Louise Haigh
Main Page: Louise Haigh (Labour - Sheffield Heeley)(8 years, 1 month ago)
Public Bill CommitteesI am sure our powers of persuasion will extend that support in the future. The outbreak of support for our manifesto is welcome; this is an incredibly important area, and I am proud to lead the Front-Bench effort to deal with underage people’s access to adult material by introducing age verification. I want to respond in detail to the points made, because it is important we get this right.
Before I come to the specific amendments, I will deal with commercial providers. The measures in the Bill will apply equally to all commercial providers, whether their material is paid for directly or appears on free sites that operate on a different business model. “Commercial” has quite a broad meaning, as my hon. Friend the Member for Devizes said. If a provider makes money from a site in any way, whether or not it makes a profit, it can be caught by the legislation. That is the right distinction, because it targets those who make money and are indifferent to the harm their activities may cause to children.
If the hon. Lady will hold on, I want to explain this in full, rather than in part, before I give way. The age verification regulator must publish guidance on the circumstances in which it will regard a site or app as commercial. It will be for the regulator to judge whether a site is commercial, and there is no definition that states which website platforms are covered. Crucially, the regulator will also be able to take a view if specific social media and other types of sites are ancillary service providers—a person who appears to be facilitating or enabling the making available of pornographic material by non-compliant persons. I think that the capturing of others as ancillary service providers is an important part of making sure that we fully deliver our manifesto commitment, as I believe this Bill does.
We are aware that “commercial” is not limited to sites that require payment. It includes online advertising and other business models, as the Minister has said. However, it is unclear how the regulator will be able to enforce these measures given that the only enforcement available to them is notifying other payment service providers and ancillary services.
No doubt we will come on to enforcement. A number of clauses and amendments are on enforcement. The point is that other social media sites can be classified by the regulator as ancillary service providers for facilitating or enabling the making of available pornographic material. Our view is that enforcement through disrupting business models is more powerful because you are undermining the business model of the provider. However, I do not want to get too distracted, in an out of order way, into enforcement which is rightly dealt with in later clauses.
If the Bill is clearly designed to enable the regulator to focus on social media sites and other ancillary service providers, why was that term “on a commercial basis” included in these sections?
My hon. Friend has just given the final paragraph of my speech. With those assurances and the broad support from the BBFC and its enthusiasm to tackle the need for age verification in that way, I hope that the hon. Member for Sheffield, Heeley will withdraw the amendment.
Quite a lot of clarification is needed, and I hope it will come during the Bill’s passage. I do not think that the distinction between Ofcom and the BBFC is clear in this part of the Bill or in later clauses on enforcement. However, given that it states elsewhere in the Bill that the proposal is subject to further parliamentary scrutiny, and as the BBFC has not yet officially been given the regulator role—as far as I am aware—I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
I beg to move amendment 66, in clause 15, page 18, line 24, at end insert
“or an internet service provider.”.
This amendment and amendment 67 ensure that the requirement to implement age verification does not fall on ISPs but commercial sites or applications offering pornographic material; and defines internet service providers.
Because various other aspects of the Bill capture ISPs. My concern is that the Bill focuses on the commercial content providers where they are. The amendment is intended to probe the Government about how they are thinking about ISPs vis-à-vis commercial content providers in the drafting of the clause.
Our amendments are designed to enable the regulator to ask the internet service provider to block offending sites. This goes back to the point we made earlier on the differences between sites operated “on a commercial basis” and social media sites and ancillary sites. The proposals as they stand do not give the regulator sufficient powers to enforce the mechanisms proposed in the Bill.
Broadening the definition of “ancillary service provider” specifically to include internet service providers would require the regulator to notify them of non-compliant sites. That will put ISPs in the same bracket as payment service providers, which will be required to withdraw their services if other measures have been exhausted. In the case of ISPs, they would be required to block offending sites.
The amendments would create a simple backstop power where enforcement through the Government’s proposals had not achieved its intended objective and commercial providers had not withdrawn their services, either because the fine does not act as a deterrent or because, due to their international status, they do not need to comply. If pornography providers continued to provide content without age verification restrictions, the regulator would then have the power to require ISPs to take down the content.
We believe that, without amendment, the proposals will not achieve the Bill’s aim, as non-compliant pornographers would not be absolutely assured of payment services being blocked. First, the proposals do not send anywhere near a strong enough signal to the porn industry that the Government are serious about the proposals and their enforcement. Giving the regulator the power but not the stick suggests that we are not all that bothered about whether sites comply. Secondly, we can have no reassurance that sites will be shut down within any kind of timeframe if there is non-compliance. As drafted in the explanatory notes, “on an ongoing basis” could mean yearly, biannually or monthly, but it makes a mockery of the proposals if sites could be non-compliant for two years or more before payment services may or may not act. That does not provide much of an incentive to the industry to act.
Throughout the evidence sessions we heard that there are significant difficulties with the workability of this entire part of the Bill. For instance, many sites will hide their contact details, and a substantial number will simply not respond to financial penalties. Indeed, an ability already exists in law for ISPs to be compelled to block images that portray, for example, child sex abuse. There is also an ability to block in the case of copyright infringement. It therefore seems eminently reasonable that in the event of non-compliance, the regulator has a clear backstop power. We believe that even just legislating for such a power will help speed up enforcement. If providers know that they cannot simply circumvent the law by refusing to comply with notices, they will comply more efficiently. That will surely help the age verifier to pass the real-world test, which is integral to the Bill’s objectives.
That is exactly what I am saying. On that basis, with the Government’s position having been put clearly on the record, I hope that my hon. Friend will not press new clause 8 to a vote.
