Data Protection and Digital Information Bill
Lord Vaux of Harrowden ExcerptsWednesday 24th April 2024
(1 week, 2 days ago)
Grand CommitteeRead Full debate Data Protection and Digital Information Bill 2022-23 View all Data Protection and Digital Information Bill 2022-23 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 30-VII Seventh marshalled list for Grand Committee - (23 Apr 2024)
Lord Clement-Jones (LD)
My Lords, we have talked about proportionality and disproportionality throughout the debate on this Bill. Is it not extraordinary that that figure is not on the table, given the extent of these powers?
Lord Vaux of Harrowden (CB)
My Lords, the Minister was kind enough to mention me a little earlier. Can I just follow up on that? In the impact assessment, which I have here, nowhere can I find the £600 million figure, nor can I find anywhere the costs related to this. There will be a burden on the banks and clearly quite a burden on the DWP, actually, if it has got to trawl through this information, as the noble Viscount says, using people rather than machines. The costs are going to be enormous to save, it would appear, up to £120 million per year out of £6.4 billion per year of fraud. It does seem odd. It would be really helpful to have those cost numbers and to understand in what document they are, because I cannot find in the impact assessment where these numbers are.
Viscount Younger of Leckie (Con)
I hope I can help both noble Lords. Although I must admit that I have not read every single page, I understand that the figure of £500 million is in the IA.
Data Protection and Digital Information Bill
Lord Vaux of Harrowden ExcerptsWednesday 17th April 2024
(2 weeks, 2 days ago)
Grand CommitteeRead Full debate Data Protection and Digital Information Bill 2022-23 View all Data Protection and Digital Information Bill 2022-23 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 30-V Fifth marshalled list for Grand Committee - (16 Apr 2024)
Lord Kamall (Con)
My Lords, I speak in favour of Amendment 195ZA in my name and that of the noble Lords, Lord Vaux of Harrowden and Lord Clement-Jones, and Amendments 289 and 300 on digital identity theft. I am also very sympathetic to many of the points made by the noble Baroness, Lady Jones of Whitchurch, particularly about the most disadvantaged people in our society.
As many noble Lords know, I am a member of the Communications and Digital Committee of this House. A few months ago, we did a report on digital exclusion. We had to be quite clear about one of the issues that we found: even though some people may partly use digital—for example, they may have an email address—it does not make them digitally proficient or literate. We have to be very clear that, as more and more of our public and private services go online, it is obvious that companies and others will want to know which people are claiming to use these services. At the same time, a number of people will not be digitally literate or will not have this digital ID available. It is important that we offer them enough alternatives. It should be clear, and not beyond the wit of man or clever lawyers, that there are non-digital alternatives available for consumers and particularly, as was said by the noble Baroness, Lady Jones of Whitchurch, people from disadvantaged communities.
As we found in the report on our inquiry into digital exclusion, this does not concern only people from deprived areas. Sometimes people get by in life without much digital literacy. There are those who may be scared of it or who do not trust it, and they can come from all sorts of wealth brackets. This drives home the point that it is important to have an alternative. I cannot really say much more than the amendment itself; it does what it says on the tin. The amendment is quite clear and I am sure that the noble Lord, Lord Vaux, will speak to it as well.
I will briefly speak in favour of Amendments 289 and 300. Digital identity theft is clearly an issue and has been for a long time. Even before the digital days, identity theft was an issue and it is so much easier to hack someone’s ID these days. I have had bank accounts opened in my name. I received a letter claiming this but, fortunately, the bank was able to deal with it when I walked in and said, “This wasn’t me”. It is quite clear that this will happen more and more. Sometimes, it will simply be stealing data that has been leaked or because a system is not particularly secure; at other times, it will be because you have been careless. No matter why the crime is committed, it must be an offence in the terms suggested by the amendments of the noble Lord, Lord Clement-Jones. It is clear that we have to send a strong signal that digital identity theft is a crime and that people should be deterred from engaging in it.
Lord Vaux of Harrowden (CB)
My Lords, I have added my name to Amendment 195ZA—I will get to understand where these numbers come from, at some point—in the name of the noble Lord, Lord Kamall, who introduced it so eloquently. I will try to be brief in my support.
For many people, probably most, the use of online digital verification will be a real benefit. The Bill puts in place a framework to strengthen digital verification so, on the whole, I am supportive of what the Government are trying to do, although I think that the Minister should seriously consider the various amendments that the noble Baroness, Lady Jones of Whitchurch, has proposed to strengthen parliamentary scrutiny in this area.
However, not everyone will wish to use digital verification in all cases, perhaps because they are not sufficiently confident with technology or perhaps they simply do not trust it. We have already heard the debates around the advances of AI and computer-based decision-making. Digital identity verification could be seen to be another extension of this. There is a concern that Part 2 of the Bill appears to push people ever further towards decisions being taken by a computer.
I suspect that many of us will have done battle with some of the existing identity verification systems. In my own case, I can think of one bank where I gave up in deep frustration as it insisted on telling me that I was not the same person as my driving licence showed. I have also come up against systems used by estate agents when trying to provide a guarantee for my student son that was so intrusive that I, again, refused to use it.
Therefore, improving verification services is to be encouraged but there must be some element of choice, and if someone does not have the know-how, confidence, or trust in the systems, they should be able to do so through some non-digital alternative. They should not be barred from using relevant important services such as, in my examples, banking and renting a property because they cannot or would prefer not to use a digital verification service.
