Digital Economy Bill (Second sitting) Debate
Full Debate: Read Full DebateClaire Perry
Main Page: Claire Perry (Conservative - Devizes)Department Debates - View all Claire Perry's debates with the Cabinet Office
(8 years, 2 months ago)
Public Bill CommitteesQ And is that the only form of age verification that you have so far looked into?
David Austin: The only form of age verification that we, as the BBFC, have experience of is age verification on mobile phones, but there are other methods and there are new methods coming on line. The Digital Policy Alliance, which I believe had a meeting here yesterday to demonstrate new types of age verification, is working on a number of initiatives.
Q May I say what great comfort it is to know that the BBFC will be involved in the regulatory role? It suggests that this will move in the right direction. We all feel very strongly that the Bill is a brilliant step in the right direction: things that were considered inconceivable four or five years ago can now be debated and legislated for.
The fundamental question for me comes down to enforcement. We know that it is difficult to enforce anything against offshore content providers; that is why in the original campaign we went for internet service providers that were British companies, for whom enforcement could work. What reassurance can you give us that enforcement, if you have the role of enforcement, could be carried out against foreign entities? Would it not be more appropriate to have a mandatory take-down regime if we found that a company was breaking British law by not asking for age verification, as defined in the Bill?
David Austin: The BBFC heads of agreement with the Government does not cover enforcement. We made clear that we would not be prepared to enforce the legislation in clauses 20 and 21 as they currently stand. Our role is focused much more on notification; we think we can use the notification process and get some quite significant results.
We would notify any commercially-operated pornographic website or app if we found them acting in contravention of the law and ask them to comply. We believe that some will and some, probably, will not, so as a second backstop we would then be able to contact and notify payment providers and ancillary service providers and request that they withdraw services from those pornographic websites. So it is a two-tier process.
We have indications from some major players in the adult industry that they want to comply—PornHub, for instance, is on record on the BBC News as having said that it is prepared to comply. But you are quite right that there will still be gaps in the regime, I imagine, after we have been through the notification process, no matter how much we can achieve that way, so the power to fine is essentially the only real power the regulator will have, whoever the regulator is for stage 4.
For UK-based websites and apps, that is fine, but it would be extremely challenging for any UK regulator to pursue foreign-based websites or apps through a foreign jurisdiction to uphold a UK law. So we suggested, in our submission of evidence to the consultation back in the spring, that ISP blocking ought to be part of the regulator’s arsenal. We think that that would be effective.
Q Am I right in thinking that, for sites that are providing illegally copyrighted material, there is currently a take-down and blocking regime that does operate in the UK, regardless of their jurisdiction?
David Austin: Yes; ISPs do block website content that is pirated. There was research published earlier this year in the US that found that it drove traffic to pirated websites down by about 90%. Another tool that has been used in relation to IP protection is de-indexing, whereby a search engine removes the infringing website from any search results. We also see that as a potential way forward.
Q First, can I verify that you both support adding in the power to require ISPs to block non-compliant sites?
David Austin: Yes.
Alan Wardle: Yes, we support that.
Q To follow on from the Minister’s question, you feel you are able to tackle roughly the top 50 most visited sites. Is there a danger that you then replace those with the next top 50 that are perhaps less regulated and less co-operative? How might we deal with that particular problem, if it exists?
David Austin: When I said “the top 50”, I was talking in terms of the statistics showing that 70% of people go to the top 50. We would start with the top 50 and work our way through those, but we would not stop there. We would look to get new data every quarter, for example. As you say, sites will come in and out of popularity. We will keep up to date and focus on those most popular sites for children.
We would also create something that we have, again, done with the mobile operators. We would create an ability for members of the public—a parent, for example—to contact us about a particular website if that is concerning them. If an organisation such as the NSPCC is getting information about a particular website or app that is causing problems in terms of under-age access, we would take a look at that as well. In creating this proportionality test what we must not do is be as explicit as to say that we will look only at the top 50.
