(10 months, 1 week ago)
Lords ChamberThat the draft Regulations laid before the House on 28 November 2023 be approved.
Relevant document: 6th Report from Secondary Legislation Scrutiny Committee. Considered in Grand Committee on 16 January.
(10 months, 1 week ago)
Grand CommitteeThat the Grand Committee do consider the Online Safety (List of Overseas Regulators) Regulations 2024.
Relevant document: 6th Report from the Secondary Legislation Scrutiny Committee
My Lords, these draft regulations were laid before the House on 28 November last year. I am delighted that our ground-breaking online safety legislation is now on the statute book as the Online Safety Act 2023. I am sincerely grateful to noble Lords for their campaigning and collaboration throughout its passage. It is crucial that the Act is fully operational as quickly as possible; the Government are working at pace to deliver on this ambition. The statutory instrument being debated today is one of several that will enable the implementation of the Act by Ofcom.
This statutory instrument concerns Ofcom’s co-operation with and disclosure of information to overseas online safety regulators under Section 114 of the Act. The service providers that are regulated under the Act are global in nature. It is therefore vital that Ofcom can co-operate and share information with its regulatory counterparts in other jurisdictions to support co-ordinated international online safety regulation. In certain circumstances, it may be appropriate for Ofcom to support overseas regulators in carrying out their regulatory functions. For example, it may be beneficial for Ofcom to share information it holds to inform supervisory activity or an investigation being carried out by an overseas regulator. This could support successful enforcement action overseas, which could in turn have direct or indirect benefits for UK users such as preventing malign actors disseminating illegal content on regulated services.
In addition, international collaboration will increase the efficiency of online safety regulation. Ofcom and its international counterparts will be able to gather extensive information about regulated service providers in the carrying out of their functions. In some instances, it is likely to be more efficient for regulators to gather information directly where that information has already been gathered by an overseas regulator. As such, international regulatory co-operation and co-ordination are likely to reduce the regulatory burden on both international regulators and regulated service providers.
It is for these reasons that Section 114 of the Act builds on the existing information gateways available to Ofcom under the Communications Act 2003 by permitting Ofcom to co-operate with an overseas regulator for specified purposes. This includes powers to disclose online safety information to a regulator, either for the purposes of facilitating the overseas regulator in exercising its online regulatory functions or for criminal investigations or proceedings related to the overseas regulator’s online regulatory functions. In the absence of Section 114, Ofcom could not share information for these specified purposes under the existing information gateway under the Communications Act 2003. Under Section 1(3) of the Communications Act, Ofcom can share information only for the purpose of carrying out its functions, subject to the general restrictions on the disclosure of information under Section 393 of that Act.
Subject to your Lordships’ approval, this statutory instrument designates the overseas regulators that Ofcom can co-operate and share information with under Section 114 of the Online Safety Act as follows: Arcom in France; the Netherlands Authority for Consumers and Markets; the Federal Network Agency in Germany; the Media Commission in Ireland; the eSafety Commissioner in Australia; and the European Commission. The department consulted with Ofcom, and carefully considered its operational needs and existing relationships, when compiling the list of the overseas regulators to be specified. This will mean that the designated regulators are those with which Ofcom will be able to share information in an efficient and mutually beneficial manner. It is important to note that Ofcom would retain discretion over whether to co-operate and share information with the overseas regulators specified.
In order to ensure that any information sharing is proportionate, we have also considered whether the overseas regulator is a designated regulator of a bespoke online safety regulatory framework. Ensuring the protection of fundamental freedoms online has also been a key consideration. As such, we have considered whether the regulator’s autonomy is protected in law and whether the overseas regulator, as well as the jurisdiction that empowers it, upholds international human rights.
It is important to recognise that Ofcom is experienced in handling confidential and sensitive information obtained from the services it regulates and that there are strong legislative safeguards and limitations on the disclosure of such material. Overseas regulators receiving any information from Ofcom may use it only for the purpose for which it was disclosed. They may not use it for another purpose, or further disclose it, without express permission from Ofcom or unless ordered by a court or tribunal. Further to this, Ofcom must comply with UK data protection law and would need to show that the processing of any personal data was necessary for a lawful purpose. As a public body, Ofcom is also required to act compatibly with the Article 8 right to privacy under the European Convention on Human Rights.
We will continue to review this list of designated regulators, particularly as new online safety regimes are developed and operationalised around the world. I would like to open this matter for debate.
My Lords, I join the noble Lord, Lord Clement-Jones, in welcoming this SI, and I thank the Minister for his kind comments about the work that went into the Bill. I share with him our pleasure that it is now in force and up and running; this instrument is proof positive that it is indeed so. Like the noble Lord, Lord Clement-Jones, I have many questions about what is happening, but certainly no objections to what is proposed.
The helpful Explanatory Memorandum explains that the context for this instrument is
“the global nature of service providers”
and how they operate. In that sense, I recognise that there are some gaps as regards the areas from where difficulties and troubles might come. For instance, Poland and parts of the eastern European bloc are thought to be centres from which emanate quite a lot of damage and a certain amount of material that is almost certainly illegal, yet I see no reference to any organisation—maybe there is none—that might be able to help Ofcom explore what is happening there. I am also concerned about Canada, because it hosts the biggest—I think—pornography company in the world. Again, I would have thought it would be helpful to Ofcom to be able to contact a collaborative organisation in Canada to work with, but I do not see one in the list.
That leads me on to another, related point. There is, and has been for some time, a network of likeminded organisations with which Ofcom has worked well in the past. There is a list of them on its website. Not all of them are in the Government’s proposals before us, and I wonder whether that in any way reflects a clash of views by the Government. Perhaps the Minster will comment on why we do not see Korea or South Africa, for instance. I would have thought that at least those with which Ofcom has a good working relationship at the moment should have been close to appointment. Perhaps there is some sort of competition there or element that I am not aware of. Any light that could be shed on that would be helpful.
Paragraph 7.5 of the Explanatory Memorandum attached to the SI very helpfully specifies that these regulations have certain minimum standards by which they are judged—a point picked up by the noble Lord, Lord Clement-Jones. I felt they were very appropriate to the ones that the Minister mentioned, including the bespoke regulatory framework itself,
“whether its autonomy is protected in law; and whether the … jurisdiction that empowers them, upholds international human rights”.
These are all good things, and I am pleased to see them mentioned in the Explanatory Memorandum and referenced in his speech.
That raises the question: what happens if any of these organisations depart from these standards? Will another procedure or SI be required to remove them from the list, or would they just cease to be part of the group with which Ofcom discusses things? It would be helpful to have on the record some idea of what the procedure would be if that were required.
My last two points are relatively small. There is a hint that more regulators will be considered and brought forward. That is good; I think we are all in favour of more places, since, as has been said, this is a global issue. What is the timing of that, roughly? Perhaps we could have some speculative ideas about it.
Finally, as the noble Lord, Lord Clement-Jones, pointed out, this is the first of many SIs coming forward for consideration by the House. In Committee on the Bill, we discussed at length how Parliament could be involved. This SI is probably not a very good example of that, but in the codes of practice considerable work will be required by Parliament to make sure that the affirmative resolutions are properly researched and discussed.
The proposal we made, which was accepted by the noble Viscount’s colleague, the noble Lord, Lord Parkinson, was the Parkinson rule: that the statutory instruments would, in fact, be offered to the standing committees. I do not think that would have been necessary for this instrument; I just wonder whether that is still in progress and whether it is the Government’s intention to honour the idea announced at the Dispatch Box that the legwork for many of the substantial SIs that will come forward could be done with advantage by the committees, which would inform the debates required in both Houses before these instruments can be approved. I look forward to hearing from the noble Viscount whether that is likely to happen.
As ever, I thank noble Lords for their valuable contributions to this debate. Needless to say, it is vital that we recognise the global nature of regulated service providers under the Online Safety Act. This SI will ensure that Ofcom can co-operate and share online safety information with specified overseas regulators where appropriate.
As set out, we will review on an ongoing basis whether it is desirable and appropriate to add further overseas regulators to the list. That is an ongoing activity. I anticipate that, as more and more jurisdictions enter the online safety regulation business, we will see an acceleration of the rate at which they can join on the lines we have set out.
I will now respond to some of the specific questions raised in the debate. The noble Lord, Lord Clement-Jones, asked about the types of information that Ofcom might share using this mechanism. The Government anticipate Ofcom being able to share information and co-operate with other regulators, which will lead to international regulatory co-operation, which is likely to reduce the regulatory burden on Ofcom, as well as international counterparts—for example, in relation to duties that are quite similar between regulators, such as duties to deal with illegal content. I anticipate that being a particular focus of their co-operative activities.
Positive benefits may also result from Ofcom supporting overseas regulators in carrying out their online safety regulatory functions and co-operating with relevant criminal investigations or proceedings. That co-operation might address a source of harm for UK users—for example, preventing malign actors disseminating suicide and self-harm content on regulated services.