At the very least, even if the Minister is not minded to accept that amendment, I hope that he can make clear that the Government have no intention to make digital ID verification mandatory, as some have suggested that this Part 2 may be driving towards.
Lord Clement-Jones (LD)
My Lords, this is quite a disparate group of amendments. I support Amendment 195ZA, which I have signed. I thought that the noble Baroness, Lady Jones, and the noble Lords, Lord Kamall and Lord Vaux, have made clear the importance of having a provision such as this on the statute book. It is important that an individual can choose whether to use digital or non-digital means of verifying their identity. It is important for the liberty and equality of individuals as well as to cultivate trust in what are essentially growing digital identity systems. The use of the word “empower” in these circumstances is important. We need to empower people rather than push them into digital systems that they may not be able to access. Therefore, a move towards digitalisation is not a justification for compelling individuals to use systems that could compromise their privacy or rights more broadly. I very much support that amendment on that basis.
I also very much support the amendments of the noble Baroness, Lady Jones, which I have signed. The Delegated Powers and Regulatory Reform Committee could not have made its recommendations clearer. The Government are serial offenders in terms of skeleton Bills. We have known that from remarks made by the noble Lord, Lord Hodgson, on the Government Benches over a long period. I am going to be extremely interested in what the Government have to say. Quite often, to give them some credit, they listen to what the DPRRC has to say and I hope that on this occasion the Minister is going to give us some good news.
This is an extremely important new system being set up by the Government. We have been waiting for the enabling legislation for quite some time. It is pretty disappointing, after all the consultations that have taken place, just how skeletal it is. No underlying principles have been set out. There is a perfectly good set of principles set out by the independent Privacy and Consumer Advisory Group that advises the Government on how to provide a simple, trusted and secure means of accessing public services. But what assurance do we have that we are going to see those principles embedded in this new system?
Throughout, it is vital that the Secretary of State is obliged to uphold the kinds of concerns being raised in the development of this DVS trust framework to ensure that those services protect the people who use them. We need that kind of parliamentary debate and it has been made quite clear that we need nothing less than that. I therefore very much support what the noble Baroness, Lady Jones, had to say on that subject.
Lord Clement-Jones (LD)
My Lords, in essence, the Minister is admitting that there is a gap when somebody who does not have access to digital services needs an identity to deal with the private sector. Is that right?
Lord Vaux of Harrowden (CB)
In the example I gave, I was not willing to use a digital system to provide a guarantee for my son’s accommodation in the private sector. I understand that that would not be protected and that, therefore, someone might not be able to rent a flat, for example, because they cannot provide physical ID.
Viscount Camrose (Con)
The Bill does not change the requirements in this sense. If any organisation chooses to provide its services on a digital basis only, that is up to that organisation, and it is up to consumers whether they choose to use it. It makes no changes to the requirements in that space.
I will now speak to the amendment that seeks to remove Clause 80. Clause 80 enables the Secretary of State to ask accredited conformity assessment bodies and registered DVS providers to provide information which is reasonably required to carry out her functions under Part 2 of the Bill. The Bill sets out a clear process that the Secretary of State must follow when requesting this information, as well as explicit safeguards for her use of the power. These safeguards will ensure that DVS providers and conformity assessment bodies have to provide only information necessary for the functioning of this part of the Bill.
Lord Vaux of Harrowden (CB)
This is a slightly disparate group of amendments. I have added my name in support of Amendment 296, tabled by the noble Baroness, Lady Jones of Whitchurch, which once again probes the question of whether this Bill risks causing the loss of the data adequacy ruling from the EU. This was an issue raised by many, if not most, noble Lords during Second Reading, and it is an area in which the Government’s position feels a little complacent.
The data adequacy ruling from the EU is extremely important, as the impact assessment that accompanies the Bill makes clear. It says:
“Cross-border data transfers are a key facilitator of international trade, particularly for digitised services. Transfers underpin business transactions and financial flows. They also help streamline supply chain management and allow business to scale and trade globally”.
The impact assessment then goes on to estimate the costs of losing data adequacy, and indicates a net present value cost range of between £1.6 billion and £3.4 billion over the next 10 years. As an aside, I note that that is a pretty wide range, which perhaps indicates the extent to which the costs are really understood.
The impact assessment notes that these numbers are the impact on direct trade only and that the impact may be larger still when considering supply chain impacts, but it does not make any attempt to calculate that effect. There are big potential costs, however we look at it. It therefore seems extraordinary that the impact assessment, despite running to 240 pages, makes no attempt at all to quantify the probability that the EU might decide—and it is a unilateral EU decision—to withdraw the data adequacy ruling, which it can do at any time, even before the current ruling comes to an end in July 2025. I find it extraordinary that no attempt has been made to estimate the probability of that happening. You would think that, if the Government were as confident as they say they are, they should have some evidence as to the probability of it happening.
Noble Lords should be aware that this means that the potential cost of the loss of data adequacy is not included in the NPV analysis for the Bill. If that loss did occur, the net present value of the Bill would be largely wiped out, and if the lower end of the IA range is taken, the Bill’s overall financial impact becomes a net present cost to the tune of £2.1 billion. The retention of the EU data adequacy ruling is therefore key to retaining any real benefit from this Bill at all.