New clause 11 would empower the Secretary of State to introduce regulations in relation to backstop blocking injunctions. We have looked carefully at the option of blocking by ISPs and have talked to a lot of stakeholders about it. We take the problem seriously, and we think our measures will make a real difference. We are yet to be persuaded that blocking infringing sites would be proportionate, because it would not be consistent with how other harmful or illegal content is dealt with. There is also a question of practicality: porn companies would be able to circumvent blocking relatively quickly by changing URLs, and there is an additional risk that a significant number of sites that contain legal content would be blocked. We would need to be convinced that the benefits of ISP blocking would not be outweighed by the risks.
I am a little confused about how the Minister envisages the provisions being enforced against the free sites we discussed in the previous group of amendments without that additional power, which indeed has been requested by the regulator that the Government have designated.
As the regulator said, the proposals here mark a huge step forward in tackling the problem. We have to make a balanced judgment: there is a balance to be struck between the extra powers to block and the need to ensure that they are proportionate. The powers are not a silver bullet; sites that were actively trying to avoid the Bill’s other enforcement measures would also be able to actively avoid these measures. It is questionable how much additional enforcement power they would bring, given those downsides.
Children’s charities and the regulator have asked for action to solve the problem of needing age verification. That is what the Bill delivers. The question of how to enforce that is incredibly important; there are different considerations to be made, and I think the Bill has ended up with the correct balance.
The BBFC witness explicitly said last week that
“we suggested, in our submission of evidence to the consultation back in the spring, that ISP blocking ought to be part of the regulator’s arsenal.”––[Official Report, Digital Economy Public Bill Committee, 11 October 2016; c. 41, Q91.]
The BBFC says that notification of payment providers or ancillary services providers and fines may not be sufficient. I appreciate that porn sites might well use different URLs to evade it, but why has the Minister explicitly removed ISP blocking as a further backstop power? We are not talking about blocking too many sites; we have been very clear that it is intended as a backstop power when other measures fail.
David Austin of the BBFC said:
“We see this Bill as a significant step forward in terms of child protection.”––[Official Report, Digital Economy Public Bill Committee, 11 October 2016; c. 42, Q94.]
We think, on balance, that the regulator will have enough powers—for example, through the provisions on ancillary service providers—to take effective action against non-compliant sites. For that reason, I think this is the appropriate balance and I ask my hon. Friend the Member for Devizes to withdraw her amendment.
I thank the Minister for that intervention. We will return to this subject in a series of amendments around clause 20. I want to thank the Minister for clarifying some of the murkiness around definitions in the Bill. I want to ask him and his team, though, to consider what his colleague had said, which goes back to the net neutrality point.
I accept what the Minister says about the spirit being absolutely clear, that our current filtering regime will not be captured, but Baroness Shields did say that we needed to legislate to make our filters regime legal. I did not hear from the Minister that that legislation is something that the Department is preparing or planning to introduce.
We very much share the hon. Lady’s concerns that the legislation has explicitly excluded the ability of internet service providers to block. We simply cannot understand why the Government have ruled out that final backstop power. We appreciate it is not perfect but it would give the regulator that final power. We will return to new clause 11 at the end of the Bill and be pushing it to a vote when we come to it.
I thank the hon. Lady for making her intentions clear. I am prepared to withdraw or not push my new clause to a vote on the basis of what the Minister said, but I would love to get his assurances—perhaps he will write to me—to be crystal clear on the fact that he believes the Government do not have to legislate in order to push back on the net neutrality regime.
Given the Brexit vote, I would be inclined to accept a letter from the Minister suggesting that we will absolutely resist any attempt to make EU net neutrality apply to what is a very fine, though not perfect, voluntary regime. On that basis, I accept the Minister’s assurances that that is what he intends to do. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Clause 15 ordered to stand part of the Bill.
Clause 16 ordered to stand part of the Bill.
Clause 17
The age-verification regulator: designation and funding
Question proposed, That the clause stand part of the Bill.
In this and related clauses, we seek to strengthen the proposals that the Government have put forward. We have said that the regulation needs to be beefed up to require internet service providers to be notified about non-compliance. We would like to see an injunction power to take down any content which a court is satisfied is in breach of the age-verification legislation, as soon as possible, at the start of the four-tier regulation process the Government have identified in their amendments and letters published to the Committee last week.
That would require a regulator with sufficient enforcement expertise and the ability to apply that injunction and push enforcement at an early stage. As we are aware, however, the BBFC heads of agreement with the Government do not cover enforcement. Indeed, they made perfectly clear that they would not be prepared to enforce the legislation in clauses 20 and 21 as they stand, which is part 4 of that enforcement process, giving the power to issue fines. The BBFC is going to conduct phases 1, 2 and 3 of the notification requirements, presumably before handing over to a regulator with sufficient enforcement expertise, but that has not been made clear so far.
While we welcome the role of the BBFC and the expertise it clearly brings on classification, we question whether it is unnecessarily convoluted to require a separate regulator to take any enforcement action, which will effectively have been begun by the BBFC and which so far has not been mentioned in the legislation. This goes back to the point my hon. Friend the Member for Cardiff West made earlier about the two separate regimes for on-demand programme services.
As I understand it, although it is not clear, the BBFC will be taking on stage 3 of the regulation, meaning it will be involved in the first stage of enforcement—in notification. That is fine, but it will then have to hand over the second stage of enforcement to another regulator—presumably Ofcom. The enforcement process is already incredibly weak and this two-tiered approach involving two separate regulators risks further delays in enforcement against non-compliant providers who are to protect or take down material that is in breach of the law. In evidence to the Committee, the BBFC said:
“Our role is focused much more on notification. We think we can use the notification process and get some quite significant results.”—[Official Report, Digital Economy Public Bill Committee, 11 October 2016; c. 41, Q83.]
