Sir Jeremy Wright (Kenilworth and Southam) (Con)

- Hansard -

Copy Link

-

I beg to move,

That this House has considered the implementation of the Online Safety Act 2023.

It is a great pleasure to serve under your chairmanship, Mr Stringer, and I am grateful for the opportunity to open the debate. Let me start with some positives. The Online Safety Act 2023 is certainly not the last word on the subject, but it is, in my view, a big step forward in online safety, providing a variety of tools that allow the regulator to make the online world safer, particularly for children. I remain of the view that Ofcom is the right regulator for the task, not least because it can start its work sooner as an existing regulator and given the overlap with its existing work—for example, on video-sharing platforms. I also have great regard for the diligence and expertise of many at Ofcom who are now charged with these new responsibilities. However, I am concerned that Ofcom appears unwilling to use all the tools that the Act gives it to make the online world a safer place, and I am concerned that the Government appear unwilling to press Ofcom to be more ambitious. I want to explain why I am concerned, why I think it matters and what can be done about it.

Let me start with what I am worried about. There was a great deal of consensus about the passing of the Online Safety Act, and all of us involved in its development recognised both the urgent need to act on online harms and the enormity of the task. That means that the eventual version of the Act does not cover everything that is bad online and, of necessity, sets up a framework within which the regulator is required to fill in the gaps and has considerable latitude in doing so.

The architecture of that framework is important. Because we recognised that emerging harms would be more clearly and quickly seen by online services themselves than by legislators or regulators, in broad terms the Act requires online services to properly assess the risk of harms arising on their service and then to mitigate those risks. My concern is that Ofcom has taken an unnecessarily restrictive view of the harms it is asking services to assess and act on and, indeed, a view that is inconsistent with the terms of the Act. Specifically, my conversations with Ofcom suggest to me that it believes the Act only gives it power to act on harms that arise from the viewing of individual pieces of bad content. I do not agree, and let me explain why.

With limited exceptions, if an online service has not identified a risk in its risk assessment, it does not have to take action to reduce or eliminate that risk, so which risks are identified in the risk assessment really matters. That is why the Act sets out how a service should go about its risk assessment and what it should look out for. For services that may be accessed by children, the relevant risk assessment duties are set out in section 11 of the Act. Section 11(6) lists the matters that should be taken into account in a children’s risk assessment. Some of those undoubtedly refer to content, but some do not. Section 11(6)(e), for example, refers to

“the extent to which the design of the service, in particular its functionalities”

affects the risk of adults searching for and contacting children online. That is not a risk related to individual bits of content.

It is worth looking at section 11(6)(f), which, if colleagues will indulge me, I want to quote in full. It says that a risk assessment should include

“the different ways in which the service is used, including functionalities or other features of the service that affect how much children use the service (for example a feature that enables content to play automatically), and the impact of such use on the level of risk of harm that might be suffered by children”.

I think that that paragraph is talking about harms well beyond individual pieces of bad content. It is talking about damaging behaviours deliberately instigated by the design and operation of the online service, and the way its algorithms are designed to make us interact with it. That is a problem not just with excessive screen time, on which Ofcom has been conspicuously reluctant to engage, but with the issue of children being led from innocent material to darker and darker corners of the internet. We know that that is what happened to several of the young people whose suicides have been connected to their online activity. Algorithms designed to keep the user on the service for longer make that risk greater, and Ofcom seems reluctant to act on them despite the Act giving it powers to do so. We can see that from the draft code of practice on harm to children, which Ofcom published at the end of last year.

This debate is timely because the final version of the code of practice is due in the next couple of months. If Ofcom is to change course and broaden its characterisation of the risks that online services must act on—as I believe it should—now is the time. Many of the children’s welfare organisations that we all worked with so closely to deliver the Act in the first place are saying the same.

If Ofcom’s view of the harms to children on which services should act falls short of what the Act covers, why does it matter? Again, the answer lies in the architecture of the Act. The codes of practice that Ofcom drafts set out actions that services could take to meet their online safety duties. If they do the things that they set out, they are taken to have met the relevant safety duty and are safe from regulatory penalty. If in the code of practice Ofcom asks services to act only on content harms, it is highly likely that that is all services will do because it is compliance with the code that provides regulatory immunity. If it is not in the code, services probably will not do it. Codes that ignore some of the Act’s provisions to improve children’s safety means the online services that children use will ignore those provisions, too. We should all be worried about that.

