Particulars of Proposed Designation of Age-Verification Regulator Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
Lord Stevenson of Balmacara
Main Page: Lord Stevenson of Balmacara (Labour - Life peer)Department Debates - View all Lord Stevenson of Balmacara's debates with the Department for Digital, Culture, Media & Sport
Particulars of Proposed Designation of Age-Verification Regulator
Lord Stevenson of Balmacara Excerpts(6 years, 3 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
The Earl of Erroll (CB)
My Lords, I want to say a few words. I was quite involved in this issue when it was going through as part of our consideration of the Digital Economy Act. The Digital Policy Alliance, of which I am chairman, has had a working group on age verification for several years, looking at whether there are available solutions and encouraging people to develop them. I am pleased to tell the noble Lord, Lord Clement-Jones, that there are some solutions out there. I will explain something about that.
The only thing I want to say is that the Act received Royal Assent on 28 April, I think, so it has taken a very long time to get this guidance in place. That is a bit of a worry and a bit of a disappointment. I seem to remember that there was an intention to try to have enforcement within a year, otherwise there would be a huge great gap in the meantime. We are trying to protect children after all; that was the whole point of this. Waiting for a year—it will probably now be longer—is an awfully long time not to have protection in place.
I am very glad that the BBFC is finally about to get some teeth, get into operation and do something about this, which I am sure it will do extremely well. I know that it has been consulting an awful lot with a lot of different people from all the different sides, from child protection right through to the adult industry. The interesting thing is that quite a lot of the adult industry is happy to help and to co-operate, because it does not want children wasting its time. It is not in the job of trying to pervert children, but of trying to sell adult content to adults, so it is willing to co-operate. The world is watching. There is apparently now a willingness to realise that this will happen and to co-operate to a large extent.
The noble Lord, Lord Clement-Jones, has put his finger on the point about age-verification methods: they have to work and to do various things. I say to him, though, that there is a difference between the bit that is checking the attribute—the age—and the bit about privacy, which is not identifying who the person is to a website and to a casual visitor to that website. It would be career-limiting were it to be found out that the noble Lord himself was visiting an adult content site, even though it would be totally legal for him to do so. Therefore, it is important to ensure that privacy happens at that point, which is the ICO’s part. It is not the ICO’s job to say how age verification should be done. That is a different job.
In fact, we have developed, along with the British Standards Institution, a publicly available specification, PAS 1296, which should be coming out quite soon. It has been around the houses several times and has been revised. That should allow it to be possible for an organisation to see for itself how well it is doing. It might be that an industry body should be set up that can check whether age-verification providers are doing something in alignment with the PAS, which goes into great detail about how you can do these things and make sure that it can be privacy enforcing. The privacy side is left up to the GDPR, but it is mentioned in there as well.
Those are the main points that I wanted to make. It is time to get on with this. It is a huge leap forward. As I said, the world is watching. A whole lot of good will is out there to get this done properly. I look forward to seeing the final draft regulations, which will probably do the job.
Lord Stevenson of Balmacara (Lab)
My Lords, are we not back in familiar territory? We seem to spend a lot of time on these important issues, first on the Digital Economy Act, then substantial work, discussion, debate and thinking in the debates on the Data Protection Bill. I will disappoint the noble Lord, Lord Clement-Jones, by agreeing with most of what he said. He has a good point about where the boundaries between privacy and the processes described in the Digital Economy Act come to bear. There is room for a variety of approaches here. This is not an easy issue to address. I am not going to go back over the ground he covered—I look forward to hearing what the Minister will say about that—so I will go into some constitutional issues.
I have two general questions that might be important as we continue with this. One was touched on by the noble Earl, Lord Erroll, in his concluding remarks. Is it not the case that, when the Data Protection Bill, which brings in the GDPR, becomes an Act in May, we have inserted into it a requirement that those who operate on data subjects’ information relating to age have to do so in a way that is age-appropriate, otherwise the design has to change? In a sense, is this not the other half of the equation about blocking those who provide material by requiring those who are preparing and disseminating material to have it in a way that will not lead to the problems that were discussed so graphically about what happens to children, who we want to protect, who stumble across material that should be behind an age-verification system? In that sense, age-verification seems to be a bit like shutting doors after horses have bolted. We have to get the design right. If it is right, there will be no such question about people stumbling on to things, because if they go through an ISP or any form of social media provision, such as Facebook and similar arrangements, their progress would be age-designed and could be managed that way. Can the Minister reflect on that? He may well argue that this is the sort of thing that needs to be addressed by a yet to be established data ethics commission. He would probably be right.
