Thursday 3rd October 2019

(5 years, 1 month ago)

Westminster Hall
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.

Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Liam Byrne Portrait Liam Byrne (Birmingham, Hodge Hill) (Lab)
- Hansard - -

What a fantastic debate we have had this afternoon. I congratulate my hon. Friend the Member for Newcastle upon Tyne Central (Chi Onwurah) very warmly on securing it. I am extremely glad that she started with a brief account of the industrial revolution, which started in 1712 when the Newcomen steam engine was demonstrated at Dudley castle, a day that we commemorate every year on Black country day.

The debate that unfolded subsequently illustrated an important point. The steam engine was not perfected until James Watt joined Matthew Boulton at the Soho manufactory. It was 1789 before the first rotary steam engine was sold to a man called Peter Drinkwater, who created the first steam-powered textile factory and lit the spark on a textile revolution in Manchester, which was the beginning of Manchester’s claim. Peter Drinkwater’s factory manager was a man called Robert Owen, who went on to found New Lanark mill in Glasgow. It was 1825 before steam technology was incorporated into Locomotion No.1, which was set to work on the Stockton to Darlington railway. The point is that it was 113 years over which the steam revolution unfolded and began to transform every aspect of this country, including our economy.

The speech made by my hon. Friend the Member for Dagenham and Rainham (Jon Cruddas) was important in setting the wider stage and the bigger story, because the new technology required a revolution in law and regulation. Over the course of the 19th century there was not one factory Act but 22 different factory Acts and Bills, and over this century there will no doubt be just as many different attempts to reform, revise, regulate, legalise and make lawful or unlawful different aspects of the technology that we are debating here today. So my hon. Friend the Member for Dagenham and Rainham was right to say that what is needed from the Government is a plan for a just transition. We now understand what “just transition” means when it comes to climate change, but we need a plan for technology just as much, just as we need a plan for just transition given the new trade conflicts that are now ensuing. The rise of temperature, robots and conflicts will define our economy over the next 20 or 30 years, so we need not only just transition but just transitions, and at the moment we have nothing from the Government to tell us how that journey will be steered over the years to come.

As the Minister knows, because he was at the sharp end of these debates during the proceedings on the Data Protection Bill, which became the Data Protection Act 2018, our approach is rooted in a particular philosophy. Our inspiration is the work of Amartya Sen and the work that he set out first in “Development as Freedom”. Over the course of the revolution in this century, we must ask ourselves what capabilities we want every citizen in this country to have.

Adam Smith talked about how a man might need a linen shirt to go out in public. That was something that people needed in order to participate in civilised society at the time when Adam Smith was writing. These days the capabilities that people need will be different. We therefore have to ask ourselves what those capabilities are and how we turn them into rights. That is why, given the complexity and the regulation and re-regulation that is to come in this century, it would be wise now to set out a document of first principles. We believe that a Bill of digital rights will make the business of regulating far simpler over the next 50, 60, perhaps 113 years. Who knows what the life cycle of this debate might be?

We set out in the debate some of the rights that we think should feature in a charter. We set them out because we wanted to have a debate, and I am pleased to be able to have a bit of that debate this afternoon. I think that some of the issues are uncontested; I think we agree on equality of treatment and on the right to security. I also think we agree on the right of free expression, although we believe that we should incorporate lessons from Germany, which has pioneered the NetzDG legislation to take out hate speech online. I think we agree on equality of access, although, as my hon. Friend the Member for Newcastle upon Tyne Central said, ideas such as the national education service are important here, because of course they will transform rights to digital literacy. We believe in universal digital literacy; we believe that it is a fundamental right for the 21st century. We also believe in a right to privacy; I believe that is uncontested.

However, what is perhaps not agreed on is the kind of rights to algorithmic justice that my hon. Friend the Member for Cambridge (Daniel Zeichner) insisted on during the Committee stage of the Bill that became the Data Protection Act 2018. Crucially, we also believe that there should be some kind of right of ownership and control of data that is created through our use of technology. That was absolutely at the heart of the speech by my hon. Friend the Member for Newcastle upon Tyne Central. At some point, the Government will have to step up and provide some answers as to what they think about this issue. I hope that the Minister will begin that business of stepping up in about five minutes’ time.

