Data (Use and Access) Bill [HL] Debate
Full Debate: Read Full DebateDepartment: Department for Business and Trade
Lord Arbuthnot of Edrom
Main Page: Lord Arbuthnot of Edrom (Conservative - Life peer)Department Debates - View all Lord Arbuthnot of Edrom's debates with the Department for Business and Trade
Data (Use and Access) Bill [HL]
Lord Arbuthnot of Edrom ExcerptsTuesday 19th November 2024
(1 month, 2 weeks ago)
Lords ChamberRead Full debate Data (Use and Access) Bill [HL] 2024-26 Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Arbuthnot of Edrom (Con)
My Lords, it is always rather daunting following the noble and learned Lord, Lord Thomas. I think the safest thing to say, which has the added benefit of being true, is that I agreed with him.
I declare my interests as set out in the register, in particular that I am a member of the Horizon Compensation Advisory Board and the chair of the advisory panel of Thales UK, which makes the British passport. As the noble Lord, Lord Knight, said, this Bill is a wonderful opportunity to talk about everything that is not in it and to discuss further measures that could be included. The noble Baroness, Lady Kidron, mentioned the amendment she moved on 24 April to the predecessor Bill, designed to deal with the presumption that computer evidence is reliable, despite the fact that we all know that it is not. We shall need to come to that presumption in Committee.
I supported the amendment from the noble Baroness in Committee earlier this year, although I accept—as I think she does—that simply returning to the position as it was in 1999, before the presumption existed, may not be the best solution. We need some method, for example, of accepting that breathalysers, on the whole, work as they are intended to do, and that emails, on the whole, work as they are intended to do, and we should not have to get a certificate of accuracy from Microsoft before every trial.
The need to find a solution to the problems so brutally exposed by the Post Office scandal is urgent. In the Post Office cases, in essence, the proper burden of proof was reversed and hearsay evidence that was false was accepted as gospel truth. As a result of Horizon and the appalling human behaviour that accompanied it, the lives of hundreds, perhaps thousands, of postmasters were ruined and the UK and Fujitsu are going to have to pay billions in compensation. So this matter is urgent.
The solution may be, as Alistair Kelman has recommended, a set of seven or so detailed statements setting out what has been done to ensure that the computer evidence is reliable. It may be, as a senior and highly respected judge has recommended, a division between complex cases, such as those involving a system such as Horizon, and simple cases, such as those involving breathalysers and emails, with more stringent evidentiary requirements for the complex cases. It may be, as Professor Steven Murdoch has suggested, that documents designed to test the reliability of computer systems should be made available to the other side and be subject to challenge. It may be something else, but this Bill is an opportunity to consider, examine and test those solutions, and another such opportunity may not come along quickly. I repeat: this matter is urgent.
On a different matter, Part 2 of the Bill establishes a regulatory framework for the provision of digital verification services in the UK. We need to be clear that having a clear and verifiable digital identity is a completely different matter from going down the route of identity cards. This is not an identity card Bill. It is an essential method of establishing, if you want or need to have a digital identity, that you are who you say you are and you have the attributes that you say you have. It is a way of establishing relevant facts about yourself without having to produce gas bills. I do not know about other noble Lords, but I find producing gas bills rather tricky now that they are almost all online.
Sometimes the fact you need to establish will be age: to establish that you are allowed to drink or to drive, or that you are still alive, or whatever. Sometimes it will be your address; sometimes it will be your sex. We do not want men going to women’s prisons, nor men who identify as women working in rape crisis centres. Sex is an issue on which it is necessary to have some degree of factual clarity in those circumstances where it matters. The Bill, again, is an opportunity to ensure that this factual clarity exists in the register of births. It will then be for the individual to decide whether to share the information about their sex, age, or whatever.
An organisation called Sex Matters—I am grateful for the briefing—issued a report yesterday pointing out that, at the moment, data verification services are not authoritative, in that they allow people to change their official records to show them as the opposite sex on request. One consequence is that, for example, transgender people risk being flagged up as a synthetic identity risk and excluded, for example, from banking or travel. Another is that illnesses may be misdiagnosed or that medical risks may fail to be identified.
So this Bill is a rare opportunity to put right some things that currently need to be addressed. Those of us speaking today have received a number of helpful briefings from organisations interested in various issues: I have mentioned only a couple. I hope we will take the opportunity given to us by the Bill to take on board several of those proposals.