We do not doubt it, but confusion will arise when the BFFC identifies a clearly non-compliant site that is brazenly flouting the law, and it does not have power to enforce quickly but will have to hand it over.
We would also like to hear when the Government are planning to announce the regulator for the second stage and how they intend to work with the BBFC. As far as I can see, this will require further amendments to the Bill. If it is Ofcom, it would have been helpful to have heard its views on what further enforcement powers it would like to see in the Bill, rather than being asked to fill in after the Bill has passed through Parliament. There is a clear danger that the enforcement regulator could be asked to take over enforcement of age verification, which it thinks requires more teeth to be effective.
We therefore have very serious concerns about the process by which clause 17 will be have effect. Although we will not vote against the clause, we want to make it very clear that we would have preferred to have seen an official announcement about who will carry out the enforcement provisions in the Bill before being asked to vote on it.
The debate on clause stand part is about the set-up of the regulatory structure and making sure that we get designation and funding right. It is our intention that the new regulatory powers and the new regulator or co-regulators will deliver on this. As the hon. Lady says, the BBFC has signed up to be designated as the age verification regulator responding for identifying and notifying. This will enable the payment providers and other ancillary services to start to withdraw services to sites that do not comply as soon as possible.
In what kind of timeframe does the Minister envisage the payment service providers acting from notification from the BBFC?
We intend formally to designate the BBFC as regulator in autumn 2017 and expect to be in a position to commence the provisions requiring age verification within 12 months of Royal Assent.
That was not quite my question. How long does the Minister anticipate that ancillary service providers or payment service providers will take to act on receiving notification from the BBFC that a site is non-compliant?
I would expect that to happen immediately. The question of the designation of the backstop enforcement regulator does not stop or preclude the BBFC from getting going on this. As we have heard, it is already working to put in place its own internal systems. As I have just said to the Committee, we have a new commitment that we expect to commence the provisions in terms of getting the system up and running within 12 months of Royal Assent; after that, if the BBFC has designated that there is a problem, I would expect action to be immediate, because I expect the BBFC to ensure through good relations that systems are in place.
I see enforcement very much as a back-up to good behaviour. As we have seen with the taking down of child pornography and material related to terrorism, many providers and platforms respond rapidly when such material is identified. It will be far better if the system works without having to resort to enforcement. We will set out in due course who is best placed to be the regulator for enforcement, but the system is new, and the approach provides the level of flexibility that we need to get it right. I have every confidence in the BBFC’s ability and enthusiasm to deliver on these aims, so I commend the clause to the Committee.
Question put and agreed to.
Clause 17 accordingly ordered to stand part of the Bill.
Clauses 18 and 19 ordered to stand part of the Bill.
Clause 20
Enforcement of sections 15 and 19
This is a series of consequential and investigatory amendments intended to probe the Minister’s thinking about what the regulator can actually do. At the moment, enforcement operates through a series of financial penalties, which we can discuss further when we debate clause 21, or of enforcement notices. We heard clearly last week from David Austin that the challenge is that almost none of the content-producing sites that we are discussing are based in the UK; in fact, I think he said that all the top 50 sites that the regulator will rightly target are based overseas.
The challenge is how the Government intend to carry out enforcement. I know that the BBFC’s current enforcement role is not carried out through its own designated powers; it is carried out through various other agencies, and the Bill makes further provision for financial penalties. I tabled the amendments to press the Minister on the point that it would be clearer to specify that where a site, or the company that owns a site, is based in the UK, a financial penalty can and will be applied.
For overseas sites, enforcing a financial penalty, if one can even get to grips with what the financial accounts look like, may be difficult, hence the enforcement notice and then a series of other potential backstop actions; I know that the Minister is aware that I do not feel that we have exhausted the debate on blocking. I am trying to probe the Government on whether there is a way to use the Bill to reflect the reality that content providers are unlikely to be based primarily in the UK, and that perhaps a different approach is needed for those based offshore.
We completely support the hon. Lady’s amendments, which propose a sensible toughening up of the requirements of the age verification regulator. We particularly welcome the measures to require the regulator to issue enforcement notices to people outside the UK if they do not comply. That is an attempt to close a large hole in the current proposals. How will the BBFC tackle providers outside the UK?
At the evidence session last week, David Austin said that
“you are quite right that there will still be gaps in the regime, I imagine, after we have been through the notification process, no matter how much we can achieve that way, so the power to fine is essentially the only real power the regulator will have, whoever the regulator is for stage 4”;
we are not yet certain.
He continued:
“For UK-based websites and apps, that is fine, but it would be extremely challenging for”
the BBFC, Ofcom or whoever the regulator is for stage 4
“to pursue foreign-based websites or apps through a foreign jurisdiction to uphold a UK law. So we suggested, in our submission of evidence to the consultation back in the spring, that ISP blocking ought to be part of the regulator’s arsenal.”––[Official Report, Digital Economy Public Bill Committee, 11 October 2016; c. 41, Q91.]
That is precisely why we will return to the amendment on ISP blocking, because if we are to pursue foreign-based providers, the ability to block will be integral to that strategy.
My hon. Friend is making a series of excellent points which I hope the Minister can answer. We keep discovering that there are gaps, inconsistencies and potential confusion in the Bill. She has referred to the witnesses who gave evidence last week. Does she agree that it is really important that we focus carefully on the gaps that children’s charities such as the NSPCC have identified?
