Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment his Department has made of the risks (a) associated with third-party providers' involvement in (i) age verification and (ii) content moderation systems and (b) of (A) data breaches and (B) misuse of personal information by those providers; and what (1) regulations, (2) oversight procedures and (3) safeguards have been put in place to guarantee the safe (a) handling and (b) storage of the sensitive data of (i) children, (ii) vulnerable users and (iii) other users.

UK GDPR and the Data Protection Act impose obligations on data controllers – including third-party providers - to process data fairly, lawfully, and transparently.

The OSA also requires all providers to give particular regard to the importance of protecting users’ privacy rights when implementing measures to comply with their new safety duties, including age assurance and any content moderation measures.

The ICO has responsibility for monitoring and enforcing the application of data protection legislation in the UK. It has a range of tough criminal and civil enforcement tools at its disposal, including powers of prosecution and powers to issue substantial monetary penalties for serious breaches of the data protection legislation.