Regarding the scale of the exchange, Ofcom itself would have discretion as to the scale of the information sharing that takes place through these provisions. However, it is likely to be beneficial to both Ofcom and its regulatory counterparts to engage in information exchange of this nature.
On the question from the noble Lord, Lord Stevenson, on why certain regulators have not been added, we will of course work closely with Ofcom and other stakeholders. He raised a number of interesting examples that would have been quite tempting to add to the list of criteria applied by us, which we, along with Ofcom, produced for the time being but on an ongoing basis. The intention is to review that to add other regulators that can add value in this way.
My Lords, the Minister raised a very interesting point. He said “criteria”; I do not think we have quite heard what those criteria are. That would be very interesting so that we can gauge for the future whether the possibilities that the noble Lord, Lord Stevenson, raised are real possibilities.
Indeed. Perhaps noble Lords will forgive me if I restate “criteria” as “factors considered”, because they are less algorithmic in that sense. Those factors considered would have been an existing relationship or ways of working together; bespoke online safety laws with a bespoke online safety regulator designated to those laws; regulatory autonomy, as I said; and, of course, a regulator within a jurisdiction committed to upholding human rights laws. I should add that the precise nature of any co-operation with any of the regulators on the list remains the decision of Ofcom and not the Government.
To address the question from the noble Lord, Lord Stevenson of Balmacara, about whether further statutory instruments will be required to remove overseas regulators from the list, I can confirm that this is the case. I hope that noble Lords agree with me on the importance of implementing the Online Safety Act as swiftly as possible. Therefore, I commend these regulations to the Committee.
Can I press the Minister on the point I made at the end? Will the generic approach to SIs in future be that they are offered to the standing and Select Committees of the two Houses before they are brought forward for consideration?
I will commit to going away and thinking about that one, because I feel that is a broader question about parliamentary oversight of regulation in general—if I have understood right.
It certainly can be taken that way, but actually it was a rather narrow question. His colleague, the noble Lord, Lord Parkinson, gave a statement at the Dispatch Box that the Government would use their maximum efforts to ensure that the two Select Committees—the DSIT Select Committee in the Commons and the Communications and Digital Committee in the Lords—would have the chance to look at draft SIs before they came forward. It is certainly more work, and we do not want that, but it would make it much easier for the Houses to be able to respond positively and accurately as they go forward.
I apologise to the noble Lord; I misunderstood. I very much see the value of this and will strain my sinews to deliver just that. Meanwhile, I commend these regulations to the Committee.
My Lords, before the Minister finally sits down, I want to put to him a very interesting question raised by my noble friend, who the Minister knows is extremely expert on these matters. Is this purely regulators for sovereign Governments or is there flexibility so that, for instance, a US state such as California, which has a particularly powerful governance regime and a strong regulator—it hits the criteria the Minister stated, other than being a sovereign country—could possibly be added to the list under these powers?
I think we would continue to entertain the possibility. That is why I slightly withdrew from the word “criteria” and went to “factors under consideration”—so that we would have the ability to adapt to such opportunities as might arise.
(11 months, 1 week ago)
Lords ChamberMy Lords, in a time of rapid technological change, we need people to trust in how we can use data for greater good. By building understanding and confidence in the rules surrounding how we use data, we can unlock its real potential, not only for businesses but for people going about their everyday lives.
In 2018 Parliament passed the Data Protection Act, which was the UK’s implementation of the EU general data protection regulation. While the EU GDPR protected the privacy rights of individuals, there were unintended consequences. It resulted in high costs and a disproportionate compliance burden for small businesses. These reforms deliver on the Government’s promise to use the opportunity afforded to us by leaving the European Union to create a new and improved UK data rights regime.
The Bill has five parts that deliver on individual elements of these reforms. Part 1 updates and simplifies the UK GDPR and DPA 2018 to ease compliance burdens on businesses and introduce safeguards from new technologies. It also updates the similar regimes that apply to law enforcement agencies and intelligence services. Part 2 enables DSIT’s digital verification services policy, giving people secure options to prove their identity digitally across different sectors of the economy if they choose to do so. Part 3 establishes a framework to set up smart data schemes across the economy. Part 4 reforms the privacy and electronic communications regulations—PECR—to bring stronger protection for consumers against nuisance calls. It also contains reforms to ensure the better use of data in health and adult social care, law enforcement and security. Part 5 will modernise the Information Commissioner’s Office by making sure that it has the capabilities and the powers to tackle organisations that breach data rules, giving the ICO freedom to better allocate its resources and ensuring that it is more accountable to Parliament and to the public.
I stress that the Bill will continue to maintain the highest standards of data protection that people rightly expect. It will also help those who use our data to make our lives healthier, safer and more prosperous. That is because we have convened industry leaders and experts to codesign the Bill with us throughout its creation. This legislation will ensure that our regulation reflects the way in which real people live their lives and run their businesses.
On Report in the other place, we tabled a number of amendments to strengthen the fundamental elements of the Bill and to reflect the Government’s commitment to unleash the power of data across our economy and society. I take this opportunity to thank Members of Parliament and the numerous external stakeholders who have worked with us to ensure that the Bill functions at its absolute best. Taken together, these amendments will benefit the economy by £10.6 billion over 10 years. This is more than double the estimated impact of the Bill when introduced in the spring.
These reforms are expected to lower the compliance burden on businesses. We expect small and micro-businesses to achieve greater overall compliance cost savings than larger business. We expect these compliance cost savings for small and micro-business compliance to be approximately £90 million a year as a result of the domestic data protection policies in the Bill.
The Bill makes it clear that the amount that any organisation needs to do to comply and demonstrate compliance should be directly related to the risk its processing activities pose to individuals. That means that in the future, organisations will have to keep records of their processing activities, undertake risk assessments and designate senior responsible individuals to manage data protection risks only if their processing activities are likely to pose high risks to individuals. We are also removing the need for organisations to do detailed legitimate interest assessments and document the outcomes when their activities are clearly in the public interest—for example, when they are reporting child safeguarding concerns. This will help reduce the amount of privacy paperwork and allow businesses to invest time and resources elsewhere.
Let me make this absolutely clear: enabling more effective use of data and ensuring high data protection standards are not contradictory objectives. Businesses need to understand and to trust in our data protection rules, and that is what these measures are designed to achieve. At the same time, people across the UK need to fundamentally trust that the system works for them too. We know that lots of organisations already have good processes for how they deal with data protection complaints, and it is right that we strengthen this. By making these a requirement, the Bill helps data subjects exercise their rights and directly challenge organisations they believe are misusing their data.
We already have a world-leading independent regulator, the Information Commissioner’s Office. It is only right that we continue to provide the ICO with the tools it needs to keep pace with our dramatically changing tech landscape. The ICO needs to keep our personal data safe while ensuring that it remains accountable, flexible and fit for the modern world. We are modernising the structure and objectives of the Information Commissioner’s Office. Under this legislation, protecting our personal data will remain the ICO’s primary focus, but it will also need to consider how it can empower businesses and organisations to drive growth and innovation across the UK and support public trust and confidence in the use of personal data. We must ensure that our world-leading regulator is equipped to tackle the biggest and most important threats and data breaches, protecting individuals from the highest harm. The Bill means that the ICO can take a more proportionate approach to how it gets involved in individual disputes, not having to do so too early in the process before people have had a chance to resolve things sensibly themselves, while still being the ultimate guardian of data subjects’ rights.
The Bill will create a modern ICO that can tackle the modern, more sophisticated challenges of today and support businesses across the UK to make safe, effective use of data to grow and to innovate. It will also unlock the potential of transformative technologies by making sure that organisations know when they can use responsible automated decision-making and that people know when they can request human intervention where these decisions impact their lives.
Alongside this, there are billions of pounds to be seized in the booming global data-driven trade. With the new international transfers regime, we are clarifying our regime for building data bridges to secure the close, free and safe exchange of data with trusted allies. Alongside new data bridges, the Secretary of State will be able to recognise new transfer mechanisms for businesses to protect international transfers. Businesses will still be able to transfer data across borders with the compliant mechanisms they already use, avoiding needless checks and costs.
The Bill will allow people to control more of their data. It will support smart data schemes that empower consumers and small businesses to make better use of their own data, building on the extraordinary success of open banking, where consumers and businesses access innovative services to manage their finances and spending, track their carbon footprint or access credit. Open banking is already estimated to have the potential to bring in £12 billion each year for consumers and £6 billion for small businesses, as well as boosting innovation in our world-leading fintech industry. With this Bill, we can extend the same benefits for consumers and business across the economy.
Another way the Bill ensures that people have control of their own data is by making it easier and more secure for people to prove things about themselves. Digital identities will help those who choose to use them to prove their identity electronically rather than always having to dig out stacks of physical documents such as passports, bills, statements and birth certificates. Digital verification services are already in existence and we want to put them on a secure and trusted footing, giving people more choice and confidence as they navigate everyday tasks, and saving businesses time and money.