Obviously, I completely agree with my hon. Friend. We appreciate that the Government have consulted extensively with partners and representatives of all the relevant stakeholders, but it is not clear to us why they have not allowed ISPs that ultimate backstop power to block. For that reason, and to meet the objective of tackling providers outside the UK, we support amendments tabled by the hon. Lady the Member for Devizes.
I rise to support the amendments. It will not surprise the Committee to learn that I seek clarity about the impact on Scots law. It comes back to the same point: a lot of the issues that are being wrestled with in this place apply in a different legal jurisdiction. Perhaps the Minister could address that.
I should like to add to the comments made by hon. Friends. My concern is that if there are too many gaps and loopholes in the legislation, that may, perversely, put greater pressures on the enforcement authorities, because they will have to seek out so many different mouse-holes down which some of the content providers may run and disappear. I am slightly concerned and ask the Minister to consider the danger of an unintended consequence, because if it is not possible to stamp out content immediately, vital resources and focus will be diverted.
Does my hon. Friend also agree that with too many loopholes in the legislation, the more responsible providers of content will include age verification measures but users who want to avoid those tools will be pushed on to perhaps more extreme or violent pornography and perhaps even in to the deep web?
Yes. I raised this with the gentleman from the British Board of Film Classification, I believe, and I questioned his assertion about the top 50 websites. He said that the process would not stop there but proceed to the next 50, but if those 50 content providers are constantly moving all over the place, it will be rather like a game of whack-a-mole. Unless we have a sufficiently large mallet to give the mole a whack early on—[Interruption.] This is a serious business, and if I am sounding a bit jocular, that is not meant to take away from the serious issue. If we do not have the tools to address those who are deliberately not complying, and those who do not wish to comply with the regulations that we are putting in place to protect our children, I fear that we will be chasing after them too much.
My hon. Friend the Member for Sheffield, Heeley is right that there will also be the danger that investigative authorities use too many of their resources to go after this, when there are other things they need to go after as well. We need to put the tools at the disposal of the investigative and enforcement authorities, to give them the opportunity to make as clean an attack as possible on the providers that are not complying with the desire of this House.
I thank the Minister for that clarification and for the mention of support. The intention was to help to provide a practical solution rather than cut off aims. He has persuaded me that I do not need to press the amendment to a vote. Although I take the point about shared regulation, I would ask him to consider in setting up the BBFC as the primary regulator that it is working reasonably well in the video-on-demand world, but this may be having them stray into a new sphere of expertise in terms of finding, identifying and sending out enforcement notices or penalties, particularly for foreign-based companies. I think the whack-a-mole analogy is entirely consistent—they will shut their doors and reopen in another jurisdiction almost overnight. Given the anonymity principles, it is sometimes almost impossible to know where they actually are. If the Minister is assuring us that everyone is aware of the problem, he believes the powers allow the regulator to be flexible, and it is something that his Department will consider, I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
I beg to move amendment 86, in clause 20, page 21, line 40, leave out paragraph (b) and insert—
“(b) “during the initial determination period fix the date for ending the contravention of section 15(1) as the initial enforcement date.”.
With this it will be convenient to discuss the following:
Amendment 88, in clause 20, page 21, line 40, at end insert—
“(c) after the initial determination period fix a period of one week for ending the contravention of section 15(1)”.
Amendment 89, in clause 20, page 22, line 13, at end insert—
‘(14) In this section, “initial determination period” means a period of 12 months from the date of the passing of this Act to the initial enforcement date.”.
This group of amendments goes even further—they have the straightforward intention of continuing the process of strengthening the powers and, crucially, of speeding up the enforcement period, to help the Government achieve their manifesto commitment. The Bill would give the regulator the power to set a lengthy, if not indefinite, period for ending the contravention of section 15. The amendment would speed up the enforcement, requiring the regulator to issue an enforcement period of one week. Given that we do not anticipate that the BBFC will be the official regulator or have these powers for another 12 months on Royal Assent, we do not anticipate that a one-week enforcement period would be too onerous on content providers.
The group should be seen in tandem with our other amendments providing a backstop power requiring ISPs to block a site, and would send a clear message to content providers that the Government would treat any contravention of section 15 with the utmost seriousness and that continuing to provide content without age verification for a prolonged period of time would not be tolerated. We believe that, if the enforcement powers under clauses 20 and 21 are toughened up, the message will spread throughout the industry and it will make it clear that age verification is not an optional extra, but a central requirement in the effort to tackle what under-18s can see.
I am sympathetic to the purpose of this group of amendments. We think that decisions on when and how to enforce should be left to the regulator, but I see the point of trying to put a week into the Bill. However, it is overly prescriptive to do so in primary legislation. Our aim is for a proportionate regime, where the regulator can prioritise and deal with problems in a way that is aligned with its goals of protection, rather than having to fulfil legal requirements that might lead to unintended consequences.
Can the Minister give us any example where a one-week enforcement period would not be doable?
No, but I cannot—and she cannot—foresee all the circumstances that the regulator will have to deal with. It is far better to have a regulator with flexibility to respond and clear aims and intentions, rather than it having to fulfil an arbitrary timescale because that is in primary legislation.
Can the Minister confirm whether the legislation enables the regulator to set a time limit for enforcement?
Yes, it will allow the regulator that flexibility. I would rather have that flexibility at the level of the regulator than in primary legislation. I think that is a reasonable approach. The regulator will then be able to act in the way that it is clear from this debate is intended. I hope that on that basis, the amendment may be withdrawn.
