Particulars of Proposed Designation of Age-Verification Regulator Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Earl of Erroll
Main Page: Earl of Erroll (Crossbench - Excepted Hereditary)Department Debates - View all Earl of Erroll's debates with the Department for Digital, Culture, Media & Sport
Particulars of Proposed Designation of Age-Verification Regulator
Earl of Erroll Excerpts(6 years, 3 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Clement-Jones (LD)
My Lords, I have no great argument with the particulars and the designation of the BBFC as the age-verification regulator. Indeed, we had some debates on this. I know that we may have some differences with the Labour Front Bench, but we think that the BBFC is fit for this particular purpose and will carry out the job effectively. Conversations we have had have convinced us of that. Another aspect that is beginning to be unpacked is the appeals system. Although of course we put down amendments on the question of the independence of the age-verification regulator, we think that the appeals system being set up, which is qualified in the Act—we would have preferred it not to be qualified—will be fit for purpose as well.
I want to revert to something that may strike both the Minister and Members on the Labour Front Bench as rather déjà vu: the question of the specification of the type of age verification that is required, or not, by the age-verification regulator. When we talked about this issue in Committee—indeed, amendments on it were laid on 2 February 2017 in Committee and on 20 March on Report; my noble friend Lord Paddick had a particular role in that—we were very concerned on both occasions that the age-verification methods were not going to be specified in enough detail in the Bill. It did not appear that they would be specified in any great detail in the draft guidance.
Flash forward a year and I am afraid that nothing has changed. The Minister may remember that, back in January, the Select Committee on the Constitution said:
“We are concerned that the extent to which the Bill leaves the details of the age-verification regime to guidance and guidelines to be published by the as yet-to-be-designated regulator adversely affects the ability of the House effectively to scrutinise this legislation”.
We have not moved on a great deal. If we look at the details of what I have found—which appears to be the up-to-date draft of the government guidance on the age-verification regulator—under chapter 3, paragraph 4, there is this statement:
“The regulator is not required to approve individual age-verification solutions. There are various ways to age-verify online and the industry is developing at pace. Providers are innovating and providing choice to consumers”.
That is exactly the same wording as in the draft guidance last year and quoted by my noble friend Lord Paddick on 20 March. That is extremely disappointing. It appears that the age-verification regulator will play an incredibly light-touch role in the approval of the type of age-verification that takes place.
Of course, later in chapter 3—which is headed “Age-verification arrangements”—it describes,
“the expectation that age-verification services and online pornography providers should take a privacy by design approach as recommended by the ICO”.
I have the privacy by design guidance from the ICO in front of me and I must say, if I was an age-verification provider, I would not find it particularly onerous, in terms of requiring me to try to find an anonymised age-verification solution. I find the Government’s guidance, as per Section 27 of the Act, extremely disappointing. I very much hope that the Minister can explain whether the ICO will have a role in this, what the impact of privacy by design is, in terms of enforcement, and whether the ICO will have the ability to impose a privacy impact assessment—or even a data impact assessment—on the object of the age-verification regulator’s regulation. Perhaps at the same time the Minister can explain in this particular space the boundary between what the ICO is empowered to do and what the age-verification regulator will be doing.
I am sorry to have to be disappointing in that respect, but I think that as part of the wider landscape—a matter we discussed last year—where we have got to is not particularly satisfactory if the general purpose of the age-verification regulator is to make sure that age-verification really works and that there is not the access for young people to these pornography sites that the Act was designed to prevent.
The Earl of Erroll (CB)
My Lords, I want to say a few words. I was quite involved in this issue when it was going through as part of our consideration of the Digital Economy Act. The Digital Policy Alliance, of which I am chairman, has had a working group on age verification for several years, looking at whether there are available solutions and encouraging people to develop them. I am pleased to tell the noble Lord, Lord Clement-Jones, that there are some solutions out there. I will explain something about that.
The only thing I want to say is that the Act received Royal Assent on 28 April, I think, so it has taken a very long time to get this guidance in place. That is a bit of a worry and a bit of a disappointment. I seem to remember that there was an intention to try to have enforcement within a year, otherwise there would be a huge great gap in the meantime. We are trying to protect children after all; that was the whole point of this. Waiting for a year—it will probably now be longer—is an awfully long time not to have protection in place.