The Bill supports the growing demand, domestic and global, for secure and trusted electronic transactions such as qualified electronic signatures. It also makes provision for the preservation of important data for coronial investigations in the event of a child taking their own life. Any death of a child is a tragedy, and the Government have the utmost sympathy for families affected by this tragic issue. I recognise, and I share, the strong feelings on this issue expressed by noble Lords on this matter and during the passage of the Online Safety Act.
The new provision requires Ofcom, following notification from a coroner, to issue data preservation notices requiring relevant tech companies to hold data that they may have relating to a deceased child’s use of online services in circumstances where the coroner suspects that the child has taken their own life. This greatly strengthens Ofcom’s and a coroner’s ability to access data from online services and provides them with the tools they need to carry out their job. It will include, for example, if a child had taken their own life after interacting with self-harm or other harmful content online, or if they suspect that a child may have been subjected to coercion, online bullying or harassment. It would also include cases where a child has done an intentional act that has caused their death but where they may not have intended to die, such as the tragic circumstances where a child dies accidentally when attempting to recreate an online challenge.
The new provisions do not cover children’s deaths caused by homicide, because the police already have extensive investigative powers in this context. These were strengthened last year by the entry into force of the UK-US data access agreement, which enables law enforcement to directly access content of communications held by US-based companies for the purpose of preventing, detecting, investigating and prosecuting serious crimes, such as murder and child sexual abuse and exploitation.
The families who have been courageously campaigning after their children were tragically murdered did not have access to this agreement because it entered into force only last October. To date, 10,000 requests for data have been made under it. However, we understand their concerns, and the Secretary of State, along with Justice Ministers, will work with noble Lords ahead of Committee and carefully listen to their arguments on potential amendments. We absolutely recognise the need to give families the answers they need and to ensure that there is no gap in the law.
Some aspects of the GDPR are very complex, causing uncertainty around how it applies and hampering private and public bodies’ ability to use data as dynamically as they could. The Bill will help scientists make the most of data by ensuring that they can be reused for other related studies. This is achieved by removing burdensome requirements for scientific researchers, so that they can dedicate more time to focus on what they do best. The Bill will also simplify the legal requirements around research and bring legal clarity. This is achieved by transposing definitions of scientific, historical and statistical-purposes research into the operative text.
The Bill will improve the way that the NHS and adult social care organise data to deliver crucial health services in England. It will also improve the efficiency of data protection for law enforcement and national security partners, encouraging better use of personal data to help protect the public. The Bill will save up to 1.5 million hours of police time each year.
The Bill will also allow us to take further steps to safeguard our national security, by addressing risks from hostile agents seeking to access our data or damage our data infrastructure. It will allow the DWP to protect taxpayers’ money from falling into the hands of fraudsters, as part of the DWP’s biggest reform to fraud legislation in 20 years. We know that, over this last year, overpayments to capital fraud and error in universal credit alone were almost £900 million. It is time to modernise and strengthen the DWP’s legislative framework to ensure that it gives those fighting fraud and error the tools that they need and so that it stands up to future challenges.
Through the Bill we are revolutionising the way we install, maintain, operate and repair pipes and cables buried beneath the ground. I am sure we have all, knowingly or not, been impacted by one of the 60,000 accidental strikes on an underground pipe or cable that happen every year. The national underground asset register—NUAR—is a brand new digital map that gives planners and excavators secure and instant access to the data they need, when they need it. This means not only that the safety and lives of workers will no longer be at risk but that NUAR will underpin the Government’s priority to get the economy growing, expediting projects such as new roads, new houses and broadband rollout.
The Bill gives the people using data to improve our lives the certainty that they need. It maintains high standards for protecting people’s privacy, while seeking to maintain the EU’s adequacy decisions for the UK. The Bill is a hugely important piece of legislation and I thank noble Lords across the House for their involvement in and support for the Bill so far. I look forward to hearing their views today and throughout the rest of the Bill’s passage. I beg to move.
My Lords, I sincerely thank all of today’s speakers for their powerful and learned contributions to a fascinating and productive debate. I very much welcome the engagement in this legislation that has been shown from across the House and such a clear setting out, at this early stage, of the important issues and caveats.
As I said, the Bill reflects the extensive process of consultation that the Government have undertaken, with almost 3,000 responses to the document Data: A New Direction, and the support it enjoys from both the ICO and industry groups. The debate in which we have engaged is a demonstration of noble Lords’ desire to ensure that our data protection regime evolves and works more effectively, while maintaining the highest standards of data protection for all.
I will respond to as many of the questions and points raised as I can. I hope noble Lords will forgive me if, in the interests of time and clarity, I do not name every noble Lord who spoke to every issue. A number of noble Lords expressed the wish that the Government remain open to any and all conversations. Should I inadvertently fail to address any problem satisfactorily, I affirm that I am very willing to engage with all noble Lords throughout the Bill’s passage, recognising its importance and, as the noble Lord, Lord Bassam, said, the opportunity it presents to do great good.
Many noble Lords raised concerns that the Bill does not go far enough to protect personal data rights. This is certainly not our intent. The fundamental data protection principles set out in the UK GDPR—as my noble friend Lord Kirkhope pointed out, they include lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, security and accountability—remain at the heart of the UK’s data protection regime. Certain kinds of data, such as health data, remain special categories to which extra protections rightly apply. Changes such as requiring a senior responsible individual, rather than a data protection officer, mean that organisations still need to be accountable for how they process personal data but will have more flexibility about how they manage the data protection risks within their organisations.
On other specific points raised on the data protection framework, I agree that the right of access is key to ensuring transparency in data processing. The proposals do not restrict the right of access for reasonable requests for information and keep reasonable requests free of charge. On the creation of the new recognised legitimate interests lawful grounds, evidence from our consultation indicated that some organisations worried about getting the balancing test wrong, while others said that the need to document the outcome of their assessment could slow down important processing activities.
To promote responsible data sharing in relation to a limited number of public interest tasks, the Bill acknowledges the importance of these activities, which include safeguarding, crime prevention and national security, responding to emergencies and democratic engagement, but data controllers should not be required to do a case-by-case balancing test.
On cookies, the Bill will allow the Secretary of State to remove the need for data controllers to seek consent for other purposes in future, when the appropriate technologies to do so are readily available. The aim is to offer the user a clear, meaningful choice that can be made once and respected throughout their use of the internet. However, before any such powers are used, we will consult further to make sure that people are more effectively enabled to use different technology to set their online preferences.
On democratic engagement, extending the exemption allows a limited number of individuals, such as elected representatives and referendum campaigners, to process political opinions data without consent where this is necessary for their political activities. In a healthy democracy, it is not just registered political parties that may need to process political opinions data, and these amendments reflect that reality. This amendment does not remove existing rights. If people do not want their data processed for these purposes, they can ask the controller to stop doing so at any time. Before laying any regulations under this clause, the Government would need to consult the Information Commissioner and other interested parties, as well as gaining parliamentary approval.
I turn now to concerns raised by many about the independence of the regulator, the Information Commissioner. The ICO remains an independent regulator, accountable to Parliament, not the Government, in its delivery of data protection regulation. The Bill ensures it has the powers it needs to remain the guardian of people’s personal data. It can and does produce guidance on what it deems necessary. The Government welcome this and will work closely with it ahead of and throughout the implementation of this legislation.
New powers will also help to ensure that the Information Commissioner is able to access the evidence he needs to inform investigations and has the time needed to discover and respond to representations. This will result in more informed investigations and better outcomes. The commissioner will be able to require individuals to attend interviews only if he suspects that an organisation has failed to comply with or has committed an offence under data protection legislation. This power is based on existing comparable powers for the Financial Conduct Authority and the Competition and Markets Authority. A person is not required to answer a question if it would breach legal professional privilege or reveal evidence of an offence.
As the noble Lord, Lord Clement-Jones, pointed out, EU adequacy was mentioned by almost everybody, and concerns were raised that the Bill would impact our adequacy agreement with the EU. The Government believe that our reforms are compatible with maintaining our data adequacy decisions from the EU. While the Bill removes the more prescriptive elements of the GDPR, the UK will maintain its high standards of data protection and continue to have one of the closest regimes to the EU in the world after our reform. The test for EU adequacy set out by the Court of Justice of the European Union in the cases relating to UK adequacy decisions requires essential equivalence to the level of protection under the GDPR. It does not require a third country to have exactly the same rules as the EU in order to be considered inadequate. Indeed, 14 countries have EU adequacy, including Japan, New Zealand and Canada. All of these nations pursue independent and often more divergent approaches to data protection.
Regarding our national security practices, in 2020 and 2021, the European Commission carried out a thorough assessment of the UK’s legislation and regulatory framework for personal data, including access by public authorities for national security purposes. It assessed that the UK provides an adequate level of data protection. We maintain an ongoing dialogue with the EU and have a positive, constructive relationship. We will continue to engage regularly with the EU to ensure our reforms are understood.