It is useful to have on the record the Minister’s agreement that one week is a suitable enforcement period. On that basis, I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
No comment. Had we made more progress, amendment 62 might not have been necessary, but as I feared, we have not. I am confident that we all agree on the merit of the intent of this part of the Bill. We all want to protect young children from accessing inappropriate pornographic material. I do not want any of my children doing so, and I know how much they use electronic devices. My youngest, Robert, is only seven, and he is phenomenally tech savvy. It would not be that difficult in this world to stray, even with some of the blocking systems that are in place.
A lot of the problems that we have here are to do with international sites. I am dismayed at the Government’s unwillingness to move and not even so much as listen to Opposition Members, the regulator or charities, who all insist that ISP blocking is the kind of extra measure that we should put in place. Given that broader context and the Minister’s conviction, which I believe is sincere, that he has a package of measures that will work, in light of our concerns and those of many others, a review should be put in place. I know that in the past the answer to anything involving a review has been, “That’s what the Select Committee process is for; they will have a review,” but we should not leave something as important as protecting young children to a Select Committee. The Government should take responsibility rather than abdicate it to a Select Committee. The Government should put ISP blocking in the Bill, show that they treat the issue seriously and have a review to ensure that we get the outcome that we all want: a safer environment for our children on the internet.
Given that the Government have been so intransigent on the sensible suggestions for how their proposals could be strengthened, certainly on the issue of internet service provider blocking, I completely agree with the hon. Gentleman. The Minister keeps saying that he does not want to be too prescriptive, but we argue that the phrase “on a commercial basis” is too prescriptive and limits the powers of the age-verification regulator. Given the broad support for additional powers, we want the age-verification regulator and any other regulator involved in enforcement to come back to the House and tell us what additional powers they need to make this work. There are significant loopholes in the Bill and it could have serious unintended consequences for our young people. We completely support the SNP amendment.
I entirely understand the enthusiasm for commencement, and I have given the commitment that we would expect it within 12 months of Royal Assent. I hope that that deals with the demand for a timing of commencement to be put on the face of the Bill. Unfortunately, that renders the SNP amendment slightly impractical, because it would require a review within 12 months of Royal Assent, but if the Act commences only 12 months after Royal Assent, a review at that point might not show as much progress as we would hope.
I will not test the Committee’s patience further by going over arguments that we have already had, but there is one further area of clause 20 that we wish to touch on—the lack of an appeals process in the legislation. The Minister may expect the regulator to build that appeals process in: it would be helpful to have some clarity from him on that.
As I understand it, the BBFC will use analytics to identify sites that should have age verification. Analytics are not foolproof, so obviously an appeals mechanism will be needed for websites incorrectly prevented from operating. Previous such systems have wrongly filtered out websites such as breast cancer charities or forums for gay and transgender people. That is incredibly important: let us put ourselves in the shoes of a young gay man or woman, growing up in a religious household perhaps, who does not know where to turn to ask the questions that would plague any teenager coming to terms with their sexuality and who seeks refuge and solace in internet forums with other people going through the same issues. As risky as the internet can be, it can also be an incredibly empowering, transformative space that can literally save lives in such situations. Such lifelines must absolutely not be filtered out by ASPs or made subject to age verification; the Bill should include a mechanism that allows for correction when they have been mistakenly identified.
We also need clarification on who will develop the analytics, the data they will be based on and whether it will be done in consultation with the tech industry. We can only assume that this is an oversight that will be corrected when working out how the regulator is to proceed.
The hon. Lady raises an important point about access to information about sex education, sexuality, abortion and all sorts of things that are incredibly valuable. She is right to draw attention to safe forums. I reassure her that many of the same issues came up with respect to the question of voluntary filtering and, despite what some of those giving evidence said, the incidence of false blocking of such valuable sites is incredibly low. The BBFC as regulator is really good: it is not in the business of defining based on imagery, and it has fairly detailed algorithms. I share her concern, but I want to offer some comfort.
I am grateful. I heard the BBFC or the Open Rights Group say that the incidence was very low, but it would do no harm to build an appeals process into the legislation to ensure that where sites that should not be blocked or require age verification have fallen through the cracks, that can be resolved at the behest of the regulator.
The hon. Lady is absolutely correct that there needs to be an appeals process. That process is provided for in clause 17(4):
“The Secretary of State must not make a designation under this section unless satisfied that arrangements will be maintained by the age-verification regulator for appeals”.
I agree with everything else she said. It is worth remarking on the recent announcement that gay and bisexual men will now be pardoned over abolished sexual offences—that is not in the Bill, so that remark was completely out of order, but I still think it was worth making. Appeals are important; I hope she is satisfied that they are provided for.
Question put and agreed to.
Clause 20 accordingly ordered to stand part of the Bill.
Clause 21 ordered to stand part of the Bill.
Clause 22
Age-verification regulator’s power to give notice of contravention to payment service providers and ancillary service providers
I rise to speak to new clause 18, which stands in my name and that of my hon. Friend the Member for Cardiff West. I also support the amendments tabled by the hon. Member for Devizes. The Government’s proposals really do rely on an awful amount of good will among all the stakeholders involved in the legislation. It makes sense to create a backstop power for the regulator to require payment services to act should they not do so in the first instance.
New clause 18 comes from a slightly different perspective. It would oblige the age-verification regulator to ensure that all age verification providers—the companies that put the tools on websites to ensure compliance—are approved by the regulator; to perform a data protection impact assessment that they make publicly available; and to perform an array of other duties as well.
The new clause is designed to address some of the concerns about the practicality of age-verification checks, ensuring that only minimal data are required, and kept secure; that individuals’ privacies and liberties are protected; and that there is absolutely no possibility of data being commercialised by pornographer. We raise the latter as a potential risk because the proposals were drafted with the input of the pornography industry. That is understandable, but the industry would have a significant amount to gain from obtaining personal data from customers that might not currently be collected.
