Robert Halfon
Main Page: Robert Halfon (Conservative - Harlow)Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.
Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
I begin the debate by thanking the new Backbench Business Committee for accepting my submission and agreeing to give parliamentary time to this important subject. As with the election of Members to Select Committees, the Backbench Business Committee is a small step in redressing the balance of power, moving it from the Executive to the legislature. It is therefore appropriate that one of the early Back-Bench debates should be on the subject of civil liberties.
In recent years, we have become increasingly focused on freedom. With every terrorist atrocity, our civil liberties have been curtailed, often in a somewhat draconian manner. I therefore welcome the coalition Government’s determination to redress the balance by reviewing the anti-terrorism legislation, scrapping identity cards, abolishing the national identity register and the contact point database, and halting the next generation of biometric passports. However, I do not wish to talk about state surveillance this afternoon.
I requested this debate because of my concern—and that of many others, including hon. Members here today—about what I term the privatised surveillance society. By that, I mean the surveillance of individual citizens by advanced internet companies; ordinary people have no right of redress, and there is no possible sanction. I will set out what I perceive to be the problem, the reaction thus far of the authorities, and what steps I believe should be taken to deal with it.
My question is this: are we sleepwalking into a privatised surveillance society? How can we stop it? Before I examine the arguments, let me first declare an interest. I am no internet luddite, but rather a passionate advocate for its cause. I blog using Google and Twitter, and I am active on Facebook, where I am lucky enough to have 1,400 friends. In fact, I am an enthusiast for Google products. I run my Commons business using Google Mail; I have Google Sync on my BlackBerry, and I use a Google Android phone. I prefer Google Chrome to Microsoft Explorer. I am a huge believer in the power of the internet to do good, and to be, potentially, a force for democratic development, allowing citizen power at its best.
However, there is a great difference between advancement of the internet and the violation of people’s right to privacy. Private companies seem to have acquired the right to photograph what goes on in people’s gardens. That is a dangerous shift, because if no one has any right to privacy, we will soon be living—dare I say it?—with a privatised version of Big Brother run by some of the internet companies. That is the scenario slowly creeping up on us. I say that because many of my observations today will focus on Google’s activities, such as street-mapping, accessing people’s personal wi-fi addresses, and—as we learned from newspapers and Google’s official blog a few days ago—the harvesting of personal e-mail addresses and passwords.
I acknowledge that Google is by no means the only guilty party. As The Wall Street Journal recently highlighted in a special series, there is a problem with what is termed scraping. Scraping is the process whereby internet companies such as Facebook and MySpace pass on user names and personal information to other companies for commercial purposes, without the consent of the individuals concerned.
The issue of civil liberties and internet privacy first came to a head not long after I was elected to this House in May 2010. The newspapers revealed that Google had been mapping people’s personal wi-fi data without their permission. I found that an astonishing revelation, and subsequently tabled a number of early-day motions. I also wrote to the Information Commissioner’s Office to ask its view on the matter, but I received what I can only term a lamentable response. The clearly standard reply stated:
“The ICO has visited Google’s premises to assess samples of the “payload” data it inadvertently collected. Whilst Google considered it unlikely that it had collected anything other than fragments of content, we wanted to make our own judgment as to the likelihood that significant personal data had been retained and, if so, the extent of any intrusion. The information we saw does not include meaningful personal details that could be linked to an identifiable person...It is unlikely that Google will have captured significant amounts of personal data.”
That raises two issues. First, did Google harvest meaningful personal data without people’s consent? Secondly, did it capture a significant amount of those personal data?
In the view of the UK Information Commissioner, who examined the Google computers, there was nothing to worry about. I have subsequently spoken to the Information Commissioner. His view is that although he would have liked to take stronger action against Google, his office was constrained by the Data Protection Act 1998. Perhaps that is true, but why was it not said at the time? There is nothing in the Information Commissioner’s first announcement about insufficient powers or the constraints of the Data Protection Act. That inertia seems all the more disappointing given that other groups were working hard to protect the British public.
Many privacy campaign groups, such as Big Brother Watch, have raised awareness of the issue in the media. Privacy International complained to the Metropolitan police in London, who opened an investigation into Google under the Regulation of Investigatory Powers Act 2000 and the Wireless Telegraphy Act 2006. Why was that left to private groups and individuals? The Information Commissioner has said that the Data Protection Act prevented further action from being taken, but what was his view of the Regulation of Investigatory Powers Act and the Wireless Telegraphy Act? Why was Google not referred to the police?