A great many noble Lords rightly commented on AI regulation, or the lack of it, in the Bill. Existing data protection legislation—the UK GDPR and the Data Protection Act 2018—regulate the development of AI systems and other technologies to the extent that there is personal data involved. This means that the ICO will continue to play an important role in applying the AI principles as they relate to matters of privacy and data protection. The Government’s view is that it would not be effective to regulate the use of AI in this context solely through the lens of data protection.
Article 22 of the UK GDPR is currently the primary piece of UK law setting out the requirements related to automated decision-making, and this Bill sets out the rights that data subjects have to be informed about significant decisions that are taken about them through solely automated means, to seek human review of those decisions and to have them corrected. This type of activity is, of course, increasingly AI-driven, and so it is important to align these reforms with the UK’s wider approach to AI governance that has been published in the White Paper developed by the Office for Artificial Intelligence. This includes ensuring terms such as “meaningful human involvement” remain up to date and relevant, and the Bill includes regulation-making powers to that effect. The White Paper on the regulation of AI commits to a principles-based approach that supports innovation, and we are considering how the framework will apply to the various actors in the AI development and deployment life cycle, with a particular focus on foundation models. We are analysing the views we heard during the White Paper consultation. We will publish a response imminently, and we do not want to get ahead of that process at this point.
I turn to the protection of children. Once again, I thank noble Lords across the House for their powerful comments on the importance of protecting children’s data, including in particular the noble Baroness, Lady Kidron. On the very serious issue of data preservation orders, the Government continue to make it clear—both in public, at the Dispatch Box, and in private discussions—that we are firmly on the side of the bereaved parents. We consider that we have acted in good faith, and we all want the same outcomes for these families struck by tragedy. We are focused on ensuring that no parent is put through the same ordeal as these families in the future.
I recognise the need to give families the answers they require and to ensure there is no gap in the law. Giving families the answers they need remains the Government’s motivation for the amendment in the other place; it is the reason we will ensure that the amendment is comprehensive and is viewed as such by the families. I reassure the House that the Government have heard and understand the concerns raised on this issue, and that is why the Secretary of State, along with Justice Ministers, will work with noble Lords ahead of Committee and carefully listen to their arguments on potential amendments.
I also hear the concerns of the right reverend Prelate the Bishop of St Albans, the noble Lord, Lord Vaux, and the noble Baroness, Lady Young, on surveillance, police powers and police access to data. Abolishing the Surveillance Camera Commissioner will not reduce data protection. The role overlaps with other oversight bodies, which is inefficient and confusing for police and the public. The Bill addresses the duplication, which means that the ICO will continue to regulate data processing across all sectors, including policing. The aim is to improve effective independent oversight, which is key to public confidence. Simplification through consolidation improves consistency and guidance on oversight, makes the most of the available expertise, improves organisational resilience, and ends confusing and inefficient duplication.
The Government also have a responsibility to safeguard national security. The reports into events such as the Manchester Arena and Fishmongers’ Hall terrorist incidents have clearly noted that better joined-up working between the intelligence services and law enforcement supports that responsibility. This is why the Bill creates the power for designation notices to be issued, enabling joint controllerships between the intelligence services and law enforcement. The Secretary of State must consider the processing contained in the notice to be required for the purpose of safeguarding national security to grant it. This mirrors the high threshold for interference with the right to privacy under Article 8 of the Human Rights Act, which requires that such interference be in accordance with the law and necessary in a democratic society.
Concerns were raised by, among others, the noble Baronesses, Lady Young and Lady Bennett, and the noble Lords, Lord Sikka and Lord Bassam, on the proportionality of the measure helping the Government to tackle both fraud and error. Despite taking positive steps to reduce these losses, the DWP remains reliant on powers derived from legislation that is in part over 20 years old. The DWP published the fraud plan in May 2022. It set out clearly a number of new powers that it would seek to secure when parliamentary time allowed. Tackling fraud and error in the DWP is a priority for the Government but parliamentary time is tight. In the time available, the DWP has prioritised our key third-party data-gathering measure which will help to tackle one of the largest causes of fraud and error in the welfare system. We remain committed to delivering all the legislation outlined in the DWP’s fraud plan when parliamentary time allows.
To develop and test these new proposals, the DWP has been working closely with the industry, which recognises the importance of modernising and strengthening these powers to enable us to better detect fraud and error in the benefit system. This includes collaboration on the practical design, implementation and delivery of this measure, including establishing a working group with banks and the financial industry. The DWP has also regularly engaged with UK finance as well as individual banks, building societies and fintechs during the development of this measure, and continues to do so. It is of course important that where personal data is involved there are appropriate checks and balances. Organisations have a right to appeal against the requirement to comply with a data notice issued by the DWP.
Through our appeal process, the Government would first seek to resolve all disputes by DWP internal review. If this failed, the appeal would be referred to the First-tier Tax Tribunal, as currently is used in similar circumstances by HMRC. The third-party data-gathering powers that the DWP is taking are only broad to the extent that this ensures that they can be future-proofed. This is because the nature of fraud has changed significantly in recent years and continues to change significantly. The current powers that the DWP has are not sufficient to tackle the new kinds of fraud that we are now seeing in the welfare system. We are including all benefits to ensure that benefits such as state pension retain low rates of fraud. The DWP will of course want to focus this measure on addressing areas with a significant fraud or error challenge. The DWP has set out in its fraud plan how it plans to focus the new powers, which in the first instance will be on fraud in universal credit.
I thank noble Lords, particularly the noble Lord, Lord Vaux, for the attention paid to the department’s impact assessment, which sets out the details of this measure and all the others in the Bill. As he notes, it is substantive and thorough and was found to be such by the Regulatory Policy Committee, which gave it a green rating.
I hope that I have responded to most of the points raised by noble Lords today. I look forward to continuing to discuss these and other items raised.
I would like some clarification. The Minister in the other place said:
“I agree, to the extent that levels of fraud in state pensions being currently nearly zero, the power is not needed in that case. However, the Government wish to retain an option should the position change in the future”.—[Official Report, Commons, 29/11/23; col. 912.]
Can the noble Viscount explain why the Government still want to focus on recipients of state pension given that there is virtually no fraud? That is about 12.6 million people, so why?
Although proportionately fraud in the state pension is very low, it is still there. That will not be the initial focus, but the purpose is to future-proof the legislation rather than to have to keep coming back to your Lordships’ House.
Let me once again thank all noble Lords for their contributions and engagement. I look forward to further and more detailed debates on these matters and more besides in Committee. I recognise that there are strong views and it is a wide-ranging Bill, so there will be a lot of meat in our sandwich.
I congratulate the noble Lord, Lord de Clifford, on his perfectly judged maiden speech. I thoroughly enjoyed his description of his background and his valuable contributions on the Bill, and I welcome him to this House.
Finally, on a lighter note, I take this opportunity to wish all noble Lords—both those who have spoken in this debate and others—a very happy Christmas and a productive new year, during which I very much look forward to working with them on the Bill.
That the bill be committed to a Grand Committee, and that it be an instruction to the Grand Committee that they consider the bill in the following order:
Clauses 1 to 5, Schedule 1, Clause 6, Schedule 2, Clauses 7 to 14, Schedule 3, Clauses 15 to 24, Schedule 4, Clause 25, Schedules 5 to 7, Clauses 26 to 46, Schedule 8, Clauses 47 to 51, Schedule 9, Clauses 52 to 117, Schedule 10, Clauses 118 to 128, Schedule 11, Clauses 129 to 137, Schedule 12, Clause 138, Schedule 13, Clauses 139 to 142, Schedule 14, Clause 143, Schedule 15, Clauses 144 to 157, Title.
(11 months, 3 weeks ago)
Lords ChamberTo ask His Majesty’s Government, further to the Bletchley Declaration, what timescale they believe is appropriate for the introduction of further UK legislation to regulate artificial intelligence.
Regulators have existing powers that enable them to regulate AI within their remits and are already actively doing so. For example, the CMA has now published its initial review of foundation models. The AI regulation White Paper set out our adaptive, evidence-based regulatory framework, which allows government to respond to new risks as AI develops. We will be setting out an update on our regulatory approach through the White Paper consultation response shortly.
My Lords, two weeks ago, France, Germany and Italy published a joint paper on AI regulation, executive orders have already committed the US to specific regulatory guardrails, and the debate about the EU’s AI Act is ongoing. By contrast, we appear to have adopted a policy that may generously be described as masterly inactivity. Apart from waiting for Professor Bengio’s report, what steps are the Government taking to give the AI sector and the wider public some idea of the approach the UK will take to mitigate and regulate risk in AI? I hope the Minister can answer this: in the meantime, what is the legal basis for the use of AI in sensitive areas of the public sector?