First, that is not what we would do. Secondly, we do not want anyone to think, “Okay, we don’t need to worry about the regulator because we are not on their radar screen.” It is very important to keep up to date with what are the most popular sites and, therefore, the most effective in dealing with under-age regulation, dealing with complaints from members of the public and organisations such as the NSPCC.
Alan Wardle: I think that is why the enforcement part is so important as well, so that people know that if they do not put these mechanisms in place there will be fines and enforcement notices, the flow of money will be stopped and, crucially, there is that backstop power to block if they do not operate as we think they should in this country. The enforcement mechanisms are really important to ensure that the BBFC can do their job properly and people are not just slipping from one place to the next.
Q Of those top 50 sites, do we know how many are UK-based?
David Austin: I would guess, none of them. I do not know for sure, but that would be my understanding.
Q Secondly, I want to turn briefly to the issue of the UK’s video on demand content. My reading around clause 15 suggests that, although foreign-made videos on demand will be captured by the new provisions, UK-based will continue to be caught by Communications Act 2003 provisions. Do you think that is adequate?
David Austin: That is my understanding as well. We work very closely with Ofcom. Ofcom regulates UK on demand programme services as the Authority for Television On Demand, but it applies our standards in doing so. That is a partnership that works pretty effectively and Ofcom has done an effective job in dealing with that type of content. That is one bit that is carved out from the Bill and already dealt with by Ofcom.
We have given the witnesses a good half-hour grilling, so if no one is seeking to catch my eye—yes, Calum?
Q One of the biggest challenges facing coastal and rural communities like mine is the problems with undulating coastlines and areas of outstanding natural beauty. I am interested in your thoughts on how we can strengthen the Bill to make sure we get out to some of the rural areas left behind in the past.
Scott Coates: I refer you back to the last question. The most efficient way to deal with that is through the licences. There is licensing coming up that will create an opportunity. Unfortunately, it is going to be a few years before the airwaves that deliver that are available for deployment.
There is a lot of activity happening in the sector at the moment. The mobile operators are very busy investing in their networks and we are working hand in hand with them to help them deliver that. I know we are building new towers in coastal areas right now; I do not know if we are building one in your constituency. So it is getting better. Bear in mind that the Government struck a deal with the mobile operators 18 months ago and the operators are busy investing on the back of that. In the last 4G licence, when the 800 MHz got auctioned, one of the licence lots, bought by Telefónica, required it to cover more of the country, so Telefónica is investing on the back of that as well.
Q I want to push Dr Whitley on the privacy question. I think that what you are asking for, a code of conduct and some clarity, is reasonable, but equally, we cannot know what the demands and the questions might be going forward, or the data requirements. I look back on where Government do share data, querying the national insurance database, or, indeed, the Government ID project, where DVLA records were queried as a measure of identity, it all appeared to be fine, there were no issues of privacy or data loss, to my knowledge. In a way, should we not be taking on trust—I know that trust is a word people never like to use with Government, whereas we trust corporates all the time with all kinds of data—that we have not had a problem and that the right rules and procedures and the spirit of privacy will be protected?
Dr Whitley: You have highlighted a very privacy-friendly way of checking data that says, somebody has a database and you look it up and you say, “This particular person, or this particular attribute, is it true, yes or no?” Referring to the previous evidence session and the question, “Is this person over 18 and therefore able to access?”, yes/no seems a perfectly reasonable way of doing that and that is the kind of thing that we have been encouraging Government to do. As you say, the Verify programme uses exactly those kinds of checks. The problem is that, without that level of detail, it is not at all clear that that is going to be proposed for all parts of the data sharing. Again, with the civil registration data, they say explicitly, “We want to do bulk sharing” and that is, by definition, not a yes/no check. That is, “Here is a set of data that we have that we think will be useful for your Department to match against and thereby tailor particular services.”
As the National Audit Office reported a few weeks ago, there were 9,000 data incidents within Government in 2014-15. If you start just moving the data around, you really run the risk of data incidents of varying levels of severity, and if you do not have that detail you have to rely on trust. Is it not better to have that detail, so you can say, “This is what we want to do, this is the way we are thinking of doing it”, and ask experts, not only in PCAG but in general, “Do you have any issues or concerns about that and, if you do, what alternative ways might there be for addressing those?”?
