(10 months, 3 weeks ago)
General CommitteesI beg to move,
That the Committee has considered the draft Online Safety (List of Overseas Regulators) Regulations 2024.
It is a pleasure to serve under your chairmanship, Mr Betts. I put on the record my gratitude to hon. Members for their campaigning and collaboration throughout the passage of the Online Safety Act 2023 and their contribution to making the UK the safest place in the world to be online. The Government are working at pace to ensure that the Act is fully operational as quickly as possible. I am therefore pleased to debate this statutory instrument, which was laid before the House in draft on 28 November last year.
The draft instrument is one of several that will enable Ofcom’s implementation of the Act. It concerns Ofcom’s co-operation with and disclosure of information to overseas online safety regulators under section 114 of the Act. Given the global nature of the regulated service providers, it is vital that Ofcom can co-operate and share information with its regulatory counterparts in other jurisdictions to support co-ordinated international online safety regulation.
In certain circumstances, it may be appropriate for Ofcom to support overseas regulators in carrying out their regulatory functions. For example, it may be beneficial for Ofcom to share information that it holds to inform supervisory activity or an investigation being carried out by an overseas regulator. That could support successful enforcement action, which in turn could have direct or indirect benefits for UK users such as preventing malign actors from disseminating illegal content on regulated services.
International collaboration will also make online safety regulation more efficient. In carrying out regulatory oversight activity, Ofcom and its international counterparts will be able to gather extensive information about regulated service providers. In some instances, it may be more efficient for regulators to share information directly, where that information has already been collected by a counterpart regulator. International regulatory co-operation and co-ordination are likely to reduce the regulatory burden on both international regulators and regulated service providers.
Section 114 of the Act builds on the existing information gateways available to Ofcom under the Communications Act 2003 by permitting Ofcom to co-operate with an overseas regulator for specified purposes. It includes powers to disclose online safety information to a regulator
“for the purposes of…facilitating the exercise by the overseas regulator of any of that regulator’s online regulatory functions, or…criminal investigations or proceedings relating to a matter to which the overseas regulator’s online regulatory functions relate.”
The information gateway addresses a small legislative gap, because in the absence of section 114, Ofcom could not share information for those specified purposes. Under section 1(3) of the Communications Act, Ofcom can share information only where it is
“incidental or conducive to the carrying out”
of its functions, subject to the general restrictions on the disclosure of information under section 393 of that Act.
The draft regulations designate the overseas regulators with which Ofcom can co-operate and share information under section 114 of the Online Safety Act. It is important to note that Ofcom will retain discretion over whether to co-operate and share information with the overseas regulators specified. The regulations designate the following overseas regulators: Arcom in France, the Netherlands Authority for Consumers and Markets, the Federal Network Agency in Germany, the Media Commission in Ireland, the eSafety Commissioner in Australia, and the European Commission.
In compiling the list of specified overseas regulators, the Department has consulted Ofcom and carefully considered its operational needs and existing relationships with overseas regulators. That will mean that the designated regulators are those with which Ofcom will be able to share information in an efficient and mutually beneficial manner. We have also considered whether the overseas regulator is a designated regulator of a bespoke online safety regulatory framework, ensuring that any information sharing is proportionate.
Another important consideration is the protection of fundamental freedoms online. For that reason, we have considered whether the autonomy of the regulator is protected in law and whether the overseas regulator and the jurisdiction that empowers it uphold international human rights.
Ofcom is an organisation experienced in handling confidential and sensitive information obtained from the services that it regulates, and there are strong legislative safeguards and limitations on the disclosure of such material. Overseas regulators that receive any information from Ofcom may use it only for the purpose for which it is disclosed. They may not use it for another purpose, or further disclose it, without express permission from Ofcom, unless ordered by a court or tribunal. Ofcom must also comply with UK data protection law, and would need to show that the processing of any personal data was necessary for a lawful purpose.
There are six bodies on the list. Is it likely that the bodies listed will change, given that the world is rather a dynamic place? It seems quite a short list at the moment.
I can confirm that we will continually review the list and update it as appropriate, in consultation with Ofcom.
As a public body, Ofcom is required to act compatibly with the right to privacy under article 8 of the European convention on human rights. As I said to my hon. Friend, we will continue to review the list of designated regulators, particularly as new online safety regimes are developed and operationalised around the world. I commend the draft regulations to the Committee and open the matter for debate.