On Monday, the Minister said:
“We believe they are compatible with maintaining our data adequacy decisions from the EU. We have maintained a positive, ongoing dialogue with the EU to make sure that our reforms are understood. We will continue to engage with the European Commission at official and ministerial levels with a view to ensuring that our respective arrangements for the free flow of personal data can remain in place, which is in the best interests of both the UK and the EU”.—[Official Report, 15/4/24; col. GC 261.]
By “they”, he means the measures in the Bill. So far, so good. But your Lordships will remember that, at the time of Brexit, there was actually considerable doubt as to whether we would be granted a data adequacy ruling at that time, when our rules were almost entirely convergent. This Bill increases divergence, so the approach at the moment seems complacent at best.
I do not think it is any surprise at all that our European Affairs Committee recently launched an inquiry into this very subject. While the Minister has said how confident he is, noises being made in the EU are less encouraging. For example, the chair of the European Parliament’s Civil Liberties, Justice and Home Affairs Committee wrote in February to the European Commissioner for Justice outlining his concerns about this Bill and questioning whether it will meet the requirements of “essential equivalence”, which is the test that we have to meet. He highlighted, in particular, the lack of independence of the Information Commissioner’s Office, and the elimination of the Biometrics and Surveillance Camera Commissioner, something we will come on to a little later.
It does not seem to be a given that data adequacy will be retained, despite the frankly rather woolly assurances from the Minister about his confidence. Given the enormous importance of the data adequacy ruling, and the fact that the impact assessment makes no attempt at all to assess the probability of retaining or losing it—something one would think to be really fundamental when deciding the extent of divergence we wish to follow—it must make sense to introduce the assessment proposed in Amendment 296. In the absence of something much stronger than the assurances the Minister has given so far, I urge the noble Baroness, Lady Jones, to return to this matter on Report: it is really fundamental.
Lord Bassam of Brighton (Lab)
My Lords, this group has three amendments within it and, as the noble Lord, Lord Vaux, said, it is a disparate group. The first two seem wholly benign and entirely laudable, in that they seek to ensure that concerns about the environmental impacts related to data connected to business are shared and provided. The noble Baroness, Lady Bennett, said hers was a small and modest amendment: I agree entirely with that, but it is valuable nevertheless.
If I had to choose which amendment I prefer, it would be the second, in the name of my noble friend Lady Young, simply because it is more comprehensive and seems to be of practical value in pursuing policy objectives related to climate change mitigation. I cannot see why the disclosure of an impact analysis of current and future announcements, including legislation, changes in targets and large contracts, on UK climate change mitigation targets would be a problem. I thought my noble friend was very persuasive and her arguments about impact assessment were sound. The example of offshore petroleum legislation effectively not having an environmental impact assessment when its impacts are pretty clear was a very good one indeed. I am one of those who believes that environmental good practice should be written all the way through, a bit like a stick of Brighton rock, and I think that about legislation. It is important that we take on board that climate change is the most pressing issue that we face for the future.
The third amendment, in the name of my noble friend Lady Jones, is of a rather different nature, but is no less important, as it relates to the UK’s data adequacy and the EU’s decisions on it. We are grateful to the noble Lords, Lord Vaux of Harrowden and Lord Clement-Jones, for their support. Put simply, it would oblige the Secretary of State to complete an assessment, within six months of the Bill’s passing,
“of the likely impact of the Act on the EU’s data adequacy decisions relating to the UK”.
It would oblige the Secretary of State to lay a report on the assessment’s findings, and the report must cover data risk assessments and the impact on SMEs. It must also include an estimate of the legislation’s financial impact. The noble Lord, Lord Vaux, usefully underlined the importance of this, with its critical 2025 date. The amendment also probes
“whether the Government anticipate the provisions of the Bill conflicting with the requirements that need to be made by the UK to maintain a data adequacy decision by the EU”.
There is widespread and considerable concern about data adequacy and whether the UK legislative framework diverges too far from the standards that apply under the EU GDPR. The risk that the UK runs in attempting to reduce compliance costs for the free flow of personal data is that safeguards are removed to the point where businesses and trade become excessively concerned. In summary, many sectors including manufacturing, retail, health, information technology and particularly financial services are concerned that the free flow of data between us and the EU, with minimal disruption, will simply not be able to continue.
As the noble Lord, Lord Vaux, underlined, it is important that we in the UK have a relationship of trust with the European Commission on this, although ultimately data adequacy could be tested in the Court of Justice of the European Union. Data subjects in the EU can rely on the general principle of the protection of personal data to invalidate EU secondary and domestic law conflicting with that principle. Data subjects can also rely on the Charter of Fundamental Rights to bring challenges. Both these routes were closed off when the UK left the EU and the provisions were not saved in UK law, so it can be argued that data protection rights are already at a lower standard than across the European Union.
It is worth acknowledging that adequacy does not necessarily require equivalence. We can have different, and potentially lower, standards than the EU but, as long as those protections are deemed to meet whatever criteria the Commission chooses to apply, it is all to the good.
However, while divergence is possible, the concern that we and others have is that the Bill continues chipping away at standards in too many different ways. This chipping away is also taking place in statutory instruments, changes to guidance and so on. If His Majesty’s Government are satisfied that the overall picture remains that UK regulation is adequate, that is welcome, but it would be useful to know what mechanism DSIT and the Government generally intend using to measure where the tipping point might be achieved and how close these reforms take us to it.