Q Do large corporate families do that? Nobody ever reads the Ts and Cs, but if they do, do you give explicit permission for your data to be handled around the Facebook family, for example, in the way that you suggest Government should specify? That is just a question from ignorance.
Dr Whitley: I do not know exactly how Facebook would handle it, but even if you are not worried about the data breach and data loss issue there is just a simple efficiency thing: it is a lot easier to have small pieces of data—yes/no, they are interested in this form of cat food, they are interested in those kinds of holidays, therefore target adverts based on that—than sending huge swathes of data to other parts of the system for duplication and therefore increasing the risk of data loss.
Q It is an operational concern as well as a privacy concern?
Dr Whitley: Yes. From my perspective you start with a privacy concern that says, minimise the data that you are handling, do not have it in duplicate locations all over, but a consequence of starting with that privacy concern is that you also have very clear operational efficiencies; that you are not duplicating data and you are not having large amounts of data in your system, because the more data you hold, the more likely it is that there will be a breach, an attack, an accidental loss or whatever.
Q Forgive me for interrupting Mr Killock, but there is a good reason. You asked about successful outcomes—and if you are going to ask a question, I am going to answer it—the successful outcome is that children are protected in the online world in the same way as they are protected in the offline world. I have to reiterate this to you: I do not understand why you think it is a risk worth taking that some adults may or may not have their own personal preferences infringed, balanced against the harm which we know is done to children. On teenage boys, just saying that because teenage boys may or may not continue to watch pornography there is no point, that seems to be a very sad conclusion to come to.
Jim Killock: The point is that you can help children to be protected, the questions is, what is the best way? For instance, I agree with the NSPCC’s calls for the compulsory education of children. Of course that should be happening and it is not. Similarly, Claire Perry’s initiative to have filters available has its merits. Where I have a problem is where adults are forced into that situation, where they are having websites blocked and where there is little redress around that. I caution you around large-scale blocking of websites because we know from our own evidence that a very large number of websites get blocked incorrectly and it has impacts on those people too. The question is, what is effective? I am not sure that age verification will be effective in its own terms in protecting children.
Mr Killock, it is nice to hear you finally supporting the initiative. Indeed, all of the shroud waving about false blocking was brought out with vigour many times over the past five years—
Jim Killock: We stand by that.
Q My point is that it is sad that the campaign once again from your organisation is that the perfect must be the enemy of the good. I am afraid I would also question this issue of false blocking, and I would appreciate written evidence if you have it. It is a tiny fraction. It has never reached anything like the levels your organisation has claimed, and the processes for notification and unblocking have massively improved over the last five years. My question to you is: at what point does your organisation stop dealing with this world where it is, “Hands off our internet” and start accepting that content provision via the internet, which is just another form of provider, should have exactly the same safeguards as exist in the offline world?
Renate, your points around this are also quite disturbing because you are holding up for a perfect world—
Renate Samson: What points?
Q Claire Perry: Around privacy and data recognition. At what point do we accept that what is proposed in this Bill is actually a good step forward? While it may not be perfect, it is a massive step-change improvement on what we have today.
Jim Killock: The first question is: “What is the impact on everyone?”
Q No, the question is: will you provide us with written evidence of this issue of false blocking, in detail, because I happen to think it is completely untrue, your words on this?
Jim Killock: Yes, we can.
Q We would appreciate written evidence by next week. Thank you.
Jim Killock: We have literally hundreds.
Q Hundreds? Of the 1.5 billion websites that are out there?
Jim Killock: The error rate does not appear so large; but when you multiply that by the number of providers that have different blocking systems it becomes quite significant.
Do not interrupt the questions, or the answers.
Jim Killock: On the wider question, what is effective, the question is how are children protected, versus what is the impact on adults. At the moment we do not know, because the system is not in place, what that effect on adults will be; but we have to be concerned that adults should feel free to access legal material, no matter what it is. They should not feel like they are being snooped on or having their privacy or anonymity removed.
