Asked by: Tristan Osborne (Labour - Chatham and Aylesford)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps his Department is taking to raise public awareness of the (a) legal and (b) safety implications of using VPNs to bypass online safety measures.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
While there are legitimate reasons for using VPNs, services that deliberately target UK children and promote VPN use to circumvent online safety measures could face enforcement action under the Online Safety Act. Some VPNs may present security or privacy risks, so users are advised to exercise caution when using VPNs.
Government and Ofcom will monitor the impact of potential circumvention techniques on the effectiveness of the Online Safety Act and will consider further options if necessary.
Asked by: Tristan Osborne (Labour - Chatham and Aylesford)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment his Department has made of the risks (a) associated with third-party providers' involvement in (i) age verification and (ii) content moderation systems and (b) of (A) data breaches and (B) misuse of personal information by those providers; and what (1) regulations, (2) oversight procedures and (3) safeguards have been put in place to guarantee the safe (a) handling and (b) storage of the sensitive data of (i) children, (ii) vulnerable users and (iii) other users.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
UK GDPR and the Data Protection Act impose obligations on data controllers – including third-party providers - to process data fairly, lawfully, and transparently.
The OSA also requires all providers to give particular regard to the importance of protecting users’ privacy rights when implementing measures to comply with their new safety duties, including age assurance and any content moderation measures.
The ICO has responsibility for monitoring and enforcing the application of data protection legislation in the UK. It has a range of tough criminal and civil enforcement tools at its disposal, including powers of prosecution and powers to issue substantial monetary penalties for serious breaches of the data protection legislation.
Asked by: Tristan Osborne (Labour - Chatham and Aylesford)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether his Department plans to introduce (a) incentives and (b) funding mechanisms to encourage businesses and public sector organisations to comply with strengthened cybersecurity requirements under the forthcoming Cyber Security and Resilience Bill.
Answered by Feryal Clark
The upcoming Cyber Security and Resilience Bill will strengthen our defences and ensure that more essential and digital services are protected than ever.
The Bill will require regulated entities to take proportionate steps to address vulnerabilities in our digital economy and protect our essential services against cyber attacks. We will work closely with industry, public sector organisations and regulators to support organisations in complying with their new obligations under the Bill.
By safeguarding our nation's essential services and digital infrastructure, we will create a stable environment in which investment and innovation can thrive.
Asked by: Tristan Osborne (Labour - Chatham and Aylesford)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps his Department is taking to ensure that the public sector is adequately protected under the forthcoming Cyber Security and Resilience Bill, and whether he plans to extend regulatory requirements to public sector organisations.
Answered by Feryal Clark
The forthcoming Cyber Security and Resilience Bill will strengthen the UK’s existing cyber regulatory framework (the Network and Information Systems (NIS) Regulations 2018) by protecting more digital and essential services, putting regulators on a stronger footing, and increasing reporting requirements.
The NIS Regulations covers five sectors (transport, energy, drinking water, health, digital infrastructure) and some digital services (online marketplaces, online search engines, cloud computing services). Where a public body delivers these services, such as NHS Trusts, they are in scope of the NIS Regulations.
The Bill will include powers that will enable more services and sectors to be brought into scope of regulation in the future, where this is considered necessary to address emerging risks.