I think I would regret a characterisation of AI regulation in this country as non-existent. All regulators and their sponsoring government departments are empowered to act on AI and are actively doing so. They are supported and co-ordinated in this activity by new and existing central AI functions: the central AI risk function, the CDEI, the AI standards hub and others. That is ongoing. It is an adaptive model which puts us not behind anyone in regulating AI that I am aware of. It is an adaptive model, and as evidence emerges we will adapt it further, which will allow us to maintain the balance of AI safety and innovation. With respect to the noble Lord’s second question, I will happily write to him.
My Lords, the Government have just conducted a whole summit about the risks of AI, so why in the new data protection Bill are they weakening the already limited legal safeguards that currently exist to protect individuals from AI systems making automated decisions about them in ways that could lead to discrimination or disadvantage? Is this not perverse even by this Government’s standards?
I do not think “perverse” is justified. GDPR Article 22 addresses automated individual decision-making, but, as I am sure the noble Lord knows, the DPDI Bill recasts Article 22 as the right to specific safeguards rather than a general prohibition on automated decision-making, so that subjects have to be informed about it and can seek a human review of decisions. It also defines meaningful human involvement.
When I asked the Minister in October why deepfakes could not be banned, he replied that he could not see a pathway to do so, as they were developed anywhere in the world. In the Online Safety Act, tech companies all over the world are now required not to disseminate harms to children. Why can the harms of deepfakes not be similarly proscribed?
I remember the question. It is indeed very important. There are two pieces to preventing deepfakes being presented to British users: one is where they are created and the second is how they are presented to those users. They are created to a great extent overseas, and we can do very little about that. As the noble Viscount said, the Online Safety Act creates a great many barriers to the dissemination and presentation of deepfakes to a British audience.
My Lords, the MoD published its AI strategy in June 2022. Among other priorities, the MoD aspired to be, on AI, the world’s most effective defence organisation for its size, through the delivery of battle-winning capability and supporting functions and our ability to collaborate and partner with UK allies and AI ecosystems. Can my noble friend the Minister confirm to me that nothing in current discussions will compromise the commendable and critical delivery of that objective?
I thank my noble friend for that question on the important area of AI usage in defence. As she will recall, AI in defence is principally conducted within the remit of the Ministry of Defence itself. My role has very little oversight of that, but I will take steps with government colleagues to confirm an answer for my noble friend.
My Lords, the Minister referred earlier to new risks. Sadly, the rapid development of AI has given rise to deepfake video and audio of political leaders, most recently the London Mayor, Sadiq Khan. We debated such issues during the passage of the Online Safety Act, but many were left feeling that the challenges that AI poses to our democratic processes were not sufficiently addressed. With a general election on the horizon who knows when, what steps are the Minister and his ministerial colleagues taking to protect our proud democratic traditions from bad actors and their exploitation of these new technologies? This is urgent.
I thank the noble Lord for raising this; it is extremely urgent. In my view, few things could be more catastrophic than the loss of faith in our electoral process. In addition to the protections that will be in place through the Online Safety Act, the Government have set up the Defending Democracy Taskforce under the chairmanship of the Minister for Security, with a range of ministerial and official activities around it. That task force will engage closely, both nationally, with Parliament and other groups and stakeholders, and internationally, to learn from allies who are also facing elections over the same period.
My Lords, I declare an interest as the First Civil Service Commissioner. If we want to regulate and to introduce legislation, the Government themselves will require a set of skills that they currently may not have. Can the Minister assure the House that we will have within government the skills to regulate artificial intelligence?
When the then frontier model task force was set up, we had in senior officialdom a total of three years of PhD-level experience in AI safety. I am pleased to say that that number is now 150. We have probably the greatest concentration of AI safety researchers and scientists of any nation working currently for the United Kingdom Government on this crucial issue of AI safety.
My Lords, I congratulate my noble friend the Minister on the recent AI safety summit. It is interesting that the EU is currently debating an AI regulation and tying itself up in knots about whether to regulate large language models or the application of AI. Can the Minister give an indication, first, of which direction the Government are heading, and, secondly, what discussions he has had with our colleagues in Brussels on the future of AI regulation?
I thank my noble friend for his congratulations with respect to the AI safety summit. We continue to engage internationally, not just with the larger international AI fora but very regularly with our colleagues in the US and the EU, both at ministerial and official level. The eventual landing zone of international interoperable AI regulations needs to be very harmonious between nations; we are pursuing that goal avidly. I may say that we are at this point more closely aligned to the US approach, which closely mirrors our own.
My Lords, in answer to my noble friend Lord Bassam on the Front Bench a moment ago, the Minister referred to the Defending Democracy Taskforce. When you consider that the National Cyber Security Centre, which is part of GCHQ, has recently publicly warned that in the next general election we will be subjected to a great many deepfakes along the lines indicated—we have seen them in action already—will the Minister agree to bring to the House, at an early stage, evidence of what the Defending Democracy Taskforce is doing? There is a sense of urgency here. As everyone knows, there will probably be a general election next year. On behalf of the electorate, we want to know that they will be able to understand what is real and what is not.
Indeed. I should point out that the NCSC and other cyber actors are also involved in the Defending Democracy Taskforce. I will liaise with the task force to understand what exactly the communications and engagement arrangements are with Parliament and elsewhere. I will take steps to make that happen.
(1 year ago)
Lords ChamberI thank the three noble Lords who spoke for their valuable and robust contributions to this debate. Let me start with some general remarks about the SI.
In 2022, the UK exported more than £99 billion in data-enabled services, such as finance and IT, to the US. That amounts to about 30% of the UK’s total data-enabled services exports globally. UK data bridges such as the one established with these regulations ensure that high data standards are upheld when UK individuals’ personal data is transferred internationally while reducing the compliance burdens for businesses, realising responsible innovation and growth. The UK-US data bridge restores a robust and reliable mechanism for transatlantic personal data flows and is expected to benefit around 16,000 UK businesses, 92% of which are small or micro businesses, and provide a combined benefit of an estimated £115 million per year.
The UK-US data bridge has been established following several years of collaboration between both countries and follows a robust assessment by the Secretary of State of the high standards and protections available to UK personal data when it is shared with organisations in the US under the bridge. DSIT published a series of supporting documents alongside the regulations for the US data bridge, including a policy explainer, a fact sheet for UK organisations, a series of letters detailing the operational delivery and enforcement of the frame- work, an analysis of the assessment which underpinned the Secretary of State’s decision and the Information Commissioner’s opinion.
I acknowledge absolutely the disappointment of the Secondary Legislation Scrutiny Committee that an impact assessment was not made available when the regulations were laid. As was remarked on, an initial impact assessment was submitted to the Regulatory Policy Committee in 2022 which was returned to my department with a green rating, meaning it was considered fit for purpose. Deeply regrettably, the updated version containing much of the same content was not reviewed and approved in a timely manner to coincide with the laying of the regulations. My officials worked at pace to address the additional comments from the Regulatory Policy Committee. I am pleased to say that the impact assessment for these regulations, which has been rated as fit for purpose, was published in mid-October. Furthermore, I can assure noble Lords that DSIT takes the concerns raised by the committee seriously.
In relation to the additional material included within the Explanatory Memorandum published alongside these regulations, as the noble Lord, Lord Clement-Jones, mentioned, an updated version of the Explanatory Memorandum addressing the areas raised by the committee in the report was laid, I am afraid as late as Monday 20 November, and is now available online. I am confident that these changes address the issues raised by the committee in its report.
On the concerns raised by the committee about the absence of a public consultation, I agree that these regulations may be an issue of public interest. These regulations have not been developed in isolation. As part of this assessment, the department worked closely with the UK’s independent data protection regulator, the Information Commissioner’s Office, throughout the assessment and the Information Commissioner was consulted by the Secretary of State prior to taking the decision to establish these regulations in accordance with the Data Protection Act 2018. Additionally, on five occasions since 2021, the department has publicly issued statements in relation to the progress made towards establishing these regulations. These include the UK-US comprehensive dialogue on technology and data launched in October 2022 and the Atlantic declaration announced by the Prime Minister and President Biden in June 2023.
Furthermore, the UK’s approach to facilitating international data transfers was the subject of a public consultation under mission five of the UK’s National Data Strategy, published in December 2020. This was focused on plans
“to remove unnecessary barriers to international data flows”,
drive high standards and build trust in the international use of data. These plans and the department’s approach in this area have been strongly and consistently welcomed by businesses of all sizes looking to operate and trade internationally between the US and UK.