I was encouraged by some of things that were said earlier, but I have to say that when we sent some technical observers to hear about the systems that are likely to be put in place—the sort of things that vendors want to do—we heard a rather different story. The sorts of things they want to do include harvesting user data, maybe using Facebook and other platforms, to pull in their data to verify people’s age by inference. These things were not privacy friendly. Let us assume that the BBFC has a job, as apparently it does. It would be good if it had clear duties around privacy and anonymity, to make sure that it has to put those things first and foremost when it is choosing and thinking about age verification systems.
Q As a supplementary, does your organisation campaign against age verification on gambling sites on the internet?
Jim Killock: No, we do not.
Q Even though exactly the same issues of privacy could apply?
Jim Killock: I think they are rather different, are not they?
Q Why? They are legal.
Jim Killock: The first thing is that gambling sites are dealing with money. They have to know a little bit about their customers. They need to do that for fraud purposes, for instance. The second thing is, I think, it is much harder to argue that there is a free expression impact for gambling, compared with accessing legal material, whether it is pornographic or not.
Q So your interest is not about legality. It is about your interpretation of legal and illegal material.
Jim Killock: It ultimately is about what the courts think is the boundary around free expression, and what sort of things are impacting on people’s free expression and privacy. That is our standpoint. What we are asking for, the same as you, is the same standards online as offline. One of those standards is human rights and what we are entitled to do.
Let us hear from Ms Samson; and then we are moving on.
Renate Samson: Just to be clear, we submitted evidence and we have concerns about part 5 of the Bill. The questions you have been asking Mr Killock—I am unclear; are you asking me about the same issues you are asking him?
No, specifically about the part 5 questions.
Renate Samson: Okay. We have not, in our evidence and our concerns, asked for a perfect Bill, although I do not believe there is any harm in trying to make the best piece of legislation we can. The work that we do with the Privacy and Consumer Advisory Group and as part of the open policy making process is about having engagement, to ensure that we are the leading light in data sharing, but also data protection. As Mr Killock has mentioned, we are currently looking at the Data Protection Act 1998. That will probably expire in May 2018, and we will get the general data protection regulation. Right now the measure in question does not even refer to that, or, indeed, to the Investigatory Powers Bill. It refers to the Regulation of Investigatory Powers Act 2000 and the DPA. Also, it will probably fail on a number of the key points of the GDPR, in relation to potential profiling, consent of the individual, and putting the citizen at the heart of data sharing and data protection.
I am not looking for “perfect”, but I think “perfect” is a good place to head towards.
Q My question is for Mr Killock, with regard to what the Bill is seeking to do in terms of equalisation of copyright offence penalties. I just wondered why your organisation was not in favour of rights holders—the tens of thousands of content creators. Why is your organisation not keen on the idea in the Bill?
Jim Killock: That would be a misrepresentation. We are quite clear in our response. We are worried about the impact of this on people who should not be criminalised and who we thought the Government were not trying to criminalise in this case. Our position is that if the Government are going to extend the sentence and have the same sentence online as offline for criminal copyright infringement—that is to say, 10 years—then they need to be very careful about how the lines are drawn, because the offences are quite different. Offline, in the real world, criminal copyright infringement covers a number of acts. It is all about copying and duplication. Essentially, it is about criminal gangs duplicating DVDs and the like. Online, making that separation is harder, because everything looks like the same act—that is to say, publication. You put something on the internet, it is a publication. So how do you tell who is the criminal and who is the slightly idiotic teenager, or whatever it happens to be? How do you make sure that people who should not be threatened with copyright criminal sentences are not given those threats?
We particularly draw attention to the phenomenon of copyright trolling. For instance, there is a company called Golden Eye International, a pornographer which specialises in sending bulk letters to Sky customers, BT customers and so on, saying, “Please pay us £300 because you downloaded a film that is under copyright.” These are obviously pornographic films and they then wait for people to pay up. They have no specific knowledge that these people are actually the people doing the downloading, all they know is that somebody appears to have downloaded.
Q It discusses the transfer of data. It does not talk about your accessing data. It does not mention the technology through which you would do it. There are no codes of practice alongside how it would happen. It is very broad and explicitly talks about data sharing in certain areas.