Data (Use and Access) Bill [HL] Debate
Full Debate: Read Full DebateDepartment: Department for Business and Trade
Lord Arbuthnot of Edrom
Main Page: Lord Arbuthnot of Edrom (Conservative - Life peer)Department Debates - View all Lord Arbuthnot of Edrom's debates with the Department for Business and Trade
Data (Use and Access) Bill [HL]
Lord Arbuthnot of Edrom ExcerptsTuesday 3rd December 2024
(1 month ago)
Grand CommitteeRead Full debate Data (Use and Access) Bill [HL] 2024-26 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 40-I(a) Amendments for Grand Committee (Supplementary to the Marshalled List) - (3 Dec 2024)
The Deputy Chairman of Committees (Baroness McIntosh of Hudnall) (Lab)
My Lords, Amendment 5 is in the name of the noble Lord, Lord Lucas, whom I do not see with us. Would the noble Lord, Lord Arbuthnot, like to move it on his behalf?
Lord Arbuthnot of Edrom (Con)
I am grateful. I do not know about the amendment in the name of the noble Lord, Lord Lucas, but I wonder whether I might speak to Amendments 34 and 48.
The Deputy Chairman of Committees (Baroness McIntosh of Hudnall) (Lab)
Would the noble Lord be prepared to move Amendment 5 first? He need not necessarily speak to it at any length. That said, the noble Lord, Lord Lucas, is now with us, so the problem is solved.
Amendment 5
Lord Arbuthnot of Edrom (Con)
My Lords, I am pleased that my noble friend Lord Lucas managed to make it, because I found him extremely persuasive and I agree with what he said. I shall return to the issue that his second amendment dealt with—namely, the issue of sex. I thank the organisation Sex Matters for its briefing on Amendments 34 and 48. I am not sure why there are no explanatory notes to these but I referred to the point in my speech at Second Reading, and I hope I will be able to explain it adequately now.
The core aim of the digital verification system that we are legislating for is to enable people to prove who they are and to provide information about themselves. The reason this system of digital identity can be trusted with our data, our safety and our personal and economic lives is that the information it contains comes from authoritative sources. It draws on information in my passport or my driving licence, which itself comes from information on my birth certificate, which itself is a certified copy of the entry on the birth register, which before that came from the information recorded at the hospital where I was born. Actually, I was born at home; nevertheless, the issue remains true.
However, if the chain of integrity of data is broken, the system of digital verification is no longer trustworthy. The Bill contains provision to secure the reliability of digital verification services by means of a carefully constructed framework, a register of providers, an information gateway and a trust mark, but there is a flaw, which my noble friend has referred to, and it has been pointed out by the human rights charity Sex Matters. The digital verification system that has recently been published in its gamma edition, after several years of development, assumes that government sources are reliable and accurate, but, when it comes to the attribute of sex—whether someone is male or female—we know that those records are not accurate or reliable.
(f) provision requiring that third party recipients of customer data publish regular statements on their cyber resilience against specified standards and outcomes.”Member’s explanatory statement
This amendment would give the Secretary of State or the Treasury scope to introduce requirements on third party recipients of customer data to publish regular statements on their cyber resilience against specified standards and outcomes.
Lord Arbuthnot of Edrom (Con)
My Lords, Amendment 7, the first in this group is a probing amendment and I am extremely grateful to ISACA, an international professional association focused on IT governance, for drafting it. This amendment
“would give the Secretary of State or the Treasury scope to introduce requirements on third party recipients of customer data to publish regular statements on their cyber resilience against specified standards and outcomes”.
Third parties play a vital role in the modern digital ecosystem, providing businesses with advanced technology, specialised expertise and a wide range of services, but integrating third parties into business operations comes with cyber risks. Their access to critical networks and all the rest of it can create vulnerabilities that cyber- criminals exploit. Third parties are often seen as easier targets, with weaker security measures or indirect connections serving as gateways to larger organisations.
Further consideration is to be given to the most effective means of driving the required improvements in cyber risk management, including, in my suggestion, making certain guidance statutory. This is not about regulating and imposing additional cost burdens, but rather creating the environment for digital trust and growth in the UK economy, as well as creating the right conditions for the sustainable use of emerging technologies that will benefit us all. This is something that leading associations and groups such as ISACA have been arguing for.