The public whitewash was all the more surprising given the actions of many other Governments around the world. In Spain, there is a formal judicial inquiry and the threat of a substantial fine. In South Korea, the police have raided Google’s headquarters. Serious investigations were undertaken in France, Germany, Italy, and Australia. Israel is considering the problem in its 32nd international conference on data protection and privacy commissioners, before Street View has even reached its shores. In Canada, the privacy commissioner has launched a legal inquiry on the basis that Google defied Canada’s privacy laws. In Greece and the Czech Republic, Street View has been banned altogether. In America, Google faces a class action lawsuit over data harvesting, as well as a large-scale investigation backed by 38 states.
Let me return to the critical questions. Did Google harvest meaningful personal data without people’s consent? Did it capture a significant amount of those personal data? A few weeks ago on 14 September, I went to visit the impressive Google headquarters in London and I asked some questions. I stress that the company has always been open to discussion, and courteous when dealing with my concerns. At that meeting, I was given the strong impression that the wi-fi details harvested were basic and did not amount to much. In other words, Google told me that the data were not meaningful, and that they were not collected in significant amounts. It was therefore strange to read what Google’s vice-president of engineering and research, Alan Eustace, wrote on the company’s blog over the weekend. He admitted that his company’s Street View cars captured
“entire e-mails and URLs...as well as passwords”
on a mass scale. He added:
“We want to delete this data as soon as possible”.
We have to take his word for it, but it is hard to do that when, contrary to what the Information Commissioner announced this year, and contrary to what Google said to me in September 2010, meaningful personal data were collected in significant amounts.
The issue is simple: either meaningful personal data were collected in significant amounts, or they were not. In July 2010, we were told that they were not; in October 2010, we were told that they were. I sincerely hope that this House, the Government, and the British public, have not been deliberately misled. I also hope that Google’s U-turn is voluntary, rather than a scenario in which it admitted the truth only because investigations by other Governments gave it no alternative.
As The Daily Telegraph stated on 23 October 2010, Google admitted that it
“downloaded personal data from wireless networks when its fleet of vehicles drove down residential roads taking photographs for its controversial Street View project.
Millions of internet users have potentially been affected.”
Among the information gathered were millions of e-mails, passwords, and the addresses of websites visited by private households. That is unacceptable.
The problem should have been picked up by the Information Commissioner in the first instance. Major questions need to be asked. Why did the Information Commissioner assure the public, the Government and the House that all was well? Why did it take an admission of malpractice on the company’s own blog to trigger a new inquiry by the Information Commissioner?
It is not enough to say that the whole thing was an innocent mistake, as Google has suggested. That was its line when Street View uploaded images of naked children without the consent or knowledge of those involved. It was its line when a Google engineer was able illegally to access children’s private e-mail accounts and telephone records. Google took disciplinary action only after parents complained that the engineer had illegally used Google data to harass four of their children.
I find it hard to believe that a company with the creative genius and originality of Google could map the personal wi-fi details, computer passwords and e-mail addresses of millions of people across the world and not know what it was doing. My feeling is that the data were of use to Google for commercial purposes and that that is why it was done. Of course Google denies that, but for me the question is whether the company underestimated the reaction of the public and many Governments across the world once it was revealed what Google had done.
Even if Google had not harvested oceans of data without anyone’s consent, and even if the Information Commissioner’s Office had not been so lamentable in its response, I would still have concerns about Street View. In many ways, Street View is a brilliant innovation. I am sure that many of us in this Chamber have used it from time to time as a three-dimensional “A to Z”, but street-mapping has been done without anyone’s explicit permission. Millions of houses and gardens are photographed in micro-detail and put on the web. As I mentioned, there were episodes in which Google photographed naked children and uploaded the pictures to the web. Although the pictures were subsequently removed, they should not have been there in the first place. I am sure that hon. Members will have tales to tell of e-mails sent by constituents about similar situations.
One lady from a village in Cornwall e-mailed me about today’s debate. Wanting to remain anonymous, she said:
“The camera must have been elevated to at least 10 feet high to get these shots. I live in a small hamlet, and on Street View it is possible for someone to see right into the rooms of our house. I am so angry at the infringement of our privacy but until now have had no-one to take up the cause.”