The Committee will need considerable reassurance on the question of data adequacy, not least because of its impact on businesses and financial services in the longer term. At various times, the Minister has made the argument that a Brexit benefit is contained within this legislation. If he is ultimately confident of that case, what would be the impact on UK businesses if that assessment is wrong in relation to data adequacy decisions taken within the EU?
We are going to need more than warm words and a recitation that “We think it’s right and that we’re in the right place on data adequacy”. We are going to need some convincing. Whatever the Minister says today, we will have to return to this issue on Report. It is that important for businesses in this country and for the protection of data subjects.
Lord Clement-Jones (LD)
Before the Minister stands up, let me just say that I absolutely agree with what the noble Lord, Lord Bassam, said. Have the Government taken any independent advice? It is easy to get wrapped up in your own bubble. The Government seem incredibly blithe about this Bill. You only have to have gone through our days in this Committee to see the fundamental changes that are being made to data protection law, yet the Government, in this bubble, seem to think that everything is fine despite the warnings coming from Brussels. Are they taking expert advice from outside? Do they have any groups of academics, for instance, who know about this kind of thing? It is pretty worrying. The great benefit of this kind of amendment, put forward by the noble Baroness, Lady Jones, is that nothing would happen until we were sure that we were going to be data adequate. That seems a fantastic safeguard to me. If the Government are just flying blind on this, we are all in trouble, are we not?
Lord Vaux of Harrowden (CB)
My Lords, can I point out, on the interests of the EU, that it does not go just one way? There is a question around investment as well. For example, any large bank that is currently running a data-processing facility in this country that covers the whole of Europe may decide, if we lose data adequacy, to move it to Europe. Anyone considering setting up such a thing would probably go for Europe rather than here. There is therefore an investment draw for the EU here.
Viscount Camrose (Con)
I do not know what I could possibly have said to create the impression that the Government are flying blind on this matter. We continue to engage extensively with the EU at junior official, senior official and ministerial level in order to ensure that our proposed reforms are fully understood and that there are no surprises. We engage with multiple expert stakeholders from both the EU side and the UK side. Indeed, as I mentioned earlier, a number of experts have submitted evidence to the House’s inquiry on EU-UK data adequacy and have made clear their views that the DPDI reforms set out in this Bill are compatible with EU adequacy. We continue to engage with the EU throughout. I do not want to be glib or blithe about the risks; we recognise the risks but it is vital—
Baroness Bennett of Manor Castle (GP)
My Lords, I thank the Minister for his answer. This has been a fairly short but fruitful debate. We can perhaps commend the Minister for his resilience, although it feels like he was pounded back on the ropes a few times along the way.
I will briefly run through the amendments. I listened carefully to the Minister, although I will have to read it back in Hansard. I think he was trying to say that my Amendment 195A, which adds energy and carbon intensity to this list, is already covered. However, I really cannot see how that can be claimed to be the case. The one that appears to be closest is sub-paragraph (iv), which refers to “performance or quality”, but surely that does not include energy and carbon intensity. I will consider whether to come back to this issue.
The noble Baroness, Lady Young of Old Scone, presented a wonderfully clear explanation of why Amendment 218 is needed. I particularly welcome the comments from the noble Lord, Lord Bassam, expressing strong Labour support for this. Even if the Government do not see the light and include it in the Bill, I hope that the noble Lord’s support can be taken as a commitment that a future Labour Government intend to follow that practice in all their approaches.
Lord Holmes of Richmond (Con)
My Lords, it is a pleasure to take part in today’s Committee proceedings. I declare my technology interests as an adviser to Boston Limited. It is self-evident that we have been talking about data but there could barely be a more significant piece of data than biometrics. In moving the amendment, I shall speak also to Amendments 197B and 197C, and give more than a nod to the other amendments in this group.
When we talk about data, it is always critical that we remember that it is largely our data. There could be no greater example of that than biometrics. More than data, they are parts and fragments of our very being. This is an opportune moment in the debate on the Bill to strengthen the approach to the treatment and the use of biometrics, not least because they are being increasingly used by private entities. That is what Amendments 197A to 197C are all about—the establishment of a biometrics office, a code of practice and oversight, and sanctions and fines to boot. This is of that level of significance. The Bill should have that strength when we are looking at such a significant part of our very human being and data protection.
Amendment 197B looks at reporting and regulatory requirements, and Amendment 197C at the case for entities that have already acted in the biometrics space prior to the passage of the Bill. In short, it is very simple. The amendments take principles that run through many elements of data protection and ensure that we have a clear statement on the use and deployment of biometrics in the Bill. There could be no more significant pieces of data. I look forward to the Minister’s response. I thank the Ada Lovelace Institute for its help in drafting the amendments, and I look forward to the debate on this group. I beg to move.
Lord Vaux of Harrowden (CB)
My Lords, I have added my name in support of the stand part notices of the noble Lord, Lord Clement-Jones, to Clauses 147, 148 and 149. These clauses would abolish the office of the Biometrics and Surveillance Camera Commissioner, along with the surveillance camera code of practice. I am going to speak mainly to the surveillance camera aspect, although I was taken by the speech of the noble Lord, Lord Holmes, who made some strong points.