The Cyber Governance Code of Practice, which the previous Administration introduced, marks an important step towards improving how organisations approach cybersecurity. Its primary goal is to ensure that boards of directors should take their proper responsibility in mitigating cyber risks.
While that code is a positive development, compliance is not legally required, which leaves organisations to decide whether to put their priorities elsewhere. As a result, the code’s effectiveness in driving widespread improvements in cyber resilience will largely depend on their organisation’s willingness to recognise its importance. The amendment would require businesses regularly to review and update their cybersecurity strategies and controls, and to stay responsive to evolving threats and technologies, thereby fostering a culture of continuous improvement. In addition, by mandating ongoing assessments of internal controls and risk-management processes, organisations will be better able to anticipate emerging threats and enhance their ability to detect, prevent and respond to cyber incidents. I beg to move.
Lord Clement-Jones (LD)
My Lords, this is a fairly disparate group of amendments. I am speaking to Amendments 8, 9, 10, 24, 30, 31 and 32. In the first instance, Amendments 8, 9, 10 and 30 relate to the question that I asked at Second Reading: where is the ambition to use the Bill to encourage data sharing to support net zero?
The clean heat market mechanism, designed to create a market incentive to grow the number of heat pumps installed in existing premises each year, is set to be introduced after being delayed a year due to backlash from the boiler industry. If government departments and partners had access to sales data of heating appliances, there would be a more transparent and open process for setting effective and realistic targets.
I have been briefed by Ambient, a not-for-profit organisation in this field. It says that low visibility of high power-consuming assets makes it challenging to maintain grid stability in a clean-power world. Low visibility and influence over future installations of high power-consuming assets make it difficult to plan for grid updates. Inability to shift peak electricity demand leads to higher capacity requirements with associated time and cost implications. Giving the Government and associated bodies access to utility-flexible tariff data would enable the Government and utilities to work together to increase availability and uptake of tariffs, leading to lower peak electricity demand requirements.
Knowing which homes have the oldest and least efficient boilers, and giving public sector and partners access to the Gas Safe Register and CORGI data on boiler age at household level, would mean that they could identify and target households and regions, ensuring that available funds go to those most in need. Lack of clarity on future clean heating demand makes it challenging for the industry to scale and create jobs, and to assess workforce needs for growing electricity demand. Better demand forecasting through access to sales data on low-carbon heating appliances would signal when and where electrification was creating need for workforce expansion in grid management and upgrade, as well as identify regional demand for installers and technicians.
The provisions of Part 1 of the Bill contain powers for the Secretary of State to require the sharing of business data to customers and other people of specified description. It does not indicate, however, that persons of specified description could include actors such as government departments, public bodies such as NISO and GB Energy, and Ministers. An expanded list of suggested recipients could overcome this issue, as stated in Amendment 9 in my name. It makes no provision for the format of information sharing—hence, my Amendments 8 and 10.
In summary, my questions to the Minister are therefore on: whether it has been considered how the primary legislation outlined in the Bill could be exercised to accelerate progress towards clean power by 2030; whether climate missions such as clean power by 2030 or achieving net zero are purposes “of a public nature” in relation to the outline provisions for public bodies; and whether specifying the format of shared business data would enable more efficient and collaborative use of data for research and planning purposes.
Coming on to Amendments 24, 31 and 32, the Bill expands the potential use of smart data to additional public and private sector entities, but it lacks safeguards for sensitive information regularly used in court. It makes specific provision for legal privilege earlier in the Bill, but this is not extended in provisions relating to smart data. I very much hope that the Government will commit to consult with legal professions before extending smart data to courts.
Many of us support open banking, but open banking is being used, as designed, by landlords to keep watching tenant bank accounts for months after approving their tenancy. Open banking was set up to enhance inter- operability between finance providers, with the most obvious example being the recent new ability of the iPhone wallet app to display balances and recent transactions from various bank accounts.
Open banking approval normally lasts six months. While individual landlords may not choose this access, if given a free choice, the service industry providing the tenant-checking service to landlords is strongly incentivised to maximise such access, otherwise their competitors have a selling point. If open banking is to be added to the statute book, the Bill should mandate that the default time be reduced to no more than 24 hours in the first instance, and reconfirmed much more often. For most one-off approval processes, these access times may be as short as minutes and the regulations should account for that.