I have no problem with Google photographing me in my garden, or my house, and putting those images on the web, but the point is that I want to give Google permission to do so. I want to opt in. Some people will respond that any citizen can walk up a street, taking pictures of people’s houses. Of course that is true, but there is a difference of scale and of commercial interest. Google was not sightseeing; it was creating a product to sell advertising on a mass scale. No private citizen has the millions of pounds or dollars at their disposal to take a detailed picture of every house, street and company in Britain. That makes this case fundamentally different.
I welcome the moves by the German Government to give people a chance to opt out of Street View before the pictures are published. Nearly 250,000 Germans have opted out of Street View. That is roughly 3% of households.
What my hon. Friend has described sounds like a systematic pattern of behaviour, but it is worse than that. It is a systematic pattern of behaviour backed up, frankly, by systematic mendacity on the part of Google, which first says that it happened by accident, then says that it was a mistake and ends up saying, “Well, we will eventually get rid of the data.” Does not that argue to my hon. Friend—he does not have to answer immediately—that we have to take quite firm legal action with respect to people’s rights of privacy and their property rights regarding privacy and with respect to the penalties that ought to face a company as huge as Google, perhaps as a fraction of its turnover?
My right hon. Friend is a great defender of civil liberties and we are lucky to have him at the debate. I agree with him absolutely. Later in my remarks, I shall be able to give a more detailed answer to what he has suggested.
As Germany’s Interior Minister said in September 2010,
“If companies do not adopt satisfactory new rules, we will create more restrictive privacy laws. However, a voluntary code of sufficient strength and scope could make special regulations unnecessary, at least in part.”
In my meeting with Google to discuss Street View, it implied that blackening out houses in a street view would make things look “unseemly”. My answer to that is, so what? If aesthetics are sacrificed in the cause of liberty, that can only be a good thing. This is an important principle. Either our home is our castle or it is not. Google’s actions indicate an all-too-frivolous view of the rights of the individual against the advancement of internet technology.
However, as I stated in my opening remarks, we should not be worried just about Google. There are also reports that BT has been, allegedly, trawling people’s Facebook accounts to check for critical comments about the company. Again, that is totally out of order. There must be a limit to what these companies do. We may accept that, in the present day, most of these internet companies have good and honourable intentions, but we are setting a precedent. If we permit this invasion of privacy today, what might it be used for tomorrow?
A case in point is scraping, which I mentioned. Thanks to The Wall Street Journal, we now learn that the internet has given rise to thousands of data brokers and middlemen. They gather information from property records, social networking sites and telephone listings and by scraping data from websites where people post information about themselves. The point is not that those data are publicly available, but that they are being aggregated on a mass scale in a way that threatens individual privacy.
If we accept that civil liberties are being violated in the way that I have described, we must also acknowledge that something must be done about it. In some ways, what is going on is much more dangerous than state surveillance, because at least the citizen knows his rights and there is some possibility of legal redress. Also, it is possible to sack a Government if we are unhappy with them. We are familiar with the idea that there is a social contract between Government and citizen, but what is the social contract between a citizen and an internet corporation?
Street View affects everyone. Its impact is not limited to Google’s customers. When it comes to internet companies, the question of citizen rights is much murkier and less defined. That grey area has allowed firms such as Google to get away with what they have done. The reality is that a lot of privacy encroachment is going on that has yet to be uncovered.
Returning to the remarks by my right hon. Friend, I believe that there needs to be a robust inquiry, with teeth, into the role of the internet and its relationship to individual liberty.
I congratulate the hon. Gentleman on securing this very important debate and on the eloquent way in which he is presenting his very important case. Does he agree that one of the frightening aspects of all of this is that we depend for information about what is happening and what the companies are up to on the companies themselves? As he pointed out, none of this would come to light unless the information was presented by the companies. Therefore, we do not know exactly what is going on. That is a key point, in terms of people knowing what is happening.
The right hon. Gentleman makes the extremely important point that in some ways we are becoming so dependent on the internet companies that that allows them to do what they are doing. He is exactly right.
I am not against private companies—I am a Conservative, after all. As I mentioned, I use Google a lot to run my parliamentary business, but this time it has gone too far. Indeed, there is a danger that one day, no one will have any privacy whatever—and this time the threat is not from the state.