The UK has become one of the most surveilled countries in the democratic world. There are estimated to be over 7 million CCTV cameras in operation. I give one example: the automated number plate recognition, ANPR, system records between 70 million and 80 million readings every day. Every car is recorded on average about three times a day. The data is held for two years. The previous Surveillance Camera Commissioner, Tony Porter, said about ANPR that it,
“must surely be one of the largest data gatherers of its citizens in the world. Mining of meta-data—overlaying against other databases can be far more intrusive than communication intercept”.
Professor Sampson, the previous commissioner, said about ANPR:
“There is no ANPR legislation or act, if you like. And similarly, there is no governance body to whom you can go to ask proper questions about the extent and its proliferation, about whether it should ever be expanded to include capture of other information such as telephone data being emitted by a vehicle or how it's going to deal with the arrival of automated autonomous vehicles”.
And when it came to independent oversight and accountability, he said:
“I’m the closest thing it’s got—and that’s nothing like enough”.
I am not against the use of surveillance cameras per se—it is unarguable that they are a valuable tool in the prevention and detection of crime—but there is clearly a balance to be found. If we chose to watch everything every person does all of the time, we could eliminate crime completely, but nobody is going to argue that to be desirable. We can clearly see how surveillance and biometrics can be misused by states that wish to control their populations—just look at China. So there is a balance to find between the protection of the public and intrusion into privacy.
Technology is moving incredibly rapidly, particularly with the ever-increasing capabilities of Al. As technology changes, so that balance between protection and privacy may also need to change. Yet Clause 148 will abolish the only real safeguards we have, and the only governance body that keeps an eye on that balance. This debate is not about where that balance ought to be; it is about making sure that there is some process to ensure that the balance is kept under independent review at a time when surveillance technologies and usage are developing incredibly rapidly.
I am sure that the Minister is going to argue that, as he said at Second Reading:
“Abolishing the Surveillance Camera Commissioner will not reduce data protection”.—[Official Report, 19/12/23; col. 2216.]
He is no doubt going to tell us that the roles of the commissioner will be adequately covered by the ICO. To be honest that completely misses the point. Surveillance is not just a question of data protection; it is a much wider question of privacy. Yes, the ICO may be able to manage the pure data protection matters, but it cannot possibly be the right body to keep the whole question of surveillance and privacy intrusion, and the related technologies, under independent review.
It is also not true that all the roles of the commissioner are being transferred to other bodies. The report by the Centre for Research into Surveillance and Privacy, or CRISP, commissioned by the outgoing commissioner, is very clear that a number of important areas will be lost, particularly reviewing the police handling of DNA samples, DNA profiles and fingerprints; maintaining an up-to-date surveillance camera code of practice with standards and guidance for practitioners and encouraging compliance with that code; setting out technical and governance matters for most public body surveillance systems, including how to approach evolving technology, such as Al-driven systems including facial recognition technology; and providing guidance on technical and procurement matters to ensure that future surveillance systems are of the right standard and purchased from reliable suppliers. It is worth noting that it was the Surveillance Camera Commissioner who raised the issues around the use of Hikvision cameras, for example—not something that the ICO is likely to be able to do. Finally, we will also lose the commissioner providing reports to the Home Secretary and Parliament about public surveillance and biometrics matters.
Professor Sampson said, before he ended his time in office as commissioner:
“The lack of attention being paid to these important matters at such a crucial time is shocking, and the destruction of the surveillance camera code that we’ve all been using successfully for over a decade is tantamount to vandalism”.
He went on to say:
“It is the only legal instrument we have in this country that specifically governs public space surveillance. It is widely respected by the police, local authorities and the surveillance industry in general … It seems absolutely senseless to destroy it now”.
The security industry does not want to see these changes either, as it sees the benefits of having a clear code. The Security Systems and Alarms Inspection Board, said:
“Without the Surveillance Camera Commissioner you will go back to the old days when it was like the ‘wild west’, which means you can do anything with surveillance cameras so long as you don’t annoy the Information Commissioner … so, there will not be anyone looking at new emerging technologies, looking at their technical requirements or impacts, no one thinking about ethical implications for emerging technologies like face-recognition, it will be a free-for-all”.
The British Security Industry Association said:
“We are both disappointed and concerned about the proposed abolition of the B&SCC. Given the prolific emergence of biometric technologies associated with video surveillance, now is a crucial time for government, industry, and the independent commissioner(s) to work close together to ensure video surveillance is used appropriately, proportionately, and most important, ethically”.
I do not think I can put it better than that.
While there may be better ways to achieve the appropriate safeguards than the current commissioner arrangement, this Bill simply abolishes everything that we have now and replaces the safeguards only partially, and only from a data protection perspective. I am open to discussion about how we might fill the gaps, but the abolition currently proposed by the Bill is a massively retrograde and even dangerous step, removing the only safeguards we have against the uncontrolled creep towards ever more intrusive surveillance of innocent people. As technology increases the scope for surveillance, this must be the time for greater safeguards and more independent oversight, not less. The abolition of the commissioner and code should not happen unless there are clear, better, safeguards established to replace it, and this Bill simply does not do that.
Lord Vaux of Harrowden (CB)
My Lords, to go back to some of the surveillance points, one of the issues is the speed at which technology is changing, with artificial intelligence and all the other things we are seeing. One of the roles of the commissioner has been to keep an eye on how technology is changing and to make recommendations as to what we do about the impacts of that. I cannot hear, in anything the noble Viscount is saying, how that role is replicated in what is being proposed. Can he enlighten me?