That brings me to the second area where I believe that Ofcom has misinterpreted the Act. Throughout the passage of the Act, Parliament accepted that the demands that we make of online services to improve the safety of their users would have to be reasonable, not least to balance the risks of online activity with its benefits. In later iterations of the legislation, that balance is represented by the concept of proportionality in the measures that the regulator could require services to take. Again, Ofcom has been given much latitude to interpret proportionality. I am afraid that I do not believe it has done so consistently with Parliament’s intention. Ofcom’s view appears to be that for a measure to be proportionate there must be a substantial amount of evidence to demonstrate its effectiveness. That is not my reading of it.

Section 12 of the Act sets out the obligation on services to take proportionate measures to mitigate and manage risks to children. Section 13(1) offers more on what proportionate means in that context. It states:

“In determining what is proportionate for the purposes of section 12, the following factors, in particular, are relevant—

(a) all the findings of the most recent children’s risk assessment (including as to levels of risk and as to nature, and severity, of potential harm to children), and

(b) the size and capacity of the provider of a service.”

In other words, a measure that would be ruinously expensive or disruptive, especially for a smaller service, and which would deliver only a marginal safety benefit, should not be mandated, but a measure that brings a considerable safety improvement in responding to an identified risk, even if expensive, might well be justified.

Similarly, when it comes to measures recommended in a code of practice, schedule 4(2)(b) states those measures must be

“sufficiently clear, and at a sufficiently detailed level, that providers understand what those measures entail in practice”,

and schedule 4(2)(c) states that recommended measures must be “proportionate and technically feasible”, based on the size and capacity of the service. We should not ask anything of services they cannot do, and it should be clear what they have to do to comply. That is what the Act says proportionality means. I cannot find in the Act support for the idea that we have to know something will work before we try it in order for that action to be proportionate and therefore recommended in a code of practice. Why does that disagreement on interpretation matter? Because we should want online platforms and services to be innovative in how they fulfil their safety objectives, especially in the fast-moving landscape of online harms. I fear that Ofcom’s interpretation of proportionality, as requiring evidence of effectiveness, will achieve the opposite.

There will only be an evidence base on effectiveness for a measure that is already being taken somewhere, and that has been taken for long enough to generate that evidence of effectiveness. If we limit recommended actions to those that have evidence of success, we effectively set the bar for safety measures at current best practice. Given the safe harbour offered by measures recommended in codes of practice, that could mean services being deterred from innovating, because they get the protection only by doing things that are already being done.

Sir Jeremy Wright

- Hansard -

Copy Link

-

The hon. Gentleman makes an interesting point. We have to balance two things, though. We want consistency, as he suggests, but we also want platforms to respond to the circumstances of their own service, and to push the boundaries of what they can achieve by way of safety measures. As I said, they are in a better position to do so than legislators or regulators are to instruct them. The Act was always intended to put the onus on the platforms to take responsibility for their own safety measures. Given the variety of actors and different services in this space, we are probably not going to get a uniform approach, nor should we want one. The hon. Gentleman is right to say that the regulator needs to ensure that its expectations of everyone are high. There is a further risk not that we might just fix the bar at status quo but that, because of the opportunity that platforms have to innovate, some might go backwards on new safety measures that they are already implementing because they are not recommended or encouraged by Ofcom’s code of practice. That cannot be what we want to happen.

Those are two areas where I believe Ofcom’s interpretation of the Act is wrong and retreats in significant ways from Parliament’s intention to give the regulator power to act to enhance children’s online safety. I also believe it matters that it is wrong. The next question is what should be done about it. I accept that sometimes, as legislators, we have no choice but to pass framework legislation, with much of the detail on implementation to come later. That may be because the subject is incredibly complex, or because the subject is fast-moving. In the case of online safety, it is both.

Framework legislation raises serious questions about how Parliament ensures its intentions are followed through in all the subsequent work on implementation. What do we do if we have empowered regulators to act but their actions do not fulfil the expectations that we set out in legislation?

Sir Jeremy Wright

- Hansard -

Copy Link

-

The hon. Gentleman identifies a real risk in this space: we are always playing catch-up, and so are the regulators. That is why we have tried—perhaps not entirely successfully—to design legislation that gives the regulators the capacity to move faster, but we have to ask them to do so and they have to take responsibility for that. I am raising these points because I am concerned that this particular regulator in this particular set of circumstances is not being as fleet of foot as it could be, but the hon. Gentleman is right that this is a concern across the regulatory piece. I would also say that regulators are not the only actor. We might expect the Government to pick up this issue and ensure that regulators do what Parliament expects, but in this area the signs are not encouraging.