Lord Ashton of Hyde
We have the government guidance that the Secretary of State has issued. The important issue, which I was going to come to in answering the noble Lord’s question, is that this is a series of steps that involves consultation and then issuing guidance. Until the regulator is designated, it cannot begin to consult or issue guidance. It is a sequential process. There is no question that we want to get on with this; we are not trying to delay it. We are conscious that this needs to be done as soon as possible, and I will come to the steps that might explain that further.
The noble Lord, Lord Clement-Jones, was asking about how the system is going to operate and the level of detail. As I said, the Secretary of State’s guidance to the regulator is there for as and when it is designated, but then the regulator is required to publish its guidance on the age-verification arrangements that it will treat as compliant. So, as I was saying, once the BBFC has been designated, that draft guidance will be laid before Parliament. The noble Lord will be able to raise his objections or queries then, when he has seen the guidance that the regulator itself has made. Until that happens, it cannot either consult or lay the guidance. Parliament can then scrutinise it. That will involve the affirmative procedure in both Houses, so that will be an appropriate point to debate the issues.
We have absolutely understood the need for things like privacy. We understand that it is important to outline those issues and priorities in the Secretary of State’s guidance to the regulator, as and when it is designated. It is then up to the regulator to get into the detail of what it will consider compliant. There is no question that it will choose a particular method. It will set criteria. There will not just be one system, for example; it will make sure that its criteria are clear in the guidance. As I say, we will have a chance to debate that.
The noble Earl, Lord Erroll, talked about when the powers are going to come into force. As I said, we want to do that as quickly as possible. In fact the current Secretary of State said it was his ambition to complete it within a year, although that is going to be difficult. We want to get it right; we want the process of consultation and guidance to be done properly. Of course, there was the small matter of purdah and an election in the way. Now, however, if this House approves the regulator today, we will be well on the way to doing that, and we are definitely trying to do it as quickly as possible.
We take data protection and privacy very seriously. The age verification arrangements should be concerned with verifying only age, not identity; we absolutely agree with that. Providers of age-verification controls will be subject to data protection laws—the GDPR—from 25 May, and the BBFC will work with the Information Commissioner’s Office to ensure that its standards are met by age verification providers, particularly with regard to security, data minimisation and privacy by design. So the ICO is there to uphold the law and enforce data protection law and the GDPR. To go further on that point, the noble Lord, Lord Clement-Jones, mentioned the relationship. The BBFC and the ICO are going to agree a memorandum of understanding to ensure and clarify how they are going to work together and separate their various responsibilities.
I know the noble Lord, Lord Stevenson, is not entirely happy with some of the arrangements; we debated some of them on the Digital Economy Bill. He also mentioned definitions and said one of the things that the regulator—that is, the BBFC if it is designated—will have to do is regulate the definition of extreme pornography that is unlawful even if it has age verification in place. That is not really the subject of debate today. Noble Lords will have an opportunity to discuss that when the regulations come—
Lord Stevenson of Balmacara
I know the Minister was struggling with the wording there but this is really quite important. I thought he might have suggested that it would be up to the BBFC to define what was or was not permissible to view. I hope he is not saying that. I imagine the assumption is that there is a law of obscenity. Obviously it is interpreted through the courts in a way that is not entirely consistent in every case, but the law has to be the law and it must not be up to the BBFC to change the definitions.
Lord Ashton of Hyde
The noble Lord is absolutely right, and I apologise if I misled anyone. It is not the BBFC’s job to determine what is lawful. It is meant to implement the law. The debate that I think we will have when the regulations come to this House will be on the decisions that will have been taken on what is pornography available for commercial purposes. The definition of what is unlawful will be under the extreme pornography definition within the existing Act.