Viscount Camrose (Con)
Yes, indeed. In many ways, this is advantageous. The Information Commissioner obviously has a focus on data privacy, whereas the various other organisations, particularly BSCC, EHRC and the FINDS Board, have subject-specific areas of expertise on which they will be better placed to horizon-scan and identify new emerging risks from technologies most relevant to their area.
Lord Vaux of Harrowden (CB)
Is the noble Viscount saying that splitting it all up into multiple different places is more effective than having a single dedicated office to consider these things? I must say, I find that very hard to understand.
Viscount Camrose (Con)
I do not think we are moving from a simple position. We are moving from a very complex position to a less complex position.
Digital Markets, Competition and Consumers Bill
Lord Vaux of Harrowden ExcerptsWednesday 24th January 2024
(3 months, 1 week ago)
Grand CommitteeRead Full debate Digital Markets, Competition and Consumers Bill 2022-23 View all Digital Markets, Competition and Consumers Bill 2022-23 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 12-II(b) Amendment for Grand Committee (Supplementary to the Second Marshalled List) - (24 Jan 2024)
“(c) an undertaking which has received an SMS investigation notice in accordance with section 11(1), unless the initial SMS investigation has been closed in accordance with section 12 or an SMS decision notice has been given in accordance with section 14; and where such an undertaking is part of a group, any member of that group.”Member’s explanatory statement
This amendment would apply the merger reporting requirements to undertakings that are being investigated by the CMA as to whether they have strategic market status.
Lord Vaux of Harrowden (CB)
I hope that this group of amendments will not be as much of a marathon as the previous group—or indeed that performance from the Deputy Chairman. I start by apologising that I could not attend the first day in Committee, due to a combination of Avanti West Coast and Storm Isha. I would have liked to have spoken in support of amendments in the first group that day, and I entirely agree with what has been said about ensuring that we do not create opportunities for large tech firms to use their immense legal firepower to slow down the process of designating them as having strategic market status, and ensuring that the information and work already done by the CMA can be taken into account. It is fair to say that the same themes have continued today, and Amendment 59 is a continuation of them in a slightly different way.
As a number of noble Lords have already pointed out, we already know who the main strategic players are and that they are already abusing their strategic market positions, as the noble Lord, Lord Tyrie, said so clearly on day one. The noble Baroness, Lady Harding, described how the big tech players know that the regulation is coming, but they are walking backwards as slowly as they can. As she pointed out, we see that very clearly with the EU’s Digital Markets Act, in which so far every potential SMS-equivalent firm has challenged its designation through every stage of the courts that it can. So at best we are unlikely to see any SMS designations until well into 2025, and possibly much later, if they are able to spin out the process.
If I read the Bill correctly, there is actually only one immediate additional obligation that designation imposes on a company: a requirement to report possible mergers on a more enhanced basis than currently applies. But this obligation does not come into force until the SMS designation has been made.
As I said, we already know who the main players are. That is not just speculation—the CMA has already confirmed some of them in its previous work. As an example, in its Mobile Ecosystems market study report of June 2022, just a year and a bit ago, the CMA confirmed that both Apple and Google would meet the test of having strategic market status in the supply of mobile operating systems and the devices on which they are installed, in native app distribution, and in mobile browsers and browser engines. It is not speculation; we know who these people are. Why, then, would we want to wait for another year or more, allowing them to game the system during that period, before applying the enhanced merger reporting requirements on them?
Amendment 59 would apply the enhanced merger reporting requirement to companies that have been given notice that they are under SMS investigation, rather than having been designated. We do not have to wait until the designation has been made. We have heard already the fears that the large tech players will seek to spin the designation process out. Without Amendment 59, the large tech companies would have an additional incentive to game the system by deliberately prolonging the designation process so that they could complete a merger that would be reportable once designated but which is not reportable before the designation is made. I do not think that it is a good idea to give them further incentive to do that.
This is important. For much too long, the large tech companies have been able to entrench their market power through acquisitions with relative impunity. Very few have been passed to the CMA for investigation. In the 10 years to June 2023, according to Wikipedia—admittedly not the best source, but the only one I could find easily—Alphabet, the owner of Google, has completed at least 129 acquisitions, Apple 81 and Microsoft 110. In each case, that has happened across an extraordinarily wide area of activities. These big companies can afford to gamble on acquisitions, even if all they do is succeed in taking out a competitor, or potential competitor.
The enhanced merger reporting regime that this Bill will introduce is a really important step, and I very much welcome it, but we should ensure that it cannot be side-stepped by making it applicable as soon as a company has been informed that it is under SMS investigation. This does not prejudge the merits of any merger; it would simply allow the CMA to take a look while the SMS investigation is under way, rather than it going through under the radar.
I am sure that the Minister will argue that it would be unfair to apply the more stringent merger reporting rules to companies that have not yet been designated, but I do not believe that that is right. First, under Clause 9, the CMA is able to investigate an SMS firm only when it has reasonable grounds to consider that it may be able to designate an undertaking as having SMS. As previously pointed out, we know who those companies are, and we know that there are reasonable grounds for a lot of them that exist at the moment, as the CMA has already pointed out. More importantly, would not it be extraordinary if a merger that would meet the new threshold, and that therefore might impact the strategic status investigation itself, was not reported to the CMA during the investigation? That cannot make sense.