As some Members in Westminster Hall this morning know because they were present during the debates on it, elsewhere in the Online Safety Act there is provision to bring forward secondary legislation to determine how online services are categorised, with category 1 services being subject to additional duties and expectations. That process was discussed extensively during the passage of the Act, and an amendment was made to it in the other place to ensure that smaller platforms with high incidences of harmful content could be included in category 1, along with larger platforms. That is an important change, because some of the harm that we are most concerned about may appear on smaller specialist platforms, or may go there to hide from the regulation of larger platforms. The previous Government accepted that amendment in this House, and the current Government actively supported it in opposition.

I am afraid, however, that Ofcom has now advised the Government to disregard that change, and the Government accepted that advice and brought a statutory instrument to Committee on 4 February that blatantly contravenes the will of Parliament and the content of primary legislation. It was a clear test case of the Government’s willingness to defend the ambition of the Online Safety Act, and I am afraid they showed no willingness to do so.

If we cannot rely on the Government to protect the extent of the Act—perhaps we should not, because regulatory independence from the Executive is important—who should do it? I am sure the Minister will say in due course that it falls within the remit of the Science, Innovation and Technology Committee. I mean no disrespect to that Committee, but it has a lot on its plate already and supervision of the fast-moving world of online safety regulation is a big job in itself. It is not, by the way, the only such job that needs doing. We have passed, or are in the process of passing, several other pieces of similar framework legislation in this area, including the Digital Markets, Competition and Consumers Act 2024, the Data (Use and Access) Bill and the Media Act 2024, all of which focus on regulators’ power to act and on the Secretary of State’s power to direct them. Parliament should have the means to oversee how that legislation is being implemented too.

Many of these areas overlap, of course, as regulators have recognised. They established the Digital Regulation Co-operation Forum to deal with the existing need to collaborate, which of course is only likely to grow with the pervasive development of artificial intelligence. Surely we should think about parliamentary oversight along the same lines. That is why I am not the first, nor the only, parliamentarian to be in favour of a new parliamentary Committee—preferably a Joint Committee, so that the expertise of many in the other place can be utilised—to scrutinise digital legislation. The Government have set their face against that idea so far, but I hope they will reconsider.

My final point is that there is urgency. The children’s safety codes will be finalised within weeks, and will set the tone for how ambitious and innovative—or otherwise—online services will be in keeping our children safe online. We should want the highest possible ambition, not a reinforcement of the status quo. Ofcom will say, and has said, that it can always do more in future iterations of the codes, but realistically the first version will stand for years before it is revised, and there will be many missed opportunities to make a child’s online world safer in that time. It is even less likely that new primary legislation will come along to plug any gaps anytime soon.

As the responsible Secretary of State, I signed off the online harms White Paper in 2019. Here we are in 2025, and the Online Safety Act is still not yet fully in force. We must do the most we can with the legislation we have, and I fear that we are not.

Given the efforts that were made all across the House and well beyond it to deliver the best possible set of legislative powers in this vital area, timidity and lack of ambition on the part of Ministers or regulators—leading to a pulling back from the borders of this Act—is not just a challenge to parliamentary sovereignty but, much more importantly, a dereliction of duty to the vulnerable members of our society, whose online safety is our collective responsibility. There is still time to be braver and ensure that the Online Safety Act fulfils its potential. That is what Ofcom and the Government need to do.

Sir Jeremy Wright

- Hansard -

Copy Link

-

The Minister might be about to come to the point I want to raise with her, which is about proportionality. Will she say something about that? I am keen to understand whether the Government accept Ofcom’s understanding of the term—that proportional measures are those measures that can be evidenced as effective. I gave reasons why I am concerned about that. I want to understand whether the Government believe that that is the correct interpretation of proportionality.

Sir Jeremy Wright

- Hansard -

Copy Link

-

I am grateful to everyone who has spoken in the debate. We have talked about the consensus there was in the passage of the Online Safety Bill. I think it is fair to say that that consensus is broadly still present, based on what Members have said this morning, and I am grateful for it.

There is a need to get this Act implemented. I accept what the Minister says about that, and others have made the same point: we do not want to make the best the enemy of the good, and there is always a trade-off between, on the one hand, getting the particular mechanisms that we know will protect people online in place as swiftly as possible, and on the other hand, making them as extensive and effective as possible.

However, given how long it takes for Parliament to make change—I make no apologies for repeating this point—we need to make the best use of the legislation that we have. I have not made a case this morning for extending the parameters of the legislation; I have made a case for using the parameters we already have, which Parliament has already legislated into being and which we have passed over to the regulator for it to use.

