Digital Economy Bill (Third sitting) Debate
Full Debate: Read Full DebateRishi Sunak
Main Page: Rishi Sunak (Conservative - Richmond and Northallerton)Department Debates - View all Rishi Sunak's debates with the Cabinet Office
(8 years, 2 months ago)
Public Bill CommitteesQ In your experience, is it unusual for the Government not to have published at least draft codes of practice alongside legislation of this nature?
Dr Fishenden: I would have assumed that they would be drafted in concert with the Bill, because to test the provisions in the Bill, you would need to run them back past the codes of practice to check that the two work together. I am a bit confused about why they have not appeared, because I cannot see how the Bill would have been drafted without them.
Q I have a question for Mr Chisholm. I put on record my thanks to your organisation for the wonderful work that it does in my constituency—and in everyone else’s, I am sure—in helping some of the more vulnerable people in society. It is a fantastic organisation. We hear a lot about the big picture of how technology can help people and make their lives better, but you guys are at the coalface, helping vulnerable people. Will you explain how some of the measures in the Bill on data sharing are going to make your life easier and deliver tangible benefits to vulnerable people?
Alistair Chisholm: As I said before, there are definitely cases in which the Government or local authorities do not use their own data to help people when they could. For example, when somebody is paying their magistrate’s fine directly from their benefits, sometimes the benefits change, so the flow is disrupted and the payments stop.
We often see cases in which somebody then has a bailiff at their door and they are threatened with imprisonment when, in fact, they want to pay. The Government actually know that there has been a temporary interruption to their benefits, or that somebody is shifting from jobseeker’s allowance to employment and support allowance. If those data were joined up—obviously in a way that protected consumers as they need to be protected—the debt would continue to be paid, the problem would not be escalated, and the person would have a stable financial arrangement that enables them to meet their obligations. There are opportunities like that.
It is really important to say that it is now time for the Government to do what they have asked the private sector to do in the way they collect data. They need to adapt their systems so that payments are affordable and debts can be reasonably disputed, and so that people are helped.
Q Beyond debt collection, are there other areas in which data sharing can be used to ensure that the right services or the right support is getting to people who need it?
Alistair Chisholm: In the public sector?
Yes, when the Government are delivering public services. You may have something to say about energy, or perhaps other areas.
Alistair Chisholm: Absolutely, yes. The clause in the Bill under which energy companies and the DWP will share data to help people to access support that is there but that they do not always get is an excellent idea. I very much support that measure. People who are vulnerable are sometimes less able to manage those systems, so if you can join them up effectively, that is very helpful.
Q My colleague has already elicited some comments from you, Mr Chisholm, about how you can see the most vulnerable benefiting from the Bill. Can you give some other examples of situations you have come across in which you could see the Bill helping individuals?
Alistair Chisholm: Are you talking about debt?
Q For the record, the witness nodded in reply to that question.
On age verification, attention has been drawn to the consequences of failing to think through plans, including the possibility that information on passports and driving licences could be misused when collected as part of an age verification system. Could you comment on that and are you aware of any evidence that might mitigate those risks in that part of the Bill?
Elizabeth Denham: I will ask my colleague to respond to that.
Steve Wood: Our concern about an age verification system is that the hard identifiers that could be collected, such as passports, might need to be secured because of the vulnerability of those pieces of data being linked to other pieces of data and used by the organisation that collects them. We hope that any solution would take a “privacy by design” approach, which very much minimises the amount of data that is taken and may use different ID management systems to verify the age of the individual, rather than a lot of data being collected. It is important that data minimisation is at the heart of any solution. It would be a concern for us if a wide range of solutions was put forward to collect those hard identifiers.
Q We hear a lot about how technology can benefit people and that the Government need to harness technology to do just that. Indeed, some data sharing is already going on in the delivery of Government services. Can you describe how the measures in the Bill will provide greater legal certainty and clarity in that area because we want to make sure we are doing things in the right way? Your thoughts in that regard would be helpful.
Elizabeth Denham: This Bill is an enabler. It facilitates data sharing for the improvement of Government services. I think the public welcome that and they expect seamless Government services in some cases. The idea that all data must stay in ivory towers or silos does not make sense when building digital delivery services. That said, we all know that trust and transparency are critical to maintaining the public’s trust in data sharing.
The transparency that needs to be clear in the Bill is on two levels. First, at the point of data collection and in ways that are easy for citizens to access, they should understand the purpose of and how their data will be shared, and they should have the ability to challenge that.
Secondly, there needs to be another layer of safeguards and transparency scattered throughout some of the draft codes of practice, but not in the Bill. That is the transparency that comes from privacy impact assessments, from reviews by our office, and from Parliament looking at revised codes of practice. It is really important that we pay attention to both those levels. Civil society is going to pay attention to published privacy impact assessments; but right now there is no consistency across all the codes of practice for those kinds of safeguards. I believe that some improvements are needed to the Bill.
Q I wanted to just go back to age verification, if you do not mind, Mr Wood. You made a good deal in your evidence and in your response to my colleague’s earlier question about the concerns that you have—and I get those. Can you push this a bit further and say what you would think was an adequate system of evidence providing for age verification? What would work?
Steve Wood: I will qualify the answer by saying we come at it from a data protection perspective, so our interest is making sure that the personal data of those individuals who would be going through that process is protected, rather than the wider policy issues relating to verification of access to that content; our the key concern is to make sure that the verification system does not lead to disclosure of information if it is not necessary. As tools like federated identity management have developed, it is often possible to use another service—another third party service—to verify the identity of the individual, which could be done using a variety of third party services that are out there. That means that the site owner that provides that pornography service would not need to collect and see all the details about the individual’s age and so on, but that that is provided by a secure, accredited third party service.
The Government’s Verify service has taken some good steps in looking at these different solutions about how identity management can now be developed using these third party services; so it is that sort of approach that we are looking to, rather than a very open-ended approach, as I said earlier, allowing a wide range of information. As to the level and standard of identity, I think that is a different question, but we are really focused on making sure the personal data collected is the bare minimum to make that requirement work.