I turn to questions specifically raised in this debate. The noble Lord, Lord Clement-Jones, asked what is being done by the department to address these issues in the future. The delays to the impact assessment and issues raised with the Explanatory Memorandum are unfortunate. It was always the department’s intention to publish the impact assessment once reviewed by the Regulatory Policy Committee and update the Explanatory Memorandum following the Secondary Legislation Scrutiny Committee’s report. As I have said, the department takes the concerns of the Secondary Legislation Scrutiny Committee seriously. There are steps being taken to ensure the delivery of high-quality, comprehensive documentation alongside future secondary legislation. This includes setting up a departmental better regulation team in the new year to support policy teams in the development of impact assessments, and providing a comprehensive library of best practice resources to officials and policy teams. I know that these steps do not help with the issues that arose in this statutory instrument, but I hope that it provides some reassurance towards the steps we are taking to prevent any repeat of these issues in future.
The noble Lord also raised how the data bridge agreements translate on to the US and whether they need to be approved on a state-by-state basis. The answer is that they do not need to be approved by individual states; they are arrangements which operate across the US in relation to any organisations which have signed up to the framework.
Regarding what guidance the department has provided to businesses, it has published a fact sheet on GOV.UK which provides additional clarity and information for businesses regarding using the data bridge, including explaining the need to specify certain types of data as sensitive. Additionally, the ICO has published a complaints tool to help businesses and individuals navigate the new redress mechanism which strengthens and protects UK data subjects’ rights when their personal data is transferred to the US.
Regarding the DPDI Bill, the changes to that Bill will not affect the validity of existing data bridges such as this one. They will continue to have effect under the new regime. The Secretary of State will continue to monitor the data bridge on an ongoing basis for any developments in the US which could affect the decision taken to make these regulations and will take such action to amend or revoke them if necessary.
The noble Lords, Lord Clement-Jones and Lord Fox, both raised what the longevity is of the data bridge, given the Max Schrems case, and the robustness of this legislation. We are aware of the stated intentions made by certain individuals such as Max Schrems to challenge the EU’s adequacy decision for the EU-US data privacy framework, as they have done twice previously. Our data bridge for the UK extension to that privacy framework is a separate decision from the EU’s adequacy decision, following the UK’s independent assessment of relevant laws and practices. We are continuing to work with the US now that the data bridge is online to ensure that it functions as intended and will continue to engage should any challenge to the EU’s adequacy decision be successful. Should the EU’s decision be invalidated, that would not directly impact the UK’s data bridge for the US.
In response to the noble Baroness, Lady Jones, I can confirm as above that the published impact assessment has a green rating. With regard to her question on how the data bridge differs from the EU framework, the UK is relying on our own extension to the EU-US data privacy framework, which mirrors the EU framework.
The noble Baroness asked whether individuals can opt out from the data bridge and about its robustness, including the important point about Palantir. UK individuals’ data is protected to the high standards expected within the UK under the UK GDPR and Data Protection Act 2018. We have conducted a robust and detailed assessment of the new US framework, which is published online on GOV.UK, and which the Secretary of State has decided meets the high standards necessary to establish a data bridge. This includes strict requirements and rules surrounding how US organisations should use, process and disclose personal data that they hold. When deciding whether to share personal data with a US organisation under the data bridge, the transferring organisation in the UK still needs to comply with all the requirements of the UK GDPR, including the need to have a lawful basis for sharing the personal data.
In response to the noble Lord, Lord Fox, who asked who the department engaged with in the US and which regulatory bodies are responsible for the US framework, this is a federal rather than a state government-level framework. The US Department of Commerce administers the framework and is our main counterpart, and the US Federal Trade Commission and US Department of Transportation enforce the framework. We also engaged with the US Department of Justice where there were questions in relation to US national security laws and practices. We have received reassurances from each of these bodies with regard to their commitments to upholding the principles and protecting the rights and protections of UK personal data shared with the US. These have been published online along with our full analysis detailing our assessment of the US data bridge and explaining the role of the different US bodies mentioned, which is on GOV.UK for anyone to view.
On the collection of data by UK political parties and the possibility of transfer to a server outside the UK, the policy governing this aspect falls outside the scope of data bridge policy, and so my department will follow up on that question.
Finally, on the question from the noble Lord, Lord Fox, about the self-certifying annual process for US companies and how the department can be sure that the process is being monitored, the US Department of Commerce has committed in the aforementioned reassurances to conduct verification checks on organisations certified to the framework, as well as to participate in periodic discussions with the UK Government about the operation of the framework, to ensure that the expectations and new practices of the data privacy framework are being met. This includes, where necessary, input from US enforcement bodies, the Federal Trade Commission and the US Department of Transportation, as well as from the UK’s independent data protection regulator, the Information Commissioner’s Office. Additionally, the Secretary of State is obliged to monitor on an ongoing basis any developments in the US or with the US framework that could affect the decision taken to make these regulations and to take such action to amend or revoke them as necessary.
I thank the noble Lord, Lord Clement-Jones, for bringing forward the debate today. The importance of proper scrutiny by parliamentarians for new legislation is paramount, and the department will continue to move forward with renewed determination to ensure that all necessary documentation is provided, not just to a high standard but at the point when regulations are laid. I believe and hope that I have answered all the questions. If not, I am of course more than happy to write with further detail. For now, I am once again grateful to the noble Lord.
My Lords, I thank the Minister for that response. I congratulate him on managing to pick up nearly all the questions and provide them with answers. He probably never thought that quite so many questions could be asked about a single SI, and there are a couple of areas where I think there is further inquiry to be made. This is a salutary lesson in how the SLSC really needs to get the information that it needs to scrutinise regulations, otherwise we all jump up and down and spend our evenings on regret Motions.
This has been a very useful debate. The record, and how the Minister unpacked and answered some of the questions, might be helpful for those who want to take advantage of the UK-US data bridge. It is a great illustration also as to why affirmative SIs, rather than negative ones, are actually rather useful. Why rely on me producing a regret Motion? Would not it have been better to have a proper affirmative procedure in this case, as this is a very important instrument? The Minister talked about its value, and, if it works, we will all agree.
I also very much appreciate the fact that there is a level of humility about this, in that the department is looking at its procedures and setting its house in order with a new regulatory policy process. We look forward, I am sure, to seeing how effective that will be in the future. When the Minister talks about fact sheets and the sensitive data aspects, the fact that the ICO is gearing itself on the complaints and redress side is appreciated as well.
(1 year ago)
Lords ChamberThat the draft Regulations laid before the House on 16 October be approved. Considered in Grand Committee on 20 November.
(1 year ago)
Grand CommitteeThat the Grand Committee do consider the Intellectual Property (Exhaustion of Rights) (Amendment) Regulations 2023
(1 year ago)
Grand CommitteeThat the Grand Committee do consider the Design Right, Artist’s Resale Right and Copyright (Amendment) Regulations 2023.
My Lords, I beg to move that these regulations be considered. They and the Intellectual Property (Exhaustion of Rights) (Amendment) Regulations 2023 were laid before the House on 16 October 2023. Intellectual property—IP—matters. The IP framework protects creations of the mind, such as inventions, literary works, symbols and names used in commerce. The UK system is widely regarded as among the best in the world. Our IP system is built on laws that ensure consistency, certainty and balance. It has not only helped to incentivise innovation and the creation of new technologies and products but promoted competitive markets and consumer choice. Maintaining a balanced, consistent and stable IP framework is crucial for businesses, consumers and investors.
The draft regulations before the Committee today use powers contained in the Retained EU Law (Revocation and Reform) Act 2023—the REUL Act—to amend or restate certain provisions in IP legislation. They make targeted changes, to the benefit of our IP framework, in line with the aims of the Act. I will take each set of draft regulations in turn, beginning with the Design Right, Artist’s Resale Right and Copyright (Amendment) Regulations 2023. Subject to noble Lords’ approval, they will amend provisions in four pieces of IP legislation. I will explain more about these.
The Design Right (Semiconductor Topographies) Regulations 1989 provide protection for designs that are semiconductor topographies, implementing international obligations under the World Trade Organization’s TRIPS Agreement. Semiconductors, commonly referred to as chips, are the core component of all electronic devices. The semiconductor topography design right is an IP right intended to protect the design of specific semiconductor products, such as circuit boards, which can be relatively easy to copy.
My Lords, I very much thank the three noble Lords for their valuable and interesting contributions to this debate. As I said in opening, IP matters. The IP system exists to encourage innovation and the sharing of information, creativity and knowledge. It provides individuals and businesses with the confidence to invest their time, money and energy into developing something new. That is why the Government remain committed to a world-leading IP framework. We hope these regulations will ensure that the IP system continues to support innovation across the economy and will make some targeted changes to the benefit of our IP framework.
I shall respond to some of the important questions raised in the debate. The noble Earl, Lord Clancarty, asked about ARR. I thank him for his kind words and support for the changes to ARR in relation to the change of currency. He mentioned the benefits to smaller artists of the ARR regime and the noble Lord, Lord Clement-Jones, expressed similar support. Under that change, artists who continue to receive ARR payments will see an estimated average increase of around 7%, with the highest-value artworks obviously experiencing the largest increase. In addition, when UK inflation is taken into consideration, the minimum threshold resale price for ARR eligibility will actually be lower in real terms than when it was set in 2006.