I accept that regulation and legislation is not passed for effect; we do it so that it can work. We do it not to make ourselves feel better, but to make the lives of our constituents better, so the Minister is right to say that the usability of all this should be at the heart of what we are interested in. I accept the point made by the hon. Member for Esher and Walton (Monica Harding) that Ofcom should not be predominantly focused on insulating itself from judicial review. As a former Law Officer, I think that is an impossible task anyway. This legislation and the regulation that follows it will be challenged—the online platforms have every incentive to challenge it. We cannot be so terrified of that prospect that we are unwilling to extend the parameters of the regulation as far as we believe they should go. That is why I think everybody needs to be a tad braver in all this.

Finally, I simply want to repeat the point that many of us have made, which is that we need as Parliament to have a way of keeping our eye on what is happening in this space. These debates are great, but shouting at Ofcom through the loudhailer of Westminster Hall is not as effective as a Committee set up to do this in a more structured and, frankly, a more productive and consensual way. That is the gap that exists in the landscape of parliamentary oversight, and as we develop more and more digital regulation, as we have to, and as AI advances, we will have to fill that gap. I simply say to the Government that filling it sooner rather than later would be wise.

Question put and agreed to.

Resolved,

That this House has considered the implementation of the Online Safety Act 2023.

Sir Jeremy Wright (Kenilworth and Southam) (Con)

- Hansard -

Copy Link

-

There is a great deal in this Bill that we can all support, but some difficult concepts lurk within it, as I know the Secretary of State will recognise. He is talking about data transparency. One of the issues of concern is about precisely what we mean by the “scientific research” on which data may be employed, and precisely what we mean by “the public interest” that must be served by that scientific research. We will not examine this issue on Second Reading, but may I ask him to commit to a proper examination of those concepts as the Bill moves forward, so that we can all understand what we mean and the public can get the reassurance that he describes?

Sir Jeremy Wright

- Hansard -

Copy Link

-

The Secretary of State is very generous in giving way. Before he finishes, may I ask him about the situation we are creating with this Bill and the Online Safety Act 2023 of setting a framework within which regulators need to operate and cover a good deal of ground? Does he think the advent of these pieces of legislation makes a stronger case for a new Committee of this House, and perhaps a Joint Committee, to maintain scrutiny of ongoing digital regulation? If so, will he be prepared to advance that case?

Sir Jeremy Wright (Kenilworth and Southam) (Con)

- Hansard -

Copy Link

-

It is a great and unexpected pleasure to serve under your chairmanship, Sir Christopher. I want to take this opportunity to say something about why I think these regulations are a mistake. I agree with a great deal of what the hon. Member for Aberdeen North (Kirsty Blackman) has just said—I will seek not to repeat it—but it is probably worth noting at the outset that, as the Minister has rightly explained, these regulations are not the only means by which we will hold online services to account under this legislation.

A category 1 designation allows Ofcom—the regulator —to impose additional constraints on a platform. I think that is an entirely fair point to make, but as the hon. Lady observed, something like 100,000 online services are likely to be in scope of this Act overall. It is worth noting that, in Ofcom’s assessment, something like 12 to 16 services only would qualify for category 1 status if, as is currently the case, size was the only criterion and we set the limit—as these regulations seek to do—at 7 million monthly users.

As the hon. Lady explained, over a considerable period of time, with a considerable amount of energy expended, Parliament decided that it was appropriate to include in the category 1 designation not just the largest services, but those services where a great deal of harm may be concentrated but the services are, in themselves, much smaller. Those services being smaller might happen organically, or it might, of course, happen because that harmful content seeks refuge from the regulation applied to the larger services by migrating to smaller ones.

There is good reason, therefore, to think that having smaller services potentially included in category 1 designation is a tool that Ofcom, and indeed the Government, will want to have available.

Those platforms, such as ones that specialise in suicide or self-harm, might well be the kind of platforms that we find ourselves increasingly concerned about and that the Government will increasingly be asked to do something about. I have to say to the Minister that it is not sensible to remove from the regulator’s hand the tools that it might want to use to do what the Government will undoubtedly ask it to do—the Government themselves will come under pressure to do something about that.

Again, as has been explained, what or who we include in that category 1 designation really matters, because of the additional powers and constraints that Ofcom will have available to it in relation to category 1 services. Those powers include the only powers available under this Act to protect adults from anything that is not illegal content—including vulnerable adults, by the way. There will come a time when the Government, I suspect, will wish they had more to deal with problems of that nature. As the hon. Member for Aberdeen North explained, the Act gives those powers, so it is bizarre in the extreme that the Government should choose voluntarily not to use them. It is bizarre, also, because the Labour party in opposition was clear in its support for the change.