I accept that, despite what I have described, there are no easy answers. When it comes to the advance of the internet, it seems that the rights and responsibilities are still unclear. I accept that it is very difficult for a nation state to deal with what is in effect a transnational company.
I, too, congratulate my hon. Friend on securing the debate. Does he agree that the problems regarding Google and the invasiveness of the internet arose before the capturing of the information that should not have been caught? One of the groups of people who have suffered as a result is young people and teenagers. A number of suicide sites have been established and information is passed via social networking mediums such as Facebook and other mediums to teenagers, who are particularly vulnerable and have been particularly badly hit by that. Perhaps it is time for us to examine how the internet has operated and invaded people’s lives in an adverse way, and to start talking about some form of regulation that protects individuals.
My hon. Friend makes a good point which, although slightly different from what I am focusing on today, is relevant to the role of the internet. I think she will be pleased to hear what I say later in my remarks.
The time has come for the Government to set up a serious commission of inquiry composed of members who have expertise in civil liberties, the internet and commerce. The commission should suggest a new legal framework to redress the balance, giving citizens an affordable and speedy means of redress.
Perhaps the best means would be an internet Bill of Rights, which would give the citizen some notion of his rights. At first, such an internet Bill of Rights might be a semi-voluntary code, as currently proposed in Europe. The system would be self-regulating, in the same way as the British Medical Association can mediate over doctors’ behaviour, or the Law Society can judge legal practice. If an inquiry finds cases in which a company has infringed upon people’s privacy without their permission, perhaps there could be some sort of fine.
I thank the hon. Gentleman for giving way and for securing this interesting debate. I am interested to hear how he develops some of his points.
The hon. Gentleman keeps talking about companies. Although he touched briefly on the role of the Government, would he not agree that, while infringement by companies is a serious problem, infringement by Governments—which has happened so often, through the former intercept modernisation programme, the Digital Economy Act 2010 and the huge amounts of data held by the Government—is at least as chilling, not least because so much more money and infrastructure back it up? How would he tackle that issue?
I was pleased to serve with my hon. Friend on the Public Bill Committee that considered the abolition of identity cards. He is also a huge defender of civil liberties, and has been so for many years. He is right, and raises an important subject, but one for another debate. Today, I am focusing specifically on the activities of internet companies and their role in curtailing our civil liberties.
I, too, join those congratulating my hon. Friend on orchestrating the debate today.
On regulation, specifically, does my hon. Friend think that there is any merit, or viability, in establishing an industry-wide data security mark of some sort? Is there not a clear commercial incentive for companies such as Google to ensure that they get this right, and to satisfy the general public that they are getting it right? What about a kitemark or some such security apparatus, which would allow the public to see the quality or otherwise of companies such as Google and their security infrastructure? Would my hon. Friend support something such as that?
My hon. Friend is exactly right. It is that sort of thing that I hope the independent commission of inquiry would consider.
Although internet companies are global, nothing would stop the Government from fining their operations in the UK.
I stand before the Chamber known as Robert Halfon. However, if I took the advice of the Google chief executive, Eric Schmidt, I might have changed my name by now. In August, Mr Schmidt suggested that people might have to change their names in order to wipe their personal histories as captured on the internet. His vision for Google is not just to monitor people, but to predict their behaviour. He has said that
“most people don’t want Google to answer their questions. They want Google to tell them what they should be doing next”.
In the future, Google will
“know…who you are…what you care about…who your friends are”.
Mr Schmidt also said:
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
Therein lies the problem we have been discussing today. It is the nub of the whole subject. For Mr Schmidt and his company, Google, the burden of taking defensive action because of activity by internet companies lies on the individual. In fact, in my view and that of many others, it should be the opposite.
On that very point, would my hon. Friend not accept that it is almost impossible for the individual to take action? We saw that in particular, for example, in 2007, in the what I would call illegal trials by BT of the system of Phorm to identify internet users’ advertising preferences, so that they can be targeted. The individual cannot protect him or herself.
In some ways my hon. Friend is right, but that is why we should have an independent commission and a Bill of Rights, because they would help. We will never be able to stop everything, but we would have some right of redress. It should be up to the internet companies to respect the rights of the individual, not the other way around.