This is very simple: we know who the strategic players are, we know that they abuse their market power, including through mergers and acquisitions, and we know that they are likely to seek to challenge and prolong designation to avoid regulation—we have seen them do it. So let us at least put them under the enhanced merger reporting rules at the earliest opportunity, rather than leaving it for another couple of years.
Lord Lansley (Con)
My Lords, I am very glad to follow the noble Lord, Lord Vaux of Harrowden, who presented very well the context to both of these amendments and made a very good point about the desirability of extending the scope of Clause 57 in the way proposed in Amendment 59.
Amendment 60 stands in my name and that of the noble Lord, Lord Clement-Jones—who may be able to say something in his absence through the medium of the noble Lord, Lord Fox.
From my point of view, Amendment 60 goes back to the Furman review of 2019, which noble Lords will recall, which reflected a similar point to one that was made by the noble Lord, Lord Vaux of Harrowden. Paragraph 3.44 of the review referred to the preceding decade and said that in that preceding decade
“Amazon, Apple, Facebook, Google, and Microsoft … have made over 400 acquisitions globally”.
Under the Competition and Markets Authority in this country, in that decade none was blocked, none was notified voluntarily and none was called in for phase 1 or phase 2 investigation. There were European Commission investigations—and that might be regarded as the more appropriate umbrella as a competition authority—but it cleared Google and DoubleClick, Apple and Shazam, and Microsoft and LinkedIn. They were not blocked.
The world has moved on since Furman, and you might say that we have learned more and know more about some of the benefits that are obtained by some of those acquisitions. But the Furman review looked very carefully at whether we should regard mergers involving digital companies differently. That is, I suppose, my point.
I refer to paragraph 3.81 and subsequent paragraphs of the Furman review, which said:
“In mergers involving digital companies, the harms”—
the balance of benefits and disbenefits in relation to future competition—
“will often centre around the loss of potential competition”.
It goes on to say:
“Although potentially harmful to consumers, these outcomes are likely to be relatively uncertain at the time of the merger. This may make it hard to demonstrate that a substantial lessening of competition is more likely than not”.
I will come back to “substantial lessening of competition”, which will be a term familiar to many noble Lords. It gave the example, at this point, of the 2012 Facebook acquisition of Instagram, which at the time was a small photo-sharing platform. It said that even if the OFT had gone on from its phase 1 to a more thorough phase 2 investigation—which of course is more than a decade prior to the period it was looking at—it may have been limited in its ability to block the merger by the balance of probabilities standard: looking at a substantial lessening of competition, would it be more likely than not that there would be a substantial lessening of competition? We do not need to debate Facebook and Instagram and how it all turned out.
The Furman review said:
“The CMA should take more frequent and firmer action to challenge mergers that could be detrimental to consumer welfare through reducing future levels of innovation and competition, supported by changes to legislation where necessary”.
That was its strategic recommendation B. It went on to say, in a recommended action:
“Digital companies that have been designated with a strategic market status should be required to make the CMA aware of all intended acquisitions”.
That is indeed exactly what Clause 57 achieves. To that extent, the recommendations of the Furman review were carried through.
Interestingly, the Furman review went on to discuss the question of whether the balance of probabilities standard could be replaced by a balance of harms standard. I am not going to pursue that, because I can see that it was very difficult to vary a standard which is, in effect, not in the statute but is in the substance of the practice. What I have done instead, in Amendment 60, is to ask what it is that is lacking, or may be lacking, and should we, through the mechanism of the Bill, examine very carefully whether we can do more to strengthen the powers of the Competition and Markets Authority in relation to digital competition in particular.
Once there is a notification in relation to a potential merger, Clause 57(9) refers to the steps that the CMA may take in relation to a merger. It refers to Section 33 of the Enterprise Act 2002. It does not change it; it just refers to those steps. I have the benefit—I may not be the only one here, I am not quite sure—of having been on the Standing Committee in the other place on the Competition Act 1998 and the Enterprise Act 2002. I see that my noble friend was on the Standing Committee on the Enterprise Act—and maybe both.
We will come back to the issue, but I say to my noble friend the Minister, in parenthesis, referring to the previous debate, that trying to compare a block exemption under the Competition Act, which is ex post regulation, with an exemption applied in relation to an ex ante imposition of a conduct requirement by the regulator is, I am afraid, a false analogy. I will not go back to that, but I think it does not really apply.
What I have done in Amendment 60 is to seek to vary Section 33 of the Enterprise Act 2002—quite a big thing to do—but only in relation to designated undertakings. The amendment says that if one is a designated undertaking, not only does one have to notify but there is a difference in the structure of Section 33, so that where it says that a reference can be made in relation to
“(a) arrangements are in progress or in contemplation which, if carried into effect, will result in the creation of a relevant merger situation; and (b) the creation of that situation may be expected to result in a substantial lessening of competition within any market or markets in the United Kingdom for goods or services”,
I am seeking adding an “or”. So (a) would apply in all cases; (b) might apply; or (c ) would apply, which the amendment makes clear would say
“or, (c) if the relevant merger situation involves a designated undertaking under section 2 of the Digital Markets, Competition and Consumers Act 2024 the creation of that situation may be expected to result in the loss of future benefit to consumers in the provision of digital activities as a consequence of the forestalling of prospective competition”.