These charters—these bills of rights—are meaningless without two further pieces of the puzzle. The first is an effective system of powerful regulation. We are now facing off against some of the biggest, wealthiest and most powerful companies on earth, yet the regulatory infrastructure that we have today would be described by Sidney Webb as a mish-mash: Ofcom; the Information Commissioner’s Office; the Competition and Markets Authority; the Payment Systems Regulator; the Financial Conduct Authority; the Advertising Standards Authority; and the Independent Press Standards Organisation. There is a slew of non-regulatory advisory bodies.

Something like 13 different advisers and regulators have some kind of bite in relation to what happens online. They all do an important job and they are all staffed by excellent people. My hon. Friend used to work for one of them—indeed, she helped to set it up—so she knows very well how long it takes to set up a regulator or to merge regulators. Consequently, we are not calling for some kind of bonfire of the quangos here. What we are asking for is for some proper thought about how those 13 different regulators and advisory bodies might number something closer to one—not one, but not 13, either. We believe that we will have to start bringing these regulators together, if we are to concentrate the firepower that is needed to take on the biggest and most complicated regulatory challenge in human history.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

I thank my right hon. Friend for giving way and for the excellent comments that he is making, which have raised some of the key issues we face. In 2002-03, the then Labour Government held a wide-ranging review of the communications sector and the many regulators that existed for television, for radio and for spectrum, etc. Then, in concert with the industry sector, civil society and so on, they developed a plan to bring them all together in Ofcom. That process took time, but it also built consensus and agreement about what the key challenges were. In addition, it enabled the right technical talent to come together. Could that not be a model for developing the right regulatory approach to these challenges?

Liam Byrne Portrait Liam Byrne
- Hansard - -

It absolutely could and it absolutely should, because the truth is that that work will have to happen at some point, so all we are arguing about is when and how. It is inconceivable that we will have 13— now 14—different regulators and advisers; the Data Protection Act 2018 brought in a new organisation, or institution, which is the Centre for Data Ethics and Innovation. We cannot keep multiplying these regulators and allowing them to proliferate.

Equally, however, we cannot take the approach that was taken back in 2010-11, when the Government sought to wipe out many different quangos. They had their bonfire of the quangos and it sounded excellent in the pages of The Daily Mail. Of course, in practical terms, it was a bureaucratic disaster and many of the efforts to abolish organisations that were doing an important job had to be reversed. It was a complete waste of time, energy and money, at a time when civil service bandwidth was under tremendous pressure. So what we are asking for is a road map—a proper one—with a timetable to be debated, in order to bring together the regulatory firepower that is needed to hold to account the biggest companies on Earth.

There is a final piece of the puzzle. We have discussed rights and regulators; the third piece of the puzzle is redress. If we do not have accessible forms of redress, this debate is a waste of time. Yesterday, in the Court of Appeal, the three senior judges handed down a challenge to the Minister by saying that the process that we suggested during the passage of the Data Protection Act 2018 for class action should be implemented. My key question to the Minister is whether he will introduce what is required under that 2018 Act, which is the review that was promised of opt-out class actions, given the advice that was handed down to him in the judgment on Lloyd v. Google in the Court of Appeal yesterday.

For those who have not seen the case, it began in November 2017 and was brought by Mr Richard Lloyd on behalf of millions of iPhone users who, he alleges, had their personal data taken between 2011 and 2012. The Court of Appeal basically ruled that that representative action could now proceed. It found that personal data has economic value—the principle at the heart of the contribution of my hon. Friend the Member for Newcastle upon Tyne Central; that a violation of that right to privacy was a damage; that individuals do not need to demonstrate pecuniary loss and distress; that a loss of control of personal data is the same loss and the same interest, as if there had been economic loss or economic damage; and finally, and perhaps most importantly for the Minister, that representative actions, in which people opt out rather than opt in, are effectively the only way in which such claims could be pursued.