I am calling for an internet Rill of Rights, a proper inquiry and an Information Commissioner who genuinely acts to safeguard our liberties. I hope that hon. Members and the Government will be able to support that.
I should like to touch on the point about securing networks. To use an analogy, does my hon. Friend agree that, if someone leaves their window open and a burglar comes into their house, it is not the home owner but the burglar who is at fault? If it is being suggested that we should have to block our wi-fi and have special security—whatever that may be—that is, in essence, putting the responsibility on the individual, rather than on the “burglar” in the first place.
Things are not ideal—we live in an imperfect world—but the fact is that people need to be aware that it is possible to lock their wi-fi routers, and they should be encouraged to choose that option. To continue with that very point, the data capture by Google could have been avoided if everyone in the country locked their wireless routers, thereby encrypting their data. But not everyone is aware that it is possible to lock their routers and many businesses, such as the pubs and coffee shops that I mentioned earlier, offer unlocked wi-fi as a service to their customers. We do not encrypt our telephone calls or our post, but we still have a legitimate expectation that others are not prying into them, and indeed doing so is a criminal offence.
Google’s wi-fi intrusion has been brought to the attention of the Information Commissioner’s Office, as we heard earlier. However, the ICO only sent two non-technical staff to Google’s headquarters, which is the heart of what is perhaps the world’s most technologically advanced company. Those non-technical staff then looked at only a small sample of data taken from what Google chose to show them and promptly issued a press release that effectively cleared the company of any wrongdoing, in the middle of a formal police investigation into Google’s actions.
I question whether the regulator acted appropriately in this instance. The ICO now effectively refuses to investigate Google, while its counterparts in countries such as New Zealand, Australia, Canada, Germany, France, the Czech Republic and Italy all pursue the company on the issue of privacy, and the authorities in South Korea physically raided Google’s offices in the country. In addition, 38 US states have united to probe the company’s behaviour and a thumping class action has also been issued in America.
In Britain alone, the relevant commissioner has not taken the severity of the company’s wrongdoing seriously enough. The ICO has really let the British people down in that regard. We deserve better from those who are given the responsibility of protecting our privacy. After all, the Metropolitan police are currently investigating Google over this issue. If the allegations against Google merit an investigation by the police, who have to consider the criminal standard of fault, how is it plausible to say that those allegations do not merit an investigation by the ICO? I also question how sensible it is for the regulator to issue a press release when a Metropolitan police investigation is still under way.
To be fair, Google is hardly the only offender in privacy terms. Other hon. Members have mentioned sites such as Facebook, which I personally use avidly to communicate with more than 1,000 of my constituents. More generally, all the social networking media have privacy issues, but of all the providers and organisations working online, Google is the only one that I know of that has roamed the streets, taking data from the airwaves. That puts them in a special category.
Apart from the seizing of data by Google cars for Street View, like most companies in the online space, Google can generally defend its products when challenged about privacy or intrusiveness by pointing to the implied or explicit consent of users to surrender or generate data that will be retained by the company. However, that does not apply to Street View images, which are of homes whose owners have not consented to having such images shared and of members of the public who have not consented to having their bodies displayed.
In conclusion, this is perhaps the largest invasion of privacy ever to happen in the private sector in the UK. Moreover, it appears that it was only halted after the company involved got caught. So I am pleased that we have been able to debate these issues fully in Westminster Hall today, and once again I congratulate my hon. Friend on securing this important debate.
That is helpful. We need to consider the position concerning regulation on the issue. I will come to that later in my remarks.
It might be helpful to refer back to the present position as far as I understand it. It is a complex area, so I might get some things wrong. The Data Protection Act 1998 established principles for the retention of personal data, and the Information Commissioner has had a role in supervising those principles generally. The Information Commissioner has been referred to several times. I certainly agree that he needs to push the boundaries of his powers in protecting the individual’s rights, and I do not think that that has happened sufficiently in the past.
In respect of private marketing, the Privacy and Electronic Communications (EC Directive) Regulations 2003 focused on the sending of unsolicited marketing messages by e-mail, and consultation on the further development of regulations in that area is taking place. The history of regulation is a consistent race between technological development and legislation. One example is the Data Retention (EC Directive) Regulations 2009, which included internet activity in the communications data to be retained for a year by communications providers. All those regulations should be viewed against the backcloth of the Human Rights Act 1998 and its attempt to balance privacy and freedom of speech. Recent developments in the common law on privacy add to the mix, making the legal position even more complex.
