. I cannot hear, in anything the noble Viscount is saying, how that role is replicated in what is being proposed. Can he enlighten me?
Viscount Camrose (Con)
Yes, indeed. In many ways, this is advantageous. The Information Commissioner obviously has a focus on data privacy, whereas the various other organisations, particularly BSCC, EHRC and the FINDS Board, have subject-specific areas of expertise on which they will be better placed to horizon-scan and identify new emerging risks from technologies most relevant to their area.
Lord Vaux of Harrowden (CB)
Is the noble Viscount saying that splitting it all up into multiple different places is more effective than having a single dedicated office to consider these things? I must say, I find that very hard to understand.
Viscount Camrose (Con)
I do not think we are moving from a simple position. We are moving from a very complex position to a less complex position.
Viscount Stansgate (Lab)
Can the Minister reassure the Committee that, under the Government’s proposals, there will be sufficient reporting to Parliament, every year, from all the various bodies to which he has already referred, so that Parliament can have ample opportunity to review the operation of this legislation as the Bill stands at the moment?
Viscount Camrose (Con)
Yes, indeed. The information commission will be accountable to Parliament. It is required to produce transparency and other reports annually. For the other groups, I am afraid that many of them are quite new to me, as this is normally a Home Office area, but I will establish what their accountability is specifically to Parliament, for BSSC and the—
Viscount Stansgate (Lab)
Will the Minister write to the Committee, having taken advice from his Home Office colleagues?
Lord Holmes of Richmond (Con)
My Lords, I thank all noble Lords who participated in the excellent debate on this set of amendments. I also thank my noble friend the Minister for part of his response; he furiously agreed with at least a substantial part of my amendments, even though he may not have appreciated it at the time. I look forward to some fruitful and positive discussions on some of those elements between Committee and Report.
When a Bill passes into statute, a Minister and the Government may wish for a number of things in terms of how it is seen and described. One thing that I do not imagine is on the list is for it to be said that this statute generates significant gaps—those words were put perfectly by the noble Viscount, Lord Stansgate. That it generates significant gaps is certainly the current position. I hope that we have conversations between Committee and Report to address at least some of those gaps and restate some of the positions that exist, before the Bill passes. That would be positive for individuals, citizens and the whole of the country. For the moment, I beg leave to withdraw my amendment and look forward to those subsequent conversations.
Viscount Camrose
“Interpretation of the PEC RegulationsIn regulation 2 of the PEC Regulations (interpretation)—(a) in paragraph (4) omit “, without prejudice to paragraph (3),”, and(b) at the end insert—“(5) References in these regulations to a period expressed in hours, days, weeks, months or years are to be interpreted in accordance with Article 3 of the Periods of Time Regulation, except that Article 3(4) of that Regulation does not apply to the interpretation of a reference to a period in regulation 16A.(6) In paragraph (5), “the Periods of Time Regulation” means Regulation (EEC, Euratom) No. 1182/71 of the Council of 3 June 1971 determining the rules applicable to periods, dates and time limits.””Member's explanatory statement
This amendment provides for the rules of interpretation in Article 3 of Regulation No 1182/71 (rules of interpretation regarding periods of time etc) to apply to the Privacy and Electronic Communications (EC Directive) Regulations 2003, with an exception for regulation 16A. It also removes a superfluous cross-reference.