Coming on to Amendment 31, consumers have mixed feelings about the potential benefits to them of smart data schemes, as shown in polling such as that carried out a couple of years ago by Deltapoll with the CDEI, now the Responsible Technology Adoption Unit, as regards the perceived potential risks versus the benefits. Approximately one-quarter of respondents in each case were unsure about this trade-off. Perhaps unsurprisingly, individuals who said that they trusted banks and financial institutions or telecommunications providers were more likely to support open finance and open communications, and customers who had previous experience of switching services more frequently reported believing that the benefits of smart data outweighed the risks.
Is it therefore the Government’s expectation that people should be compelled to use these services? Open banking and imitators can do a great deal of good but can also give easy access to highly sensitive data for long periods. The new clause introduced by Amendment 31 would make it the same criminal offence to compel unnecessary access under these new provisions as it already is to compel data provision via subject access requests under the existing Data Protection Act.
Amendment 32 is a probing amendment as to the Government’s intentions regarding these new smart data provisions. In the Minister’s letter of 27 November, she said:
“The Government is working closely to identify areas where smart data schemes might be able to bring benefits. We want to build on the lessons learned from open banking and establish smart data schemes in other markets for goods and services.”
I very much hope that the Minister will be able to give us a little taste of what she thinks these powers are going to be used for, and in what sectors the Government believe that business can take advantage of these provisions.
Baroness Jones of Whitchurch (Lab)
The noble Lord is tempting me. What I would say is that, once this legislation is passed, it will encourage departments to look in detail at where they think smart data schemes can be applied and provide a useful service for customers and businesses alike. I know that one issue that has been talked about is providing citizens with greater information about their energy supplies—the way that is being used and whether they can use their energy differently or find a different supplier—but that is only one example, and I do not want people to get fixated on it.
The potential is enormous; I feel that we need to encourage people to think creatively about how some of these provisions can be used when the Bill is finally agreed. There is a lot of cross-government thinking at the moment and a lot of considering how we can empower citizens more. I could say a lot off the top of my head but putting it on the record in Hansard would probably be a mistake, so I will not be tempted any more by the noble Lord. I am sure that he can write to me with some suggestions, if he has any.
Lord Arbuthnot of Edrom (Con)
My Lords, one problem with cybersecurity is the fact that, if one company is spending money on it but is worrying that its competitor companies are not, they might feel that an element of compulsion would be helpful. I just raise that with the Minister, who suggests that some of these things might be better in the cybersecurity and resilience Bill. My noble friend Lady Neville-Jones and I think she is right, so I beg leave to withdraw my amendment.
Data (Use and Access) Bill [HL] Debate
Full Debate: Read Full DebateDepartment: Department for Business and Trade
Lord Arbuthnot of Edrom
Main Page: Lord Arbuthnot of Edrom (Conservative - Life peer)Department Debates - View all Lord Arbuthnot of Edrom's debates with the Department for Business and Trade
Data (Use and Access) Bill [HL]
Lord Arbuthnot of Edrom ExcerptsWednesday 18th December 2024
(2 weeks, 6 days ago)
Grand CommitteeRead Full debate Data (Use and Access) Bill [HL] 2024-26 Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 40-IV Fourth marshalled list for Grand Committee - (17 Dec 2024)
Lord Kirkhope of Harrogate (Con)
My Lords, following on from what I said on earlier amendments, this is worse than what the noble Lord, Lord Clement-Jones, has just expressed. Indeed, I fully support the amendments of my noble friend Lord Holmes. However, this just demonstrates, yet again, that unless we pull ourselves together, with better smart legislation that moves faster, we will never ever catch up with developments in technology and AI. This has been demonstrated dramatically by these amendments. I express concerns that the Government move at a pace that government always moves at, but in this particular field it is not going to work. We are going to be disadvantaged and in serious trouble, unless we can move a bit faster.
Lord Arbuthnot of Edrom (Con)
My Lords, I rise briefly but strongly to support my noble friend Lord Holmes. The CyberUp campaign has been banging this drum for a long time now. I remember taking part in the debates in another place on the Computer Misuse Act 34 years ago. It was the time of dial-up modems, fax machines and bulletin boards. This is the time to act, and it is the opportunity to do so.