The hon. Member for Newton Abbot quoted one example of something that the shadow spokesman at the time, the hon. Member for Pontypridd (Alex Davies-Jones), who now has Government responsibilities elsewhere, said during the passage of the Bill. I will quote another example to the Committee. She said:

“Categorisation of services based on size rather than risk of harm will mean that the Bill will fail to address some of the most extreme harms on the internet.”––[Official Report, Online Safety Public Bill Committee, 12 July 2022; c. 168.]

I think she was absolutely right then, and still is now. The draft regulations, I am afraid, do exactly what she said the Act should not do: they limit the criterion for the designation of category 1, and these additional powers, to size only.

We should think about the Government’s rationale for what they are doing. In December, the Secretary of State made a written statement to set out the reasoning for the measures that the Government have put before the Committee:

“In making these Regulations, I have considered factors as required by the Act. Amendments made during the passage of the Act, changed the consideration for Category 1 from the ‘level of risk of harm to adults from priority content that is harmful to adults disseminated by means of the service’ to ‘how easily, quickly and widely regulated user-generated content is disseminated by means of the service.’ This was a significant change”.—[Official Report, 16 December 2024; Vol. 759, c. 12WS.]

In other words, I think the Secretary of State was arguing that he has no option but to limit to a scale criterion-only designation for category 1, because that is how the Act has changed. That is fundamentally mistaken, if I may say so to the Minister. I do not expect her to have all this before her—I know her officials will take careful note—but the Act states at paragraph 1(5) of schedule 11:

“In making regulations under sub-paragraph (1)”—

the draft regulations we are discussing—

“the Secretary of State must take into account the likely impact of the number of users of the user-to-user part of the service, and its functionalities, on”—

and this is the part the Secretary of State drew out in his statement—

“how easily, quickly and widely regulated user-generated content is disseminated by means of the service.”

Without doubt, therefore, the Secretary of State has to take the number of users into account, but it is not the only criterion. There is a fundamental misunderstanding —at least, I hope that is what it is—in the ministerial statement, which suggests that that is the only criterion to be considered. It is not, and I think it is a mistake to ignore the others, which, again, have already been drawn out in the debate.

To be clear, these draft regulations mean that no smaller platform—under the level of 7 million monthly users—can ever be considered as a category 1 platform, unless or until the Government and Ofcom change their approach to the categorisation process. I repeat the point, and I make no apologies for doing so, that that is specifically contrary to what Parliament had intended in the passage of the Act.

The hon. Member for Aberdeen North and I are not the only ones making this observation. There are multiple organisations with whom we and then the Labour party worked closely to get this Act passed for the protection of those about whom the Labour party is charged with worrying. Those include organisations such as the Samaritans, Mind, the Centre for Countering Digital Hate, the Antisemitism Policy Trust and the Molly Rose Foundation, all of which care deeply about the effectiveness of this legislation, as I am sure we all do.

It is true, and the Minister may make this point, that Ofcom’s advice suggested the course of action the Government are now taking. However, “advice” is the key word. The Government were not obliged to take it, and in this instance I think they would have been wiser to resist it. Ofcom will not have all the tools it could have to deal with smaller services where greater harm may be concentrated, despite what the Act allows. I have to say that tying one hand behind Ofcom’s back is not sensible, even when Ofcom is itself asking us to do so. That is especially true when the Government place such heavy reliance on the Online Safety Act—as they are entitled to—to deal with the multiple online harms that arise.

I have lost count, as I suspect others in this Committee have, of the number of times that Ministers have referred to the Online Safety Act when challenged about harmful materials or behaviours online and said, “This is the answer. This Act gives us powers to act against services that do not do what they should.” They are right that it is not a perfect piece of legislation, and none of us involved in its generation would claim that it was, but it does give Government and regulators the powers to act. However, that does us no good at all if, in subsequent pieces of statutory legislation, the Government choose not to use those tools or put them beyond Ofcom’s reach. That is what the regulations do.

I have to say to the Minister that government is hard enough. She should not throw away the tools she needs to do the job that she has promised everyone that she will do. This is a mistake, and I hope that even at this late stage the Minister will find a way to avoid making it.

Sir Jeremy Wright

- Hansard -

Copy Link

-

I am extremely grateful to the Minister for giving way, and I have sympathy with her position, especially in relation to legal advice, having both received it and given it. I suggest that the Minister is talking about two different things, and they need to be separated. The first is the question of whether legal but harmful content was removed from the Bill, which it undoubtedly was. Measures in relation to content that is neither unlawful nor harmful to children were largely removed from the Bill—the Minister is right to say that.