It has been said in this debate that in some respects, the United Kingdom has been slower to act on such issues. I believe that part of the reason is that the English legal system does not have the same common law right to privacy that many other countries do. For example, France and Germany have laws specifically to protect individuals from invasions of privacy. I think that most people are surprised by the limitations on enforcement of privacy rights within the UK. The tools that exist in common law are very limited.
We have a difficult balancing act when trying to take matters forward. I was the Minister for Business and Regulatory Reform before the general election and, although it may come as a surprise to some Members here, I always adopt the principle that one should regulate as a last resort, only in pursuit of a particular policy end and where other options are not available. My first reaction to proposals to reform the legislative or regulatory framework is to ask whether we can use some form of self-regulation. I think that we all accept that it is a difficult problem that we need to confront. Can we do so through self-regulation within the industry? Self-regulation would have some advantages. The problem is not, of course, confined to the United Kingdom.
I thank the hon. Gentleman for his thoughtful opening remarks. On the voluntary side of things, that is exactly what I argued. I suggested that we should have a code, in the same way that the British Medical Association has a code for doctors, lawyers have a code and so on. That should be the first course of action, rather than the immediate implementation of state action.
We should certainly consider that approach. However, I was going to conclude that I do not think that it will be sufficient; I think that some other Members have also taken that view. Self-regulation in media organisations has not had a happy time recently in the United Kingdom. The Press Complaints Commission comes immediately to mind; it has failed badly in the News of the World inquiry and case. I am suspicious of over-mighty international media organisations. What happened in that context—there was a regulator and a voluntary regulatory system—could certainly recur in the case of an organisation such as Google, for example, about which we have heard a lot in this debate. Google is a powerful, rich and monopolistic organisation. What happens in a self-regulatory system where the powerful, over-mighty subject ignores the regulator?
It is a pleasure to serve under your chairmanship this afternoon, Mr Weir. I was going to begin by saying that today’s debate was no time for clichés but that I felt the hand of history on my shoulder, because I was under the impression that this was the first Backbench Business Committee debate. In fact, it is the first such debate in Westminster Hall—there have, of course, been three previous Backbench Business Committee debates in the Chamber.
However, I will stick with the cliché that the hand of history is on my shoulder as I congratulate my hon. Friend the Member for Harlow (Robert Halfon) on initiating this important debate, because I think it is one of the few times that Parliament has debated properly this important aspect of the internet—that is, how it affects people’s privacy. I suspect that the issue was raised when the Digital Economy Bill was debated at length in the other place—it was debated only briefly in the House of Commons. There have been few, if any, debates on this important issue, which touches almost everyone’s life, or at least those who go online.
Let me begin by setting out a few principles and general thoughts and approaches, before I talk specifically about the Government’s approach to privacy on the internet. On the spectrum of opinion within the coalition, I should say that I am firmly on the civil libertarian wing of the Conservative and Liberal Democrat party. I believe that one of Government’s watchwords should be “Protect individuals’ freedoms.” I campaigned strongly against identity cards, and I believe that the state should not intrude in people’s lives, and should protect the freedoms of individuals when others seek to do so.
I also remain personally concerned about the very serious breaches of people’s privacy on the internet. Many such breaches are unintentional and very few are brokered by internet-based organisations and companies. They are mostly down to the bad behaviour of individuals who would, no doubt, behave badly whether the internet existed or not. A story in The Sun today refers to a lady, Carolyn Owlett, who had her Facebook identity stolen and the serious consequences that had for her. The story is effectively about an unpleasant individual—not Ms Owlett, I hasten to add, but the woman who stole her identity—who used the internet as a tool with which to make someone else’s life a misery. However, that story does not necessarily reflect badly on Facebook. I will come back to the possible remedies for such a situation.
It is important to put the debate in context. We are right to be concerned about the effect of the internet on privacy, but we should also remember that one of the reasons it is having such an impact is that so many of us voluntarily use it. There was a vigorous debate about Facebook’s privacy settings, and that was perfectly legitimate. However, we should remember that the reason Facebook is a big company that knows a lot about many of its users is that almost half the population of this country are members of Facebook, as are more than 500 million people worldwide.