Hetan Shah: I think I said this earlier, but in case I was not clear I shall repeat it. For statistical and research purposes, statisticians and researchers are interested only in aggregates; they are not interested in us as individuals. It is a key point that the relevant clauses are quite different from some of the other parts of the Bill. Others have indicated in their evidence that this area should be seen as slightly different.
It is also worth noting that there are safeguards that have been tried and tested over many years. There is the security surrounding the data—the ONS will not even let me into the vault where they hold the data. You need to be accredited and to sign something saying that you will not misuse the data. If you do, you will go to jail. The trick that has been missed has been not saying all that, because it is almost assumed that that is how the ONS works. My suggestion is that if you want to strengthen that part of the Bill, you should just lay out the safeguards that are already common practice in the ONS.
Q Thank you both for setting out some very factual and helpful arguments as to why the provisions are a good thing, particularly when it comes to aggregate statistics. I was struck by a quote in your report published in March, Professor Sir Charles. You mentioned the
“cumbersome nature of the present legal framework”,
which the Bill will clearly help to solve, and you also said that there was a
“cultural reluctance on the part of some departments and officials to data sharing”
and, in many ways, to working together, as we know from experience. How do we solve that problem and get Departments to realise how helpful some of these datasets might be?
Professor Sir Charles Bean: A key thing about the Bill is that it shifts the onus of presumption. There is a presumption of access unless there is a good reason not to comply or explain, if you like, as opposed to the current arrangement, which is that the data owner has the data and you say, “Can you please let us have a look at it?” There is civil service caution. I was a civil servant very early on in my career, so I am aware of how civil servants think. Inevitably, you are always worried about something going wrong or being misused or whatever. That plays into this, as well.
In the review I said there are really three elements and I think they are mutually reinforcing. There is the current legal framework, which is not as conducive as it could be; there is this innate caution on the part of some civil service Departments, or even perhaps on the part of their Ministers on occasion; and then the ONS has not been as pushy as it might have been. It is partly that if you know it is very difficult to get in—people are not very co-operative at the other end and the legal frameworks are very cumbersome—you are less inclined to put the effort in, and you think, “Oh, well, let’s just use the surveys, as we’ve always done.” So I think you need to act on the three things together, but they are potentially mutually reinforcing if you get the change right.
Hetan Shah: This is one area where I think the Bill could be strengthened. At the moment, the ONS has the right to request data; similarly, the researchers have the right to request data. The Department can still say, “No”, and in a sense the only comeback is that there is a sort of name-and-shame element of, “Parliament will note this”, as it were. My worry, given the cultural problems that have been seen in the past, is that that may not be enough. So why do we not do what Canada does? It just says, “The ONS requests”, and the Department gives.
Q It is a presumption in favour of sharing?
Hetan Shah: Yes, precisely. Similarly, with research you could have the same situation where, as long as the researcher meets the code of practice this required, the presumption would be in favour.
Q Professor Bean, in terms of the current legal framework and the problems with it as it exists, am I right in saying that there is an issue with legislation that was passed in the previous Government, under Gordon Brown’s premiership, that caps the use of data and research material, and which needs to be addressed quite urgently?
Professor Sir Charles Bean: Yes, I think it does need to be addressed. The existing Act was introduced with the intention of trying to improve the ability to share data, but it just has not operated in the way that people maybe hoped it would. In practice, having talked to the ONS and other Departments, it sounds like an extremely cumbersome process. So I think this is a case where the original legislation may have been well intentioned, but—
Q Will there be a problem even with accessing some datasets after a certain point in time—?
Professor Sir Charles Bean: There is a point after 2007, yes. You have to specifically write into the legislation that, in principle, the information can be shared, yes, whereas these information-sharing orders—
Q So that is creating a real problem in the infrastructure that needs to be addressed?
Professor Sir Charles Bean: Yes.
Thank you, colleagues. Thank you very much indeed to our final two witnesses; you gave very clear and expert answers. Thank you; it is much appreciated.
Ordered, That further consideration be now adjourned. —(Graham Stuart.)