What we are discussing, however, are the tools available to Ofcom to deal with those platforms that it is still concerned about in relation to the remaining content within the ambit of the Bill. The worry of those of us who have spoken in the debate is that the Government are about to remove one of the tools that Ofcom would have had to deal with smaller, high-harm platforms when the harm in question remains in ambit of the Bill—not that which was taken out during its passage. Would the Minister accept that?

Sir Jeremy Wright

- Hansard -

Copy Link

-

It would not be right for either of us to ask the Minister to disclose legal advice—that clearly would not be appropriate—but I am grateful for the Minister’s offer to share a slightly more expansive description of why the Government have come to the conclusion that they have.

On the hon. Lady’s point about what the Act actually says, we have both quoted paragraph 1(5) of schedule 11, which deals with whether the language that has found its way into the ministerial statement is the be-all and end-all of the Minister’s conclusions. We both think it is not. If it is the case, as I think the Minister is arguing, that the ability to disseminate “easily, quickly and widely” is essentially a synonym for the scale of the service and the number of its users, what does the hon. Lady think of the amendment that Baroness Morgan made in the other place to paragraph 1(4), which says that when the regulations we are considering specify

“the way or ways in which the relevant conditions are met”,

for category 1 threshold conditions

“at least one specified condition about number of users or functionality must be met”?

The crucial word that was added is “or”. If the number of users were required to establish what the hon. Lady has described, the word “or” would be inappropriate.

Sir Jeremy Wright (Kenilworth and Southam) (Con)

- Hansard -

Copy Link

-

It is a great pleasure to serve under your chairmanship, Mr Dowd. I congratulate the hon. Member for Darlington (Lola McEvoy) not just on securing this debate but on the way in which she made her case. I want to focus on a couple of the more technical aspects of the Online Safety Act, which are important in fulfilling the objectives that we all share this afternoon, which, as she rightly said, are to make sure that the vehicle that we now have in the OSA delivers the right outcomes for the safety of children online.

I am grateful to my hon. Friend the Member for Gosport (Dame Caroline Dinenage); she is right that I had ministerial responsibility for the Act. I think, frankly, it is harder to find Conservative Ministers who did not have responsibility for it at some point or another, but what we all tried to do was make sure that the structure of the Act would support the objectives that, again, we all share.

I will mention two specific things, which I should be grateful if the Minister would consider. I do not expect her to respond to them this afternoon, but if she would consider them and write to me, I should be very grateful.

It seems to me that we need to make sure that as responsibility for implementing the Act moves from us as legislators to Ofcom as the regulator, Government and Parliament and the regulator are on the same page. There are two areas where I am concerned that that might not be the case. The first is the question whether harm to children is all about content. I do not think it is. We have heard this afternoon that many aspects of risk and harm to children online have nothing to do with the specific nature of an individual piece of content.

The Act is important, and I believe it does support Ofcom’s ability to act in relation to harms beyond specific matters of content. For the Minister’s benefit, I have in mind section 11 of the Act on risk assessment—as she will know, because she knows it off by heart. For everybody else here, section 11 deals with risk assessment, and on that a great deal hangs. If we do a risk assessment, the obligation is to do something about risks, and that hangs on what risks are identified in the assessment. So the risk assessment matters.

As I read the Act, section 11 says that, yes, we must risk-assess for individual harmful pieces of content, but under section 11(6)(f) we also must risk-assess for the different ways that the service is used, including functionalities or other features of the service that affect how much children use the service—which goes back to a point made earlier. Those are the sorts of things it is important to underline that we expect Ofcom to attend to.

I am grateful for the Government’s statement of strategic priorities, but the point made about this being a fast-moving landscape is fundamental. Again in the Act, the codes of practice are vital, because they set out the things that platforms ought to do to keep children safe. If the platforms do the things set out in the codes, they are broadly invulnerable from further regulatory intervention. We need to act urgently to ensure that the codes of practice say what we want them to say. At the moment my concern is that Ofcom may simply talk about current good practice and not urge advancements in good practice to be maintained by the platforms. Those are the two areas that I hope the Minister will think about in relation to the draft codes and the need for an ongoing relationship between us in Parliament and Government and Ofcom to ensure that the Act continues to deliver as we want it to.

Sir Jeremy Wright

- Hansard -

Copy Link

-

Will the Minister give way?