The judges have underlined the argument that we underlined a number of months ago in the Committee that considered the Data Protection Bill and which is at the core of this debate: if we do not have redress, those rights, even the rights that we have enshrined in the Act, are meaningless. We are talking about humble individuals taking on some of the biggest firms on earth. The only way those rights can be made a reality is if we allow effective remedies in court. We have now heard from the judges that those effective remedies are most likely to be class actions. I look forward to the Minister confirming that he will introduce that review forthwith, so that we can at least begin to make some progress on the critical issues that my hon. Friend the Member for Newcastle upon Tyne Central has highlighted to the Chamber.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

The hon. Lady pre-empts my next point: all of this is predicated on consent. The consumer has to understand that they are giving up their data for a particular purpose and a particular benefit. As the hon. Member for Dagenham and Rainham (Jon Cruddas) said in what was a fascinating speech—albeit one where I wondered if I had at times transcended, if not humanity, at least this debate—these are fundamental issues that have effects far beyond what we might think of in an arcane debate about the ownership of data. I commend the approach that says we are dealing with issues that go far beyond a debate about technology, which will have an impact on huge aspects of humanity itself, whether we get them right or wrong. That is why it is important to consider them in that wider way.

The hon. Lady was right to point out that, in some ways, the internet of things represents a whole new chapter of how technology is becoming more common in our homes and making our lives easier and more enjoyable, but potentially also more fraught with decisions that we need to be aware we are making. I will trump the hon. Lady’s numbers: Statista says that by 2025, there will be 75 billion internet-connected devices worldwide—I am sure other analysts are available to provide even higher numbers. In our estimates, that translate to some 15 devices per household by next year. The internet of things is very real; it is already with us.

Liam Byrne Portrait Liam Byrne
- Hansard - -

Before the Minister moves on, I just want to clarify one point. Is it his position to accept that data that is generated as user data does have an economic value, but that it is basically fine for the individual to surrender that economic value through the way in which they consent to use a service?

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

I feel like the right hon. Gentleman is going to accuse me of wilfully misunderstanding his question, but it is obviously fine for an individual to choose what they do with their own data. If that involves, as he puts it, surrendering the data for a particular purpose, that is their decision to make. I am not sure that that is quite the question he was asking. The point about consent being absolutely in the hands of the user is the most important one to make. That is why the cyber-security of the products that the hon. Member for Newcastle upon Tyne central referred to is so hugely important, in many ways; it is why we have put so much effort into delivering the code of practice for consumer IOT security.

The hon. Lady mentioned the sale of potentially insecure devices, which is one of the key planks that we are seeking to address. People want to have implicit trust in their devices and they need to have confidence in how their data is being used, not just when they first purchase that device but into the future as well.

Liam Byrne Portrait Liam Byrne
- Hansard - -

The Minister is helpfully helping me join some dots. Why does he think that it is right for the Government to intervene to ensure that the consumer has particular cyber-security protections but not to ensure that the consumer enjoys any particular economic protections, for example around the value that is created through third-party use of their data?

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

It is obviously about a balance between different situations. The Government, in a host of ways, provide a degree of opportunity for the kind of protection that the right hon. Gentleman seeks. In other fields there are already opportunities for redress in extreme circumstances. In some ways he and the hon. Member for Newcastle upon Tyne Central are asking for greater coherence in this space, and others. It is precisely for that reason that my Department is developing the strategies that they both referred to. On the one hand he seems to attack the bonfire of the quangos, but on the other he seemed to want fewer regulators, so I am almost reduced to asking what his favourite number is.

Liam Byrne Portrait Liam Byrne
- Hansard - -

My point is simply that according to the Chancellor of the Exchequer I will soon not be allowed to sell my labour for less than £10.50 an hour. The Government have put a floor on the economic freedom that I enjoy, and that is giving me a degree of economic protection. Why does not the same principle apply to the way in which my data as opposed to my labour is exploited?