The noble Earl and the noble Lord, Lord Clement-Jones, asked about government policy for ARR in free trade agreements and why ARR is not included in some negotiations; the noble Lord, Lord Stevenson, also touched on that matter. It is current government policy to support ARR globally via international fora as well as via UK free trade agreements. For example, in our recent free trade agreements with Australia and New Zealand we negotiated provisions to provide ARR on a reciprocal basis—that is, the UK will provide ARR royalties to Australian artists and vice versa.
Noble Lords asked about provisions in FTAs that are still being negotiated, specifically with India and Canada. They will forgive me if I cannot comment at this point on negotiations that have not yet concluded. Needless to say, I am happy to set out more information as it emerges on where we are with these or other free trade agreements.
I turn to the issue of exhaustion. I note the views of the noble Earl, Lord Clancarty, on the UK’s existing UK-plus exhaustion regime and on making the UK-plus regime permanent. As I think everybody in the Room agrees, this is an important matter. As the noble Earl is aware, the Government have consulted widely on it and continue to consider what the UK’s eventual IP exhaustion regime should be. Work to consider the decision on the UK’s future exhaustion regime is ongoing. We intend our future regime to strike the right balance between consumer choice and fair market pricing, protecting creators and promoting competition. The Government are aware that businesses would like certainty about future arrangements that will be affected by this decision. We will let stakeholders know the outcome of the policy decision in due course.
I think we all asked for a bit more detail than the Minister’s “in due course”. Could he be a bit more specific?
Indeed. DSIT has been making representations to precisely that effect across government and that process is in train. I cannot provide a date for when it is going to be complete.
Could the Minister perhaps hint at what form it might take? Are we at the White Paper stage of the process or will it just be a statement that the issues are finished?
Perhaps I had better write to all noble Lords present to say exactly what form that will take.
I am sorry to interrupt the Minister as well. In addition to the timing, it would be useful to know what the instrument is going to be. Will it be another consultation? We have had a consultation, which finished last year, and now we have the SI. Is there going to be another consultation with another SI? The whole process needs unpacking a bit.
That is fair enough. What I am hearing is that noble Lords want to know not just when it will be but what it will look like when it happens. That is an entirely reasonable request, to which I am happy to accede.
I note the views of the noble Lord, Lord Clement-Jones, on how the UK-plus regime supports the publishing industry in particular. I recognise the importance of this issue to a variety of businesses, which have provided extensive contributions to the public consultation on this matter. On behalf of the Government, I thank those businesses for their constructive engagement during the consultation and since. The noble Lord also—no, I am getting ahead of myself. I will move on, except to note that this issue has the potential to impact so many business sectors and therefore it is important for the Government to take the time to get it right.
The noble Lord also mentioned his concerns about a potential move to an international exhaustion regime. As I mentioned, no decision has been made. However, I should advise noble Lords that we intend a future regime to strike the right balance between consumer choice, fair market pricing, protecting creators and promoting competition.
I turn to the matters raised by the noble Lord, Lord Stevenson. I am grateful for his and his colleagues’ expertise on this important area of policy. He raised the review of design rights. The IPO began a review of that legislation last year, with a call for views published in January 2022. We want to make sure that the UK design system best meets the needs of designers and businesses. The IPO is now working on policy proposals on which to consult, which will likely happen in the first half of 2024. The review is fairly wide ranging, as the law around designs is complex and has not been reformed in any meaningful way for some time. It is important to do this work properly to make sure that any changes work for users and all stakeholders.
The noble Lord raised concerns about transparency reports issued by collective management organisations not being audited. The purpose here is to align the treatment of CMOs with that of other organisations in Companies House of similar size; to not treat them differently simply because of the nature of the work they do as CMOs, and therefore not to require organisations that qualify as small to conduct a formal audit in that way, along with other organisations of their size, scope and scale.
Small CMOs will still be required to produce annual transparency reports and to abide by the regulations that govern their conduct and operations. Removing the statutory audit requirement strikes a fairer, more proportionate balance between risk and cost for these small entities. The changes to the audit requirements were in recommendations evidenced by the additional burden imposed on them during a 2021 post-implementation review of the regulations. To provide some reassurance, I hope: this change affects just seven of the smallest CMOs.
The noble Lord, Lord Stevenson, also mentioned the expansion of the European Economic Area and how it would affect our exhaustion regime. Currently, the geographical scope of our exhaustion regime covers the UK and the European Economic Area. If the European Economic Area expanded the Government would consider how that would affect our exhaustion regime, but we would not wish to prejudice such a decision.
I hope all noble Lords will recognise that these proposed changes support a balanced, consistent and stable IP framework that is crucial for businesses, consumers and investors. I absolutely recognise the strength of feeling and argument in favour of maintaining this regime, but meanwhile I commend these regulations to the Committee.
(1 year ago)
Lords ChamberTo ask His Majesty’s Government when they intend to respond to the Independent Review of the UK’s Research, Development and Innovation Organisational Landscape, published in March 2023.
The Government’s response to the landscape review is in its final stages of preparation and will be published imminently. The response will outline the ambitious actions that we have taken since the review’s publication, including through the Science and Technology Framework and the creation of DSIT. It will also announce further commitments to create a research, development and innovation landscape that makes the most of our strategic advantages and builds a more diverse, resilient and investable landscape.
I thank the Minister for that reply, but he will know that the review identified significant problems in the UK’s RDI landscape, some of which are long-term and serious, and are preventing us from becoming a science superpower. So can he assure us that the Government will take on board the integrated set of recommendations proposed in the review and establish an authoritative working group to implement them, rather than adopting a piecemeal approach to what it is a very serious challenge?
Indeed it is a serious challenge. The review identified, I think, 29 separate recommendations. The approach that the Government are taking is to address them not merely singly but, as the noble Baroness suggests, collectively, as a whole, as well. In fact, since its creation, two of our major steps build on the foundations laid by the Nurse review: that is, the creation of DSIT itself and the laying down of the Science and Technology Framework, which builds on the review, to set up the approach along many of the lines that the review suggested.
My Lords, I apologise to the noble Baroness, Lady Jones of Whitchurch, for intervening too soon. The Nurse review points out that government investment in R&D in the UK, at 0.12% of GDP, is five times lower than the OECD average. The UK ranks 27th out of 36 OECD countries. Where does the Minister think we should rank if we are to unlock the UK’s full potential in science?
I am not entirely sure where those figures come from. The R&D intensity of the UK—that is to say, the amount spent on R&D as a percentage of GDP—is between 2.8% and 2.9%. That places us fourth in the G7 behind Japan, Germany and the US, and behind Israel and Korea, so it certainly can be higher. That is why we have committed to spending £20 billion per year by the 2024-25 spending review.
My Lords, the figures that the noble Lord, Lord Krebs, spoke of are in the review; I read it this morning. Will the Minister reassure us that the response will represent the views of the whole of Whitehall, not just the Treasury but the Department for Education and the Home Office, for the advance spending? The review says we need a workforce of several hundred thousand more by 2030, half from the UK and half from abroad. That will require a change in science education in schools and higher pay for research at British universities, while from abroad it would require the Home Office to reverse the huge increase in visa and health charges that it intends to impose up front on researchers attracted to work in this country.
Indeed. The noble Lord is right: we have identified that from the base now of roughly 1 million people in this country working in R&D, taking into account retirements, by 2027 we probably need another 380,000 R&D workers. Inevitably, a great many of those are going to need to come via the immigration route. A wide variety of visa programmes can meet that need. The Government take the view that the going-in position is that those benefiting from visas, rather than the taxpayer, should bear the immediate costs of visas and healthcare. However, that is always kept under review and, should evidence emerge that we are not getting either the quantity or the quality of integration applications, then we will take appropriate action.
My Lords, there are two streams of funding that universities rely on: quality-related funding and charity research support funding. Both those funding streams are necessary for universities to develop infrastructure but both of them have been eroded over time. As charities have increased their funding for research, the amount of money available to support the universities has declined. Will the Minister commit to addressing those two issues and at least bringing funding up to inflationary levels?
Yes, indeed. I am happy to look at that. I note that the Government currently contribute about 20% of R&D funding through UKR I and other sources, with non-profits accounting for around 3% of funding. As I say, the Government are committed to increasing by about one-third their R&D funding by the 2024-25 spending review, which should go some way towards addressing that gap. Meanwhile, I take on board the noble Lord’s comments.
Does my noble friend the Minister agree that, in addition to government spend, R&D tax credits have risen to £7.3 billion from £6.6 billion last year, which is very welcome, but perhaps the figure could be higher if there were a campaign to explain to SMEs the availability of R&D tax credits?
Yes, indeed. As I say, businesses fund about 60% of R&D in this country and conduct just over 70% of it. I certainly would keenly look into any ability to campaign to encourage more people to take advantage of the generous tax credits scheme.