Sir Jeremy Wright (Kenilworth and Southam) (Con)

- Hansard -

Copy Link

-

I draw the House’s attention to my entry in the Register of Members’ Financial Interests. Let me take the opportunity to congratulate my hon. Friend the Member for Meriden (Saqib Bhatti) on his appointment. Does he recognise that it is important to be clear—and for the CMA and the DMU to be clear—that there could be a conflict between the interests of current consumers and those of future consumers? Therefore, it is important that the interests of both are balanced in what the CMA and the DMU eventually decide to do.

Sir Jeremy Wright

- Hansard -

Copy Link

-

I thank my hon. Friend for giving way again. He will appreciate that we are all trying to get clarity, so we understand what the proposals really mean. In relation to the appeal standard that he describes, for cases that are not specifically related to fines, he mentioned the proportionality addition earlier in his remarks. When it comes to an appeal, are we right to understand that the question of proportionality applies when the CMA originally makes its decision to require an intervention and does not apply to the JR standard that is used to determine an appeal?

It is important to be specific about that, because there are those who would argue that proportionality should be a part of the appeal process. I think the Government amendments say that proportionality applies at an earlier stage and that when it comes to considering whether the CMA has behaved in a proportionate way in making its decisions, the assessment will be made by the Competition Appeal Tribunal on JR principles. Am I right about that?

Sir Jeremy Wright

- Hansard -

Copy Link

-

It seems to me—I would be interested in my right hon. and learned Friend’s view—that on the basis of the Government’s proposed wording, it is more likely that a firm will be able to challenge whether the CMA has applied its proportionality test appropriately, but the means by which it will do so will be under JR principles on appeal, rather than on a merits basis. It is not that proportionality is not subject to challenge, but that that challenge is limited by JR principles at the appeal stage. Does my right hon. and learned Friend agree?

Sir Jeremy Wright (Kenilworth and Southam) (Con)

- View Speech - Hansard -

Copy Link

-

As others have done, I welcome the considerable progress made on the Bill in the other place, both in the detailed scrutiny that it has received from noble Lords, who have taken a consistent and expert interest in it, and in the positive and consensual tone adopted by Opposition Front Benchers and, crucially, by Ministers.

It seems that there are very few Members of this House who have not had ministerial responsibility for the Bill at some point in what has been an extraordinarily extensive relay race as it has moved through its legislative stages. The anchor leg—the hardest bit in such a Bill—has been run with dedication and skill by my right hon. Friend the Secretary of State, who deserves all the praise that she will get for holding the baton as we cross the parliamentary finish line, as I hope we are close to doing.

I have been an advocate of humility in the way in which we all approach this legislation. It is genuinely difficult and novel territory. In general, I think that my right hon. Friend the Secretary of State and her Ministers—the noble Lord Parkinson and, of course, the Under-Secretary of State for Science, Innovation and Technology, my hon. Friend the Member for Sutton and Cheam (Paul Scully)—have been willing to change their minds when it was right to do so, and the Bill is better for it. Like others who have dealt with them, I also thank the officials, some of whom sit in the Box, some of whom do not. They have dedicated—as I suspect they would see it—most of their lives to the generation of the Bill, and we are grateful to them for their commitment.

Of course, as others have said, none of this means that the Bill is perfect; frankly, it was never going to be. Nor does it mean that when we pass the Bill, the job is done. We will then pass the baton to Ofcom, which will have a large amount of further work to do. However, we now need to finalise the legislative phase of this work after many years of consideration. For that reason, I welcome in particular what I think are sensible compromises on two significant issues that had yet to be resolved: first, the content of children’s risk assessments, and secondly, the categorisation process. I hope that the House will bear with me while I consider those in detail, which we have not yet done, starting with Lords amendments 17, 20 and 22, and Lords amendment 81 in relation to search, as well as the Government amendments in lieu of them.

Those Lords amendments insert harmful “features, functionalities or behaviours” into the list of matters that should be considered in the children’s risk assessment process and in the meeting of the safety duties, to add to the harms arising from the intrinsic nature of content itself—that is an important change. As others have done, I pay great tribute to the noble Baroness Kidron, who has invariably been the driving force behind so many of the positive enhancements to children’s online safety that the Bill will bring. She has promoted this enhancement, too. As she said, it is right to recognise and reflect in the legislation that a child’s online experience can be harmful not just as a result of the harm an individual piece of content can cause, but in the way that content is selected and presented to that child—in other words, the way in which the service is designed to operate. As she knows, however, I part company with the Lords amendments in the breadth of the language used, particularly the word “behaviours”.