Lord Clement-Jones (LD)
My Lords, we ought to be mindful and congratulate the noble Lord on having been parliamentarian of the year as a result of his campaigning activities.
Lord Bethell (Con)
My Lords, I rise to make a brief but emphatic comment from the health constituency. We in the NHS have been victims of appalling cyber- hacking. The pathology labs in south London were hacked and that cost many lives. It is an example of where the world is going in the future unless we act promptly. The emphatic call for quick action so that government keeps up with world changes is really well made. I ask the Minister to reflect on that.
Lord Arbuthnot of Edrom (Con)
My Lords, I shall speak very briefly. I have a great deal of agreement with what the noble Baroness, Lady Kidron, the noble Lord, Lord Russell, and my noble friend Lord Bethell have said. I am rising to nitpick; I apologise for that, but I suppose that is what Committee is for.
The final line of proposed new subsection (da), to be inserted by Amendment 198, refers to
“different characteristics including gender, race, ethnicity, disability, sexuality, gender”.
On our first day in Committee, I raised the importance of the issue of sex, which is different from gender or sexuality. We need to make sure that we get the wording of this amendment, if it were to be accepted by the Government, absolutely right.
Lord Knight of Weymouth (Lab)
My Lords, I shall also speak extremely briefly, as one of the three veterans of the Joint Committee present in Committee today, to reinforce my support for these amendments. The Government should be congratulated on Clause 123. It is welcome to see this movement but we want to see this done quickly. We want to ensure that it is properly enforceable, that terms of service cannot be used to obstruct access to researchers, as the noble Lord, Lord Bethell, said, and that there is proper global access by researchers, because, of course, these are global tech companies and UK users need to be protected through transparency. It is notable that, in the government consultation on copyright and AI published yesterday, transparency is a core principle of what the Government are arguing for. It is this transparency that we need in this context, through independent researchers. I strongly commend these amendments to the Minister.
Lord Arbuthnot of Edrom (Con)
My Lords, I declare my interest as a member of the Horizon Compensation Advisory Board. When, on 24 April this year, the noble Baroness, Lady Kidron, proposed an amendment to remove the presumption about the reliability of computer evidence, the noble Baroness who is now the Minister added her name to it—oh the perils of moving from opposition to government.
My noble friend Lord Camrose—the Minister at the time—in a sympathetic speech, resisted that amendment on the basis, first, that there were shocking failures of professional duty in the Post Office case. This was quite true, but they were facilitated by the existence of the presumption. His second reason was that taking us back to the law of 1999, as the noble Baroness, Lady Kidron, eloquently set out just now, would risk undermining prosecutions because we would need to get certificates of accuracy in cases such as breathalysers and those involving emails. There may have been something in that, so the noble Baroness has proposed an amendment that is designed to get round that second point.
I suspect that the Minister will resist this amendment too, but for reasons that I hope she will set out clearly, because we may then decide to move a different amendment on Report. We are making all the running on this—or at least the noble Baroness, Lady Kidron, is, with my full support and, I know, that of the noble Lord, Lord Clement-Jones. I take a moment out of this Committee to pay tribute to their work ethic in this Committee, which has been quite phenomenal.
The Government do not seem to have the issue quite as close to the top of their priorities as we suggest. Without repeating all that I said on 24 April, I will summarise it as follows. Paul Marshall, the barrister, has pointed out that computer evidence is hearsay, with all the limitations that that implies. Modern computer programs are too large to be exhaustively tested. If computer programs are inherently unreliable, it is wrong to have a presumption that they are reliable. That issue will grow with the growth of artificial intelligence.
The presumption that computer evidence is reliable leads either to such things as we saw occur in the Post Office scandal, with the Post Office essentially taunting the sub-postmasters, saying, “If you can’t show us what is wrong with the computer evidence, we don’t have to show you that evidence”—a shocking case of Catch-22; or to lawyers and courts voluntarily abandoning the presumption and denigrating all computer evidence, whether or not it deserves to be denigrated. That might lead, for example, to some defendants being acquitted when the evidence would require that they be convicted. We are trying to help the Government find a way through a problem that they recognise and assert exists. Will they please give us some help in return? This is both serious and urgent. Just saying that it is very difficult does not begin the process of putting it right.