Baroness Kidron (CB)

- Hansard -

Copy Link

-

I thank the noble Lord, Lord Stevenson of Balmacara, for introducing this timely debate and illustrating why it is so important. I also thank him for his kind words. I refer the House to my broad interests in this area.

The statutory duty of care as set out by Will Perrin and Professor Lorna Woods is an important and very welcome prospect. A duty of care is proportionate. The higher the risk, the greater the responsibility of the company to consider its impact in advance. A duty of care is a concept that users themselves can understand. It offers an element of future-proofing, since companies would have to evaluate the risk of a service or product failing to meet the standard of “reasonably foreseeable harm”. It would also ensure that powerful global companies that hide behind the status of being “mere conduits” are held responsible for the safety of the online services they provide. However, a duty of care works only if it applies to all digital services, all harms and all users.

The risks of drawing too narrowly the parameters to which services must comply is highlighted by the provisions of the Digital Economy Act 2017, which sought to restrict children’s access to pornography based on scale and yet failed to bring platforms such as Twitter within scope, despite 500,000 pornographic images being posted daily. Equally, if the duty of care applies to some harms and not others, the opportunity to develop a systemic approach will be missed. Many headlines are preoccupied with the harms associated with content or contact but there is a host of others. For example, behavioural design— otherwise known as “nudge and sludge”—is a central component of many of the services we use. The nudge pushes us to act in the interests of the online service, while the sludge features are those deliberately designed to undermine or obfuscate our ability to act in our own best interests. It is designed to be addictive and involves the deliberate manipulation of free will.

It is also necessary to consider how a duty of care characterises whom we are protecting. We know that children often experience specific harms online differently from adult users. Some categories of people whom we would not consider vulnerable in other settings become targets online—for example, female MPs or journalists. Some harms are prejudicial to whole groups. Examples are the racial bias found in algorithms used to determine bail conditions and sentencing terms in the US, or the evidence that just a handful of sleep-deprived children in a classroom diminishes the academic achievement of the entire class. Of course, there are harms to society as whole, such as the undeclared political profiling that influences electoral outcomes.

I understand that the proposal for a duty of care policy is still under consideration, but I would be grateful if the Minister would outline the Government’s current thinking about scope, including the type and size of services, what harms the Government seek to address and whether they will be restricted to harms against individuals.

When setting out their safety strategy in 2017, the Government made a commitment that what is unacceptable offline should be unacceptable online. That is an excellent place to start, not least because the distinction between online and offline increasingly does not apply. The harms we face are cross-cutting and only by seeing them as an integrated part of our new augmented reality can we begin to consider how to address them.

But defence against harm is not the only driver, we should hope that the technology we use is designed to fulfil our rights, to enable our development and to reflect the values embodied in our laws and international agreements. With that in mind, I propose four pillars of safety that might usefully be incorporated into a broader strategy: parity, safety by design, accountability and enforcement. Parity online and offline could be supported by the publication of guidance to provide clarity about how existing protections apply to the digital environment. The noble Lord, Lord Stevenson, mentioned the Health and Safety at Work Act and the Law Commission recently published a scoping report on abusive and offensive online communications.

Alongside such sector-by-sector analysis, the Government might also consider an overarching harmonisation Bill. Such a Bill would operate in a similar way to Section 3 of the Human Rights Act by creating an obligation to interpret legislation in a way that creates parity of protection and redress online and offline to the extent that it is possible to do so.

This approach applies also to international agreements. At the 5Rights Foundation we are supporting the United Nations Committee on the Rights of the Child in writing a general comment that will formally outline the relevance of the 40-plus articles of the charter to the digital environment. Clarifying, harmonising, consolidating and enhancing existing agreements, laws and regulations would underpin the parity principle and deliver offline norms and expectations in online settings. Will the Minister say whether the Government are considering this approach?

The second pillar is the widely supported principle of safety and privacy by design. In its March 2018 report Secure by Design the DCMS concluded that government and industry action was “urgently” required to ensure that internet-connected devices have,

“strong security … built in by design”.

Minimum universal standards are also a demand of the Department for Business, Energy and Industrial Strategy and the consumer organisation Which?. They are also a central concern of the Child Dignity Alliance technical working group to prevent the spread of images of child sexual abuse. It will publish its report and make recommendations on Friday.

We should also look upstream at the design of smart devices and operating systems. For example, if Google and Apple were to engineer safety and privacy by design into Android and IOS operating systems, it would be transformative.

There is also the age-appropriate design code that many of us had our names to. The Government’s response to the safety strategy acknowledges the code, but it is not clear that they have recognised its potential to address a considerable number of interrelated harms, nor its value as a precedent for safety by design that could be applied more widely. At the time, the Minister undertook that the Secretary of State would work closely in consultation with the Information Commissioner and me to ensure that the code is robust and practical, and meets the development needs of children. I ask the Minister to restate that commitment this evening.

The third pillar is accountability—saying what you will do, doing what you said and demonstrating that you have done it. Accountability must be an obligation, not a tool of lobbyists to account only for what they wish us to know. The argument made by services that they cannot publish data about complaints, or offer a breakdown of data by age, harm and outcome because of commercial sensitivities, remains preposterous. Research access to commercial data should be mandated so that we can have independent benchmarking against which to measure progress, and transparency reporting must be comprehensive, standardised and subject to regulatory scrutiny.

This brings me to enforcement. What is illegal should be clearly defined, not by private companies but by Parliament. Failure to comply must have legal consequences. What is contractually promised must be upheld. Among the most powerful ways to change the culture of the online world would be the introduction of a regulatory backstop for community standards, terms and conditions, age restrictions and privacy notices. This would allow companies the freedom to set their own rules, and routine failure by a company to adhere to its own published rules would be subject to enforcement notices and penalties.

Where users have existing vulnerabilities, a higher bar of safety by default must be the norm. Most importantly, the nuanced approaches that we have developed offline to live together must apply online. Any safety strategy worth its title must not balk at the complexity but must cover all harms from the extreme to the quotidian.

While it is inappropriate for me leap ahead of the findings of the House of Lords committee inquiry on who should be the regulator, it is clear that this is a sector that requires oversight and that all in the enforcement chain need resources and training.

I appreciate the Government’s desire to be confident that their response is evidence-based, but this is a fast- moving world. A regulator needs to be independent of industry and government, with significant powers and resources. The priorities of the regulator may change but the pillars—parity, safety by design, accountability and enforcement—could remain constant.

The inventor of the web, Sir Tim Berners-Lee, recently said that,

“the web is functioning in a dystopian way. We have online abuse, prejudice, bias, polarisation, fake news, there are lots of ways in which it is broken”.

It is time to fix what is broken. A duty of care as part of that fix is warmly welcome, but I hope that the Minister will offer us a sneak preview of a much bolder vision of what we might expect from the Government’s White Paper when it comes.