As we said earlier, we have full confidence in the BBFC as regulator, but, as with the proposals in part 5 of the Bill, it is vital that some basic principles—although certainly not the minutiae—are put on the face of the Bill. We are certainly not asking anything that is unreasonable of the regulator or the age-verification providers. The principles of privacy, anonymity and proportionality should all underpin the age-verification tool, but as far as I am aware they have not featured in any draft guidance, codes of practice, or documents accompanying the Bill.
The Information Commissioner agrees. The Information Commissioner’s Office’s response to the Department for Culture, Media and Sport’s consultation on age verification for pornography raised the concern
“that any solution implemented must be compliant with the requirements of the DPA and PECR”—
the Data Protection Act 1998, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 that sit alongside it. It continues:
“The concept of ‘privacy by design’ would seem particularly relevant in the context of age verification—that is, designing a system that appropriately respects individuals’ privacy whilst achieving the stated aim… In practical terms, this would mean only collecting and recording the minimum data required in the circumstances, having assessed what that minimum was. It would also mean ensuring that the purposes for which any data is used are carefully and restrictively defined, and that any activities keep to those restricted purposes…In the context of preventing children from accessing online commercial pornography, there is a clear attribute which needs to be proven in each case—that is, whether an individual’s age is above the required threshold. Any solution considered needs to be focussed on proving the existence or absence of that attribute, to the exclusion of other more detailed information (such as actual date of birth).”
The Commissioner made it clear that she would have
“significant concerns about any method of age verification that requires the collection and retention of documents such as a copy of passports, driving licences or other documents (of those above the age threshold) which are vulnerable to misuse and/or attractive to disreputable third parties. The collection and retention of such information multiplies the information risk for those individuals, whether the data is stored in one central database or in a number of smaller databases operated by different organisations in the sector.”
I understand that the Adult Provider Network exhibited some of the potential tools that could be used to fulfil that requirement. From the summary I read of that event, none of them seem particularly satisfactory. My favourite was put forward by a provider called Yoti, and the summary I read describes the process for using it as follows:
“install the Yoti App…use the app to take a selfie to determine that you are a human being…use the app to take a picture of Government ID documents”—
passport or driving licence, I imagine—
“the app sends both documents to Yoti…Yoti (the third party) now send both pictures to a fourth party; it was unclear whether personal data (e.g. passport details) is stripped before sending to the fourth party…Fourth party tells Yoti if the images (selfie, govt ID) match…Yoti caches various personal data about user”
to confirm that they are over 18. The user can then visit the porn site—whatever porn site they would like to visit at that time—and then the
“porn site posts a QR-like code on screen…user loads Yoti app…user has to take selfie (again) to prove that it is (still) them…not a kid using the phone…user scans the on-screen QR-code, is told: ‘this site wants to know if you are >18yo, do you approve?’…User accepts…Yoti app backchannel informs porn site…that user >18yo”
and then the user can see the pornography.
I do not know whether any Committee members watch online pornography; I gather that the figure is more than 50% of the general population, and I am not convinced that hon. Members are more abstinent than that. I ask Members to consider whether they would like to go through a process as absurd as the one suggested.
The hon. Lady has got ahead of the potential Daily Mail headline when the freedom of information request comes in for her Google search history.
I am not convinced that anybody would want to go through a process as the one I have just described, or even one significantly less convoluted. I suggest that instead they would seek entertainment on a site that did not impose such hurdles. The BBFC in its evidence made the telling point that the majority of the viewing population get their content from the top 50 sites, so it is very easy to target those—we see that entrenched in clause 23. The problem with that, as my hon. Friend the Member for City of Chester pointed out, is that targeting those sites may push viewers to the next 50 sites, and so on. We therefore need to ensure that the process is as straightforward and as minimal as possible.
My concern about users being pushed to the next 50 sites is that those sites are much less regulated, and I hazard a guess that they are much more likely to be at the extreme end of the spectrum.
That is exactly my concern. I imagine that the top 50 providers are not as hardcore, are less extreme and may not include such violent images; as we move on to the next 50 or the 50, there is a danger of images becoming more extreme.
The solution must not result in the wholesale tracking or monitoring of individuals’ lawful online activities or the collection of data with a view to unlawful profiling of individuals. I am not convinced that the BBFC is properly resourced to undertake the significant additional workload, nor am I convinced that the practicalities of the software that have so far been exhibited, or their implications, have been properly worked out.
My hon. Friend is generous in giving way. She is absolutely right about resourcing. I am no technical expert, but does she agree that such a database may be a prime target for hackers unless it is properly resourced and defended?
That is absolutely right, and I will come to that point. We heard evidence from the BFFC that it intended potentially to use age-verified mobile telephony to ensure that sites are properly age verified, but I am afraid that that approach is also flawed. First, there is the obvious issue that there is nothing to stop an underage child using the information attached to that phone—be it the phone number or the owner’s name—to log on and falsely verify. Equally, there are enormous privacy issues with the use of mobile-verified software to log on.
The BBFC said clearly that it was interested not in identity but merely in the age of the individual attempting to access online pornography, but as we all know, our smartphones contain a wealth of information that can essentially be used to create a virtual clone. They are loaded with our internet conversations, financial data, health records, and in many cases the location of our children. There is a record of calls made and received, text messages, photos, contact lists, calendar entries and internet browsing history—the hon. Member for Devizes may want to take note of that—and they allow access to email accounts, banking institutions and websites such as Amazon, Facebook, Twitter and Netflix. Many people instruct their phones to remember passwords for those apps so they can quickly be opened, which means that they are available to anyone who gets into the phone.