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

That is a philosophically interesting question but it is also obvious that at the moment data is readily given up in exchange for a service. I am not sure whether the right hon. Gentleman would therefore seek to put a value on the service and say, “That service, whether offered by Facebook or whoever, should not be worth less than a certain amount.” That seems to be the logical conclusion of his argument, which is why I say it is perhaps more an interesting philosophical question than a practical one.

--- Later in debate ---
Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

Essentially I agree with the hon. Gentleman that it is obvious that not everyone reads the terms and conditions of every single thing they have signed up to for any website; but it seems to me that Government’s role in this space is not to stop people making those decisions. It is to make sure that people have a better understanding of the decisions they make, and that they trust the companies that are doing whatever it may be with their data. That obviously requires us to put certain constraints on the behaviour of companies, as we do in every other circumstance. However—and I do not think the hon. Gentleman is suggesting this—it should surely not be for us to say that people should not be allowed to make certain decisions. I think that on the Government side of the House we would be keen to free people up to make whatever decisions they reasonably want to make.

Liam Byrne Portrait Liam Byrne
- Hansard - -

The Minister is being incredibly generous and this is the last time I shall intervene. To round out the picture that my hon. Friend the Member for Cambridge (Daniel Zeichner) is presenting, network effects mean, obviously, that in social media land we have monopolies—or, if not monopolies, certainly oligopolies. It has long been an established principle of consumer welfare protection that there should therefore be some kind of price protection. In a debate about how we protect and enhance the economic welfare of the citizen if we do not recognise a defined value for their data—which they are not freely surrendering into a free market, but giving over to a monopoly—surely the quid pro quo is some kind of price regulation on the other side. The Minister cannot have it both ways.

Matt Warman Portrait Matt Warman
- Hansard - - - Excerpts

The right hon. Gentleman raises a lot of points in one short paragraph. I understand what he accuses me of seeking, when he speaks of having it both ways. Actually the services that are offered digitally, ostensibly free, are different from services in a physical world where we might talk about the kind of monopoly that he has mentioned. In that sense, all he is doing is underlining why we need to get things right, in a way where the digital challenges are understood, without reinventing the wheel and pretending that all online challenges are necessarily different from those in the physical world. It is an emerging picture, which is why I refer back to the technology innovation strategy that we published in June 2019 and that includes new measures, such as the Spark procurement programme, to enable Government and the wider public sector to benefit from new digital technologies and the service that can be provided by stimulating the UK’s world-leading tech sector. It is also why we set up the Centre for Data Ethics and Innovation, which will allow us to consider how we might best benefit from those opportunities and ensure that we seek not to design in the kind of prejudices that the hon. Member for Newcastle upon Tyne Central mentioned. One of its first papers is on smart speakers and voice assistants and on how industry and Government can work together to ensure that the products do what they are supposed to and that users consent to them.

We should also be mindful that the 75 billion devices, or however many there turn out to be, will have a physical environmental impact. I am therefore pleased that as part of its resources and waste strategy, the Department for Environment, Food and Rural Affairs has committed to updating the existing guidance for local authorities on managing the collection of smart items and similar electricals. That might sound like a minor point, but it is probably less minor than others.

The hon. Lady mentioned the Prime Minister’s speech at the United Nations General Assembly. I am not delivering the rhetorical flourishes that he delivered late at night at the UN, but it is important to say that he made that speech in that location because this country is already a world leader in this area in so many ways. It is right that our Prime Minister is addressing these issues and the legitimate public concern.

It is also right that, as several hon. Members have mentioned, when we seek to regulate in this area and on online harms, we in this country and across the parties should be proud that the UK is a liberal democracy that seeks to lead the way. We have an opportunity to shape a global debate, as my Opposition counterpart, the right hon. Member for Birmingham, Hodge Hill, observed.