Throughout our consideration of the Bill, I have taken the view that we should be less interested in passing legislation that sounds good and more interested in passing legislation that works. We need the regulator to be able to encourage and enforce improvements in online safety effectively. That means asking the online platforms to address the harms that it is within their power to address, and to relate clearly the design or operation of the systems that they have put in place.

The difficulty with the wording of the Lords amendments is that they bring into the ambit of the legislation behaviours that are not necessarily enabled or created by the design or operation of the service. The language used is

“features, functionalities or behaviours (including those enabled or created by the design or operation of the service) that are harmful to children”—

in other words, not limited to those that are enabled or created by the service. It is a step too far to make platforms accountable for all behaviours that are harmful to children without the clarity of that link to what the platform has itself done. For that reason, I cannot support those Lords amendments.

However, the Government have proposed a sensible alternative approach in their amendments in lieu, particularly in relation to Lords amendments 17 and Lords amendment 81, which relates to search services. The Government amendments in lieu capture the central point that design of a service can lead to harm and require a service to assess that as part of the children’s risk assessment process. That is a significant expansion of a service’s responsibilities in the risk assessment process which reflects not just ongoing concern about types of harm that were not adequately captured in the Bill so far but the positive moves we have all sought to make towards safety by design as an important preventive concept in online safety.

I also think it is important, given the potential scale of this expanded responsibility, to make clear that the concept of proportionality applies to a service’s approach to this element of assessment and mitigation of risk, as it does throughout the Bill, and I hope the Minister will be able to do that when he winds up the debate.

Sir Jeremy Wright

- Hansard -

Copy Link

-

My hon. Friend makes a fair point. One difficult part of our legislative journey with the Bill is to get right, in so far as we can, the balance between what the regulator should take responsibility for, what Ministers should take responsibility for and what the legislature—this Parliament—should take responsibility for. We may not have got that exactly right yet.

On my hon. Friend’s specific point, my understanding is that because Ofcom must report to Parliament in any event, it will certainly be Ofcom’s intention to report back on this. It will be quite a large slice of what Ofcom does from this point onwards, so it would be remarkable if it did not, but I think we will have to return to the points that my hon. Friend the Member for Folkestone and Hythe (Damian Collins) and others have made about the nature of parliamentary scrutiny that is then required to ensure that we are all on top of this progress as it develops.

I was talking about what I would like my hon. Friend the Minister to say when he winds up the debate. I know he will not have a huge amount of time to do so, but he might also confirm that the balancing duties in relation to freedom of speech and privacy, for example, continue to apply to the fulfilment of the safety duties in this context as well. That would be helpful.

The Government amendments in lieu do not replicate the reference to design in the safety duties themselves, but I do not see that as problematic because, as I understand it, the risks identified in the risk assessment process, which will now include design risks, feed through to and give rise to the safety duties, so that if a design risk is identified in the risk assessment, a service is required to mitigate and address it. Again, I would be grateful if the Minister confirmed that.

We should also recognise that Government amendment (b) in lieu of Lords amendment 17 and Government amendments (b) and (c) in lieu of Lords amendment 81 specifically require consideration of

“functionalities or other features of the service that affect how much children use the service”

As far as I can tell, that introduces consideration of design-related addiction—recognisable to many parents; it cannot just be me—into the assessment process. These changes reflect the reality of how online harm to children manifests itself, and the Government are to be congratulated on including them, although, as I say, the Government and, subsequently, Ofcom will need to be clear about what these new expectations mean in practical terms for a platform considering its risk assessment process and seeking to comply with its safety duties.

I now turn to the amendments dealing with the categorisation process, which are Lords amendment 391 and the Government amendments arising from it. Lords amendment 391 would allow Ofcom to designate a service as a category 1 service, with the additional expectations and responsibility that brings, if it is of a certain scale or if it has certain functionalities, rather than both being required as was the case in the original Bill. The effect of the original drafting was, in essence, that only big platforms could be category 1 platforms and that big platforms were bound to be category 1 platforms. That gave rise to two problems that, as my hon. Friend the Minister knows, we have discussed before.

Sir Jeremy Wright

- Hansard -

Copy Link

-

It has just crossed my mind that the Minister might be saying that he agreed with everything that I said, which cannot be right. Let me be clear about the two points. One was in relation to whether, when we look at design harms, both proportionality and balancing duties are relevant—I think that he is saying yes to both. The other point that I raised with him was around encryption, and whether I put it in the right way in terms of the Government’s position on encryption. If he cannot deal with that now, and I would understand if he cannot, will he write to me and set out whether that is the correct way to see it?