I am very glad that the BBFC is finally about to get some teeth, get into operation and do something about this, which I am sure it will do extremely well. I know that it has been consulting an awful lot with a lot of different people from all the different sides, from child protection right through to the adult industry. The interesting thing is that quite a lot of the adult industry is happy to help and to co-operate, because it does not want children wasting its time. It is not in the job of trying to pervert children, but of trying to sell adult content to adults, so it is willing to co-operate. The world is watching. There is apparently now a willingness to realise that this will happen and to co-operate to a large extent.
The noble Lord, Lord Clement-Jones, has put his finger on the point about age-verification methods: they have to work and to do various things. I say to him, though, that there is a difference between the bit that is checking the attribute—the age—and the bit about privacy, which is not identifying who the person is to a website and to a casual visitor to that website. It would be career-limiting were it to be found out that the noble Lord himself was visiting an adult content site, even though it would be totally legal for him to do so. Therefore, it is important to ensure that privacy happens at that point, which is the ICO’s part. It is not the ICO’s job to say how age verification should be done. That is a different job.
In fact, we have developed, along with the British Standards Institution, a publicly available specification, PAS 1296, which should be coming out quite soon. It has been around the houses several times and has been revised. That should allow it to be possible for an organisation to see for itself how well it is doing. It might be that an industry body should be set up that can check whether age-verification providers are doing something in alignment with the PAS, which goes into great detail about how you can do these things and make sure that it can be privacy enforcing. The privacy side is left up to the GDPR, but it is mentioned in there as well.
Those are the main points that I wanted to make. It is time to get on with this. It is a huge leap forward. As I said, the world is watching. A whole lot of good will is out there to get this done properly. I look forward to seeing the final draft regulations, which will probably do the job.
Lord Stevenson of Balmacara (Lab)
My Lords, are we not back in familiar territory? We seem to spend a lot of time on these important issues, first on the Digital Economy Act, then substantial work, discussion, debate and thinking in the debates on the Data Protection Bill. I will disappoint the noble Lord, Lord Clement-Jones, by agreeing with most of what he said. He has a good point about where the boundaries between privacy and the processes described in the Digital Economy Act come to bear. There is room for a variety of approaches here. This is not an easy issue to address. I am not going to go back over the ground he covered—I look forward to hearing what the Minister will say about that—so I will go into some constitutional issues.
I have two general questions that might be important as we continue with this. One was touched on by the noble Earl, Lord Erroll, in his concluding remarks. Is it not the case that, when the Data Protection Bill, which brings in the GDPR, becomes an Act in May, we have inserted into it a requirement that those who operate on data subjects’ information relating to age have to do so in a way that is age-appropriate, otherwise the design has to change? In a sense, is this not the other half of the equation about blocking those who provide material by requiring those who are preparing and disseminating material to have it in a way that will not lead to the problems that were discussed so graphically about what happens to children, who we want to protect, who stumble across material that should be behind an age-verification system? In that sense, age-verification seems to be a bit like shutting doors after horses have bolted. We have to get the design right. If it is right, there will be no such question about people stumbling on to things, because if they go through an ISP or any form of social media provision, such as Facebook and similar arrangements, their progress would be age-designed and could be managed that way. Can the Minister reflect on that? He may well argue that this is the sort of thing that needs to be addressed by a yet to be established data ethics commission. He would probably be right.
Lord Ashton of Hyde
The noble Lord is absolutely right, and I apologise if I misled anyone. It is not the BBFC’s job to determine what is lawful. It is meant to implement the law. The debate that I think we will have when the regulations come to this House will be on the decisions that will have been taken on what is pornography available for commercial purposes. The definition of what is unlawful will be under the extreme pornography definition within the existing Act.
The Earl of Erroll
Leading on from that, I remember from the debates that the trouble was that the Obscene Publications Act was not aligned with the CPS guidance or with various other things. I presume therefore that some work will be done on this in the near future, otherwise I suspect that the BBFC will get into trouble. At the same time, because age verification may come into this too, presumably we will also try to align the internet stuff, which is what we have been talking about in the Digital Economy Act—broadcast, which is regulated differently, and video on demand, which I think is Ofcom’s responsibility at the moment. We really do not want different rules across all of those, so I hope we are going to get on with that.