All that information is incredibly valuable—it has been said that data are the new oil—and I imagine that most people would not want it to be obtained, stored, sold or commercialised by online pornography sites. The risks of creating databases that potentially contain people’s names, locations, credit card details—you name it—alongside their pornographic preferences should be quite clear to anyone in the room and at the forefront of people’s minds given the recent Ashley Madison hack. I am not condoning anyone using that website to look for extramarital affairs, nor am I privileging the preferences or privacy of people who wish to view online pornography over the clearly vastly more important issue of child protection. However, one consequence of that hack was the suicide of at least three individuals, and we should proceed with extreme caution before creating any process that would result in the storing of data that could be leaked, hacked or commercialised and would otherwise be completely private and legitimate.
That is the reasoning behind our reasonable and straightforward amendment, which would place a series of duties on the age-verification regulator to ensure that adequate privacy safeguards were provided, any data obtained or stored were not for commercial use, and security was given due consideration. The unintended consequences of the Government’s proposals will not end merely at the blocking of preferences, privacy or security issues, but will include pushing users on to illegal or at the very least non-compliant sites. We are walking a thin tightrope between making age verification so light-touch as to be too easily bypassed by increasingly tech-savvy under-18s and making it far too complicated and intrusive and therefore pushing viewers on to either sites that do not use age verification but still offer legitimate content or completely illegal sites that stray into much more damaging realms. These provisions clearly require a lot more consultation with the industry, and I am confident that the BBFC will do just that, but the Opposition would feel a lot more confident and assured if the regulator was required to adhere to these basic principles, which we should all hold dear: privacy, proportionality and safety.
The hon. Lady rightly gets to the great concern that somehow, in doing something good, an awful lot of concern can be created, and I am sympathetic to her points. I remind her that it is not as if these sites do not know who is visiting them anyway. One of the great conundrums on the internet is that every single keystroke we take is tracked and registered. Indeed, that is why shopping follows us around the internet after we have clicked on a particular site. Unless people are very clever with their private browsing history, the same is the case for commercial providers.
I absolutely support the Government’s intention here. We just want to ensure it is done in the right way and balances both sides of the argument. I think it is absolutely right that internet service providers are offering this filter, but does the hon. Lady share my concern that very few families take it up and very many families turn it off?
There are Ofcom data. One of the requirements we asked for was for Ofcom to monitor. Take-up improved, and, as I said, some internet service providers now have an automatic “on” system, whereby a person has to intervene to take the filters off. I am told that only about 30% of families choose to do so. Here is the savvy thing: we all know that people live in households with multiple ages and multiple requirements on the internet, so many ISPs now offer a service that enables people to disable the filters for a period and automatically reinstate them the following day. They do not have to do anything if they want the filters to be in place, but they might want to access over-18 content as an adult.
I want to discuss some of the other issues that have come up in this conversation, in the process of finally speaking about these amendments. Is it in order to do so, Mr Stringer?
That is a very reassuring reply and I thank the Minister for it. We have had a very good debate. I know that his officials will be listening and thinking hard about what has been said, and I do not think it would serve the Committee any purpose to press my amendments or my new clause to a vote.
I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Question proposed, That the clause stand part of the Bill.
It was interesting to hear the Minister refer to financial regulations. I was not present on Second Reading because I was not then in the position that I occupy now, but having read that debate I do not believe that there was any such reference. So we would like some clarity on who will be the regulator of the payment service providers and what work has already been done with the Financial Conduct Authority—I assume it will be with the FCA in this circumstance—to ensure that it will be regulating those providers, to make sure that they act with speed and due diligence on receiving notification from the age verification regulator under clause 15.
It is disappointing that the Government do not consider new clause 18 necessary to amend the Bill. I appreciate that the BBFC has been given powers to establish a code of practice, but given the very serious consequences that could result from that not being done correctly, some basic principles need to be embedded into the process, based on the issues that I raised earlier in our discussion.
I will just add that we will return to this issue on Report.
We have been engaging directly with payment service providers, although—no doubt as and when necessary—engagement with financial authorities will be made. Payment service providers can withdraw services from illegal activity under their existing terms and conditions, so the provision is already there for the measures to take effect.
Question put and agreed to.
Clause 22 accordingly ordered to stand part of the Bill.
Clause 23
Exercise of functions by the age-verification regulator
I promise this will be the last time I speak today. I am afraid I have had a slight change of heart. I tabled this amendment around many points that have been raised today on the difficulty of focusing the BBFC’s efforts on the fact that much of this traffic is not simply going to the larger websites. As we have heard, many other free sites are providing information. However, in reading my amendment, I have decided that it is almost a vote of no confidence in the BBFC’s ability to be flexible and I would therefore like to withdraw it.
New clause 12 would give the power to the age verification regulator to introduce another code of practice—the Opposition are very fond of them—for internet content providers. [Interruption.] And reviews, we are very fond of reviews.
We have made it clear throughout that we want enforcement to be as tough as possible and for all loopholes to be closed, but we also want to ensure that children are as safe in the online world as they are offline. There absolutely needs to be that parity of protection. That is one reason why we are disappointed, as I mentioned, that these measures came forward in a Digital Economy Bill, where it was incredibly difficult to look at the issues of child protection online in a thoroughly comprehensive way.
The new clause proposes that the regulator should work with industry to create a statutory code of practice, based on BBFC guidelines for rating films and the principles of the ICT Coalition for Children Online. The code would establish a set of minimum standards that would apply consistently to social networks, internet service providers, mobile telecommunication companies and other communication providers that provide the space and content where children interact online.