My Lords, when the review is published, will the Minister undertake to persuade the Leader of the House to arrange a debate in government time on it and all the issues related to it? Or, at the very least, can the Government arrange for a Statement to be made from the Dispatch Box so that Members in this Chamber can ask questions as a result of its publication?
I thank the noble Lord for the suggestion. I will happily take that up with the Leader of the House and all the usual channels.
My Lords, one very well-established principle for effective research is institutional autonomy and freedom of action. The Nurse review identified numerous places and occasions where, at present, government-funded research does not allow for such freedom of action. Can the Minister assure us that the response to the review will pay due attention to these principles, which the Government acknowledged in the very welcome establishment of ARIA?
Yes, indeed: these are very important principles to allow research institutions, whether publicly or privately funded, autonomy in the research they undertake. As well as the Nurse review, the Tickell review into bureaucracy in the R&D landscape addresses these things and we will also shortly be publishing our response to the latter review.
My Lords, is there evidence that the successive cuts in business taxes have led to increases in investment and research in the UK?
If there any such evidence, I am afraid I am not familiar with it.
My Lords, when talking about research, the Government often seem to be most excited by and focus on the kind of research that generates new profits and services. But very often research is into social innovation: for example, the subject of antimicrobial resistance. Looking for new drugs is something that we need to do, but social innovation and changes in medical practice can reduce the need to produce new drugs and protect the drugs we have now. Will the Minister perhaps look into seeing how we can focus more on that social innovation as well as the profit-making kinds of research?
The science and technology framework sets out five priority areas for research and innovation and those areas are then pursued across a mix of public sector, private sector and other bodies, each with their own goals for the research they are conducting. Within that, there is certainly room for all manner of research as the noble Baroness suggests.
(1 year ago)
Lords ChamberThat an humble Address be presented to His Majesty as follows:
“Most Gracious Sovereign—We, Your Majesty’s most dutiful and loyal subjects, the Lords Spiritual and Temporal in Parliament assembled, beg leave to thank Your Majesty for the most gracious Speech which Your Majesty has addressed to both Houses of Parliament”.
My Lords, on behalf of your Lordships’ House, I thank His Majesty the King for delivering the gracious Speech. I am grateful for the privilege of opening today’s debate on the Motion for this humble Address.
The bold, ambitious legislative agenda the Government have set out for the year ahead is testament to the fact that we are taking the right long-term decisions for a brighter future. That is because this Government recognise that, right across all the sectors we are debating today, the United Kingdom has an exceptional story to tell.
Last year we became one of only three countries in the world to boast a tech sector worth more than $1 trillion. We are a nation of scientific endeavour, home to the Jodrell Bank observatory, to the Francis Crick Institute and to pioneering businesses such as Google DeepMind, whose AlphaFold program has used AI to predict the shapes of 200 million proteins—the fundamental building blocks of human biology.
Through our Frontier AI Taskforce—soon to be our new AI safety institute—we are investing more than any other country in the safe development and deployment of this transformative technology. Indeed, earlier this month our leadership on AI was on full display as we hosted the first ever global summit on AI safety and agreed the historic Bletchley declaration.
Beyond science and technology, we all know that Britain today is a cultural powerhouse too, with a film and television industry worth more than £12 billion to our economy producing iconic, award-winning shows. In virtually every part of the globe, people can tune into the inimitable BBC World Service, which reaches an audience of more than 400 million.
But, for our many strengths, we know that there is no room for complacency. In all these sectors we want the UK to become one of the most competitive, pro-business and pro-innovation economies in the world, and in the proposed legislation we have set out in His Majesty’s most gracious Speech, we are making that vision a reality.
Through our Digital Markets, Competition and Consumers Bill, we are delivering on our manifesto commitment to end consumer rip-offs while creating a host of growth-spurring incentives for British business. To that end, it will grant new powers to the Competition and Markets Authority to drive innovation by preventing a handful of powerful tech companies using their influence to quash competition and harm consumers. It will hand people more rights over subscription contracts to give them more control over their spending, and it will make it harder for unscrupulous traders to trap people in subscription contracts they no longer want—a practice that currently cheats consumers out of £1.6 billion every year. New powers will also enable the CMA to take tough action against other bad business practices more quickly, without needing lengthy court action.
In all this we want to strengthen the rights of the consumer, recognising that better data protection is a win-win for both businesses and individuals. That is why our Data Protection and Digital Information Bill will let us take full advantage of our post-Brexit freedoms, unleashing innovation in every corner of the UK. It will help create a flexible, common-sense data protection regime, one that takes the best elements of GDPR while cutting red tape and saving British businesses £2.2 billion in increased productivity and compliance costs over 10 years. In the public sector those savings climb to £2.5 billion over 10 years, thanks to reforms to the use of data for law enforcement, national security and digital verification services.
We are reducing the bureaucracy that has been holding us back, while delivering real benefits for the British people. That includes both cracking down on nuisance calls and reducing the number of dreaded “accept/reject cookie” buttons that freeze web pages, sometimes long after they have loaded.
We are ensuring that the rules around data and internet access are fit for the digital age, and we want to do the same for public service broadcasting, because the truth is that many broadcasters are governed by rules written 20 years ago. Our laws ought to drive growth in our creative industries, not constrain it. That is why our new Media Bill is so important—to enable our public service broadcasters to compete, to nurture talent and skills and to drive growth across the UK. The Bill will ensure that audiences, both here and around the world, can more easily enjoy quality British content, supporting our creative industries to produce the next “Killing Eve”, “Top Gear” or “Line of Duty”. It will make sure that public service content is only a click away on connected devices such as set-top boxes, fire sticks and smart TVs, which are in roughly three-quarters of homes. It is right that UK audiences have access to the content they love, be that on commercial or public service broadcasters. Thanks to the reforms in our Media Bill, they will.
We are backing British radio stations through these changes too. They require major smart speaker platforms to ensure that the likes of Gold, Magic, Classic FM and all the stations that listeners love can be played on request. Crucially, the Media Bill complements the sweeping protections we have put in place for young people in the UK through the Online Safety Act. It will mean that on-demand content will be held to the same high standards as broadcast channels so that our children can be protected from harmful material.
At the same time, we recognise that freedom of the press and of our media is sacrosanct. Through this Bill we are fulfilling our manifesto pledge to repeal Section 40 of the Crime and Courts Act 2013, which could have required publishers that are not members of an approved regulator to pay costs on legal claims brought against them, regardless of the outcome. This section could have had a negative effect on freedom of speech, undermining high-quality journalism and our newspapers, which play such a vital role in our political discourse and our wider democracy.
Finally, we are modernising the listed events regime to protect British viewers’ access to major sporting events, including the FIFA World Cup. Football is another area in which we have an exceptional story to tell, not least in the tremendous success of our Lionesses at the European Championships last year. In recent times, though, our national game has suffered. We have seen that in the collapse of Bury FC, the devastating impact of the pandemic on clubs and the botched plan for a breakaway European super league. This all underscores the need for an independent football regulator, one that addresses financial sustainability in our national game and ensures that fans’ voices are heard loud and clear. That is precisely what our football governance Bill will establish: a regulator with real teeth that will require a minimum standard of fan engagement. It will hand fans veto rights over changes to team names and badges, the things that are so often part of a club’s heritage. Fans will also be consulted should their local stadium ever be put up for sale. Through the new regulator, we will strengthen owners’ and directors’ tests to help prevent a repeat of what happened at Blackpool FC and Charlton Athletic, where fans had to fight to save their own club.
We also recognise that the current distribution of revenue in the top five divisions is far from sufficient. That, in turn, is causing financial headaches for some clubs, further destabilising the football pyramid. That is why the regulator will have targeted statutory powers to, as a last resort, ensure financial sustainability in this pyramid by redistributing broadcast revenue.
As noble Lords know, the vast majority of football clubs are pillars of their community and are well run, and for these the regulator will have less of a role. Instead, it will focus its efforts on ensuring financial stability in the top five tiers of the men’s English football pyramid, with a mandatory licensing system. Through the scheme, it will have powers to monitor and enforce compliance with requirements in financial regulation, club ownership and much more.
From Liverpool to Leeds, from Wrexham to Wolverhampton, our football clubs are the beating hearts of our communities, steeped in history and inextricably linked to our national heritage. Because of the reforms we are undertaking today, I am confident that they will continue to thrive tomorrow and for decades to come.
In the Bills I have outlined, we are fulfilling our commitment to unlock the UK’s full potential in science, technology, media and sport. We are giving every entrepreneur a fair shot at success, ensuring that corporate power is not unduly concentrated in the hands of a select few. We are backing the rights of consumers, giving them greater control over spending, while clamping down on businesses that engage in drip pricing. We are backing British television, British film and British broadcasters, flying the flag for our nation’s unrivalled creativity and talent.
I look forward to further debating these key Bills in His Majesty’s most gracious Speech and discussing our plans to change our country for the better, building a brighter future for every hard-working family.