In some ways, the greatest thing we can do is use Britain’s status in this area and on the world stage to try to develop global standards. The hon. Member for Newcastle upon Tyne Central mentioned those of the ETSI, which in its way is world-leading: it seeks to produce standards that can be replicated or mirrored globally, addressing some of the coherence that risks arising in the area. She says that we are not providing leadership and quotes the Prime Minister’s speech, but I say that his speech demonstrates the existing status of Britain’s leadership in the area already. If I am being kind to her, although we disagree on several minor issues, I should say that she too would agree that Britain has a huge opportunity to capitalise on its place in the world on this issue.

In June, we published a White Paper, “Regulation for the Fourth Industrial Revolution”—we are sticking to that number, although I understand that there is a dispute over whether it is correct. It confirms that the Government will establish the regulatory horizons council to identify the implications of precisely the sort of technological innovation that the hon. Lady spoke about, and to advise the Government on regulatory reform so that we can take exactly the kind of steps that she highlights.

In that process, security should not be an afterthought; it has to be embedded. Thus far, we have taken the approach of working with industry, and industry is now saying to Government—the hon. Lady will have heard these calls as well—that greater clarity, particularly in regulation, will help consumers and the industry itself. Many of the internet-connected devices that are currently on the market still lack even the most basic cyber-security provisions. Some 90% of 331 manufacturers that supply the UK market and that were reviewed in 2018 did not use a comprehensive vulnerability disclosure programme up to the level that we would expect; I think that hon. Members on all sides would agree that that is unacceptable. Organisations have a duty of care to their customers, to help make sure that they can access and use their internet-connected products safely.

Although Government have previously encouraged industry to adopt a voluntary approach, it is now clear that decisive action is needed to ensure that stronger cyber-security is built into these products by design. That is why we launched our consultation on secure consumer IOT in May. That consultation built on the extensive work to which I have referred. It allows us to talk about minimum security principles for connected devices, which my Department elaborated on in the document published last year. Our focus will be on ensuring that there is a baseline of cyber-security built into all consumer IOT products by design, to eliminate the most harmful practices.

These are, I freely admit, low-hanging fruit. We wish we did not have to tackle issues such as forbidding the use of universal default passwords, ensuring that manufacturers provide a contact point for security researchers, and making sure that consumers are informed at the point of sale of the minimum length of time for which security updates are provided for their device. Those measures address some of the issues raised by the hon. Member for Newcastle upon Tyne Central, and we would like to go further in due course. We will respond on what that will look like as soon as possible after the consultation.

We are advocating a staged approach to enforcing those principles through regulation. Obviously, there is always a balance to be struck between regulation and legislation, and in this case I think it will be a bit of both. We will publish the formal response to our consultation on the regulatory approach later this year, but we are mindful of the urgency of this work. Our approach must keep pace with the technological change identified by the hon. Lady. We have said that we will review the code of practice every two years. The development of the code of practice may not sound exciting, but as the hon. Lady acknowledged, and as the hon. Member for Dagenham and Rainham said, these things are hugely far reaching, even if they do not sound as exciting as some people might wish, because then they would attract the attention they perhaps deserve.

There is major business support for our approach, including from the signatories to the cyber-security tech accord. I always hesitate to say “major business support”, because businesses will not always necessarily greet with enthusiasm the actions of a sensible regulator. Some would say that this is a sign of success. We will develop the strategy, but ultimately the security of the internet of things is a global challenge and it requires a global effort to get it right and to shape those norms.

In February 2019 we worked closely with international standards bodies and the National Cyber Security Centre to make sure that we publish the ETSI standard to which the hon. Lady referred, though without the complementary tone it deserves. None the less, I understand her point.

We do not think it is right to expect all users of all internet-connected devices to become cyber-security experts, and we recognise the need to take from them the burden of differentiating between good and bad. That is why we have been clear with industry what good practices will look like, and we wish to support manufacturers of all sizes to embed them and to support retailers to make sure that they are obvious.