This is not intended to be an aggressive, regulatory process. We envisage that it will be the beginning of a much broader debate and conversation between regulators and content providers about just how we keep our children safe on the web. This debate will encompass not only ideas such as panic buttons, but education about the online world, which must run in parallel for any process to be effective.
A statutory code would work with providers to lay out how content is managed on a service and ensure that clear and transparent processes are in place to make it easy both for children and parents to report problematic content. It would also set out what providers should do to develop effective safeguarding policies—a process that the National Society for the Prevention of Cruelty to Children has supported.
As I said, this will clearly be a staged process. We envisage that in order to be effective, the development of a code of practice must involve industry, child protection organisations such as the NSPCC and, crucially, the children and families who use online services. But this code of practice would be based on existing industry and regulatory minimum standards and would require providers to ensure that the safety and wellbeing of children is paramount in the design and delivery of their products and services. The new clause would also empower the Secretary of State to make regulations to ensure effective enforcement of the minimum standards in the code of practice.
The online world can be an enormously positive force for good for our children and young people. It makes available a scale of information unimaginable before the internet existed and there is compelling evidence that that constant processing of information will lead to the most informed generation of children the world has known, but it needs to be made safe to realise that potential. The new clause would give assurance to Opposition Members that we will enable that to happen.
I am grateful to my hon. Friend the Member for Devizes for saying that she will not press her amendment and for what she said about the BBFC. Anybody reading the transcript of this debate will see the universal support for the BBFC and its work.
On the point about statutory guidance, through the UK Council for Child Internet Safety we have made guidance available to providers of social media and interactive services to encourage businesses to think about safety by design and help make platforms safer for children and young people under the age of 18. The amendment would make something similar into statutory guidance. I see where the hon. Lady is coming from, but the scale and scope of the internet makes this an unprecedented challenge. Some of the biggest sites have over 2 billion visits per year and UK audiences make up a very large proportion of those. It would be very difficult to have statutory guidance that would be policeable in any complete way. Rather than statutory guidance that could not be dealt with properly, it is better to have non-statutory guidance that we encourage people to follow.
On that point, does the Minister share my concern about the levels of discontent among those children who are trying to report online through social media? Some 26% received absolutely no response at all and of those that did receive a response, only 16% were satisfied. What more can we do to strengthen that?
I do recognise that. My point is that making non-statutory guidance statutory will not help in that space, but there is clearly much more to do. I hope that, with that assurance, my hon. Friend the Member for Devizes will withdraw the amendment.
I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Question proposed, That the clause stand part of the Bill.
This is a very curious clause, which renders much of the well-informed—as the Minister said—and useful discussion that we have had today about enforcement, targeting smaller providers and restricting access across the web, completely and utterly redundant. If the clause as I read it goes forward unamended, it will provide the regulator with the ability to target only the largest providers of online pornography, perhaps even limiting its ability to target only them.
As we have discussed at length, this is an incredibly difficult area to police, which I appreciate. It is obviously going to be far easier to tackle the 50 largest providers, not least because I assume many of them are already providing some level of age verification and are probably more at the responsible end of online pornography content providers. I would remind the Committee of the Conservative party’s manifesto, which said:
“we will stop children’s exposure to harmful sexualised content online, by requiring age verification for access to all sites containing pornographic material”.
That does not make any reference to commercial providers or whether the provider has a large or small turnover, is on WordPress, Tumblr, Twitter, Facebook or Snapchat. Today’s debate has very much suggested that the role of the regulator will be to focus on those sites that are operated on a commercial basis. Given the Minister’s reluctance to implement internet service provider blocking, I do not believe that the manifesto commitment will be achieved.
My hon. Friend is making a very interesting point. The clause refers to
“a large number of persons”
and
“a large amount of turnover”.
“A large number of persons” might be 1,000; it might be 1 million. Has there been any indication from the Government of what they mean by that?
As far as I am aware, we have had no indication from the Government at all. It would be very interesting to hear the Minister’s comments on that and on why the clause exists at all.
The Minister has been saying at length that he does not want to be too prescriptive to the regulator, but he is putting into primary legislation that the BBFC will be able to target, first and foremost, the larger providers and those that are more easy to target. I would imagine that a regulator in any regulatory system would go after the bigger and less problematic providers before those that are more difficult to tackle—no reasonable person would expect anything different. I find this confusing: why should the provision be in primary legislation, given the Minister’s overtures about not being too prescriptive and giving sufficient flexibility?
As I have just mentioned in the discussion on the previous clause, some of the biggest sites on the internet have more than 2 billion visits a year. As the hon. Member for Sheffield, Heeley said, many sites are involved. Allowing discretion for a targeted approach is important. The clause also allows the regulator to
“carry out, commission or support…research…for the purposes of exercising, or considering whether to exercise”
the powers. That is important, too, because we want the regulator to have the power to conduct research to inform its views. Both those things are important parts of the execution of age verification.
The Minister said just now that the clause will stop the BBFC—we are to assume that it will become the age verification regulator—from being in breach of its statutory duties if it goes after the largest pornography providers first. Putting aside the analogy that my hon. Friend the Member for Cardiff West made, which was absolutely right, is it not the case that the age verification regulator does not have many statutory duties? That was the whole purpose behind the amendments of the hon. Member for Devizes. The regulator is required only to—well, it is not required to; it may—give notice to any payment services or ancillary service provider. I fail to see how targeting any content provider first, last or in any other way would put the regulator in breach of any requirement under the Bill.
I want to make it clear that it can target in order to work as effectively and as soon as it can. I am slightly surprised to find Opposition Members against that principle.