Picking up on the useful intervention of the hon. Member for Falkirk (Eric Joyce) and the illuminating marketing seminar given by my hon. Friend the Member for East Hampshire (Damian Hinds), we should remember that, when it comes to data harvesting, personal data have always been collected by commercial companies to enable them to sell products. I do not have a Tesco clubcard, but those who do are in effect given that card so that Tesco can monitor their spending habits and sell them more products.
I thank my hon. Friend for his opening remarks. Picking up on the credit card issue, when people get credit cards, they receive a clear letter inviting them to tick boxes to say whether they want their data to be passed on to other people. The point of my debate has been to say that, first, the scale of what is happening on the internet is much greater and, secondly, the individual is given no option to tick such a box.
My hon. Friend has raised two very important points that encapsulate the two principles behind the debate, which is unsurprising, given that he secured it. First, the internet is an enormous step change in the collection of personal data. What are the implications of that? Secondly, given that enormous step change, what rights—I use the word advisedly—should consumers have to protect their personal data when they interact with organisations on the internet?
Another general point about internet regulation is that a consistent approach to it is rarely adopted. It is always interesting to see those who want the internet to be regulated and those who do not. The hon. Member for Cambridge (Dr Huppert), who made a useful speech attacking the Digital Economy Act 2010, does not want the internet to be regulated when it comes to combating illegal file sharing, but he does want it regulated when it comes to protecting personal data. He kindly let me know that he would have to leave the debate at 4 o’clock to attend an event that he is hosting. He is very knowledgeable on the subject, and I hope that he will be prepared to share with me—an erstwhile colleague—the findings of the Liberal Democrat policy group on that issue, which will be an extremely useful contribution to the debate.
What my hon. Friend is missing is that it is not just basic things that are being scraped. People’s passwords, user names and e-mail addresses are being passed on to companies without permission, but when people go on to such sites, they are not made aware that that will be done.
That is a separate point. The point I am making is that if companies decide to search the web to see what people are saying about them online, that is a perfectly legitimate exercise, although there may be a different point in respect of their reputation. What my hon. Friend says about the use of people’s data without their knowledge is important, and I will come on to it, but although I now have an hour left to speak, I have been passed a note by my official which says that I need to speak for only 20 minutes. That gives a flavour of how well this speech is being received, at least in official terms.
This is totally different from searching online in case anyone said anything. Companies are going into people’s private accounts. It is exactly the same as someone going into another person’s house without permission to check whether they are doing something. They are going into people’s private accounts, which is different from just a general search.
I thank my hon. Friends and Opposition Members for attending this debate. Their comments have shown a wide depth of knowledge and real concern about the subject. In particular, I thank the hon. Member for Wrexham (Ian Lucas), the Opposition spokesman, for his response, which was far from party political and very thoughtful. I thank the Minister for his reply, and I welcome some of his comments and particularly his decision to have a conversation with the Information Commissioner about future matters if anything like Street View happens again.
There is consensus that we are living in a privatised surveillance society and that no one quite knows what is happening, what internet companies are doing and what our rights are. I differ from the Minister in his view of the Information Commissioner’s Office’s 36-page compact. Its response thus far is more like Sir Humphrey than a shark with teeth, which is what it should be. Our data were taken away by internet companies; the ICO thought that nothing need be done about it; and only when it emerged a few days ago that our e-mails had been taken was it decided to open a new inquiry. The 36-page compact reminds me of the old 100-page constitution of the Soviet Union, which told everyone how free, wonderful and democratic the Soviet Union was. In reality, if there is a 36-page compact, it is certainly not working.
To return to the point that the Minister made about my hon. Friend the Member for Milton Keynes North (Mark Lancaster), it is great that he will hold a meeting to try to stop the problem, but it should not have happened in the first place. The whole point of my argument is that people should have been given a choice in whether their properties were put on Street View. We have not addressed that concern today, although I welcome some of what the Minister said will happen in the European Community and its various directives.
We need an independent commission because, whether we have a compact or not, things are clearly not working. Millions of people, not just in our country but throughout the world, feel deep unease and anxiety at the advance of internet companies and about our individual rights. That commission should be composed of experts, and it should analyse and examine the problem and come up with some solutions. We have a compact, but if that commission summarised those concerns into a Bill of Rights and could work out some sanctions on internet companies, that would be a small step forward.
Question put and agreed to.