The drafting may be deficient, but I make the point that we need to put in the drafting what we are trying to do. That is to give the CMA explicit statutory cover to look forward—as it does in its five-year forward designation—identify a merger situation and ask, in the context of its forward-looking assessment, which it must do for designation purposes, whether there is an expectation that that merger situation would result in the loss of future benefit to consumers if it were brought into effect. That is a reasonable alignment between the nature of the designation process and its forward-looking character and the desirability of the assessment of any potential merger situation having the same characteristic.
Viscount Camrose (Con)
I very much thank the noble Lords, Lord Vaux and Lord Fox, speaking on behalf of the noble Lord, Lord Clement-Jones, and my noble friend Lord Lansley for using these amendments to raise the very important and quite subtle issues of merger reporting and assessment in digital markets. I also thank the noble Lords, Lord Tyrie and Lord Bassam, and my noble friend Lady Harding for their thoughtful contributions.
Amendment 59, tabled by the noble Lord, Lord Vaux, would extend the duty to report possible mergers, provided for in Chapter 5 of Part 1, beyond firms designated with SMS to also include firms that are subject to a designation investigation. Firms can use anti-competitive mergers to further entrench their powerful market positions, especially in digital markets, where fast-acting damage to competition can be difficult or impossible to reverse. That is why SMS firms will be required to report certain possible mergers to the CMA before they complete. However—this may be a philosophical objection as much as anything else—it would not be proportionate or in keeping with the targeted and evidence-based approach of our regime to apply this duty to firms before the conclusion of a designation investigation.
I agree with the noble Lord, Lord Vaux, that firms under designation investigation may hold powerful positions in the market; some may even have been the subject of previous CMA scrutiny. Nevertheless, it is right that the duty to report should apply only once a firm has been found to have substantial and entrenched market power following a rigorous assessment and SMS designation. To reassure noble Lords, firms under SMS designation investigation will of course remain subject to the economy-wide merger regime. The CMA will be able to intervene where their mergers would harm competition in the UK.
Amendment 60 from my noble friend Lord Lansley—
Lord Vaux of Harrowden (CB)
Before the noble Viscount moves on to the next amendment, there seems to be a slight logical problem here, in the sense that presumably the new enhanced regime was set at the level it was because those mergers are felt to be significant for a strategic market status entity. If it were to do such a merger during an investigation, it would presumably impact potentially on whether the CMA believes that it meets the SMS, and therefore it must be important that the CMA is informed about acquisitions that could impact the investigation itself. It seems that there is a circularity here, but the noble Viscount has not addressed that.
Viscount Camrose (Con)
I do indeed recognise it. As I say, it is a difficult one because equally, one cannot treat undesignated firms as designated until the designation has taken place. I am very happy to carry on considering this with the noble Lord, because the point is a powerful and important one. Before moving on, I just point out that over the course of the necessary consultation activities, it would of course emerge that a firm was considering or evaluating a merger.
Lord Vaux of Harrowden (CB)
As somebody who spent most of his life doing mergers and acquisitions, I can say that they are not always made public.
Viscount Camrose (Con)
As I said, I am very happy to carry on with this; there is a sense of rounding up the usual suspects otherwise.
Amendment 60 from my noble friend Lord Lansley is intended to give the CMA jurisdiction to intervene in a merger when an SMS firm seeks to remove or absorb a smaller firm that could reasonably be expected to compete with it in future. I agree that it is important to ensure that the CMA can act against harmful mergers, including so-called killer acquisitions. I reassure my noble friend that the CMA can and does do so under the current legislative framework.
When reviewing a merger, the CMA can already consider whether it removes a potential future competitor. This can be seen in the Meta/Giphy case where, in its forward-looking assessment, the CMA found that the merger removed Giphy as a potential challenger and consequently ordered Meta to sell Giphy. The decision was upheld by the CAT, which I hope and think shows that the CMA has the necessary legislative cover.
It has been suggested that the CMA and other regulators have not scrutinised mergers by large digital firms enough in the past. However, since the Furman review, the CMA has undertaken a comprehensive review of its merger assessment guidelines and updated them in 2021 to ensure that they more clearly reflect the CMA’s current thinking and practice on digital markets, drawing on conclusions from expert reports, analysis and cases.
Viscount Camrose (Con)
I thank the noble Lord for raising that point. He has alluded a number of times during our conversations to ensuring that the working culture within the CMA is suitably postured to deal with a fast-moving regime. I can indicate that I certainly have sympathy with the intent of enhancing the accountability both to Parliament and government of the CMA—with this and other ends in mind, but to ensure that it remains assiduous in its identification of opportunities to intervene.
The Bill will enhance the CMA’s ability to act to prevent harmful mergers by SMS firms. The reporting requirement will improve the transparency of merger activity in digital markets. Additionally, Clause 127 in Part 2 and Schedule 4 will introduce a new acquirer-focused jurisdiction threshold, which provides an additional basis for the CMA to review mergers involving large firms, including SMS firms.
For these reasons, I hope that the noble Lords, Lord Vaux and Lord Clement-Jones, and my noble friend Lord Lansley will be reassured for the time being and not press their amendments.
Lord Vaux of Harrowden (CB)
My Lords, I thank all noble Lords who have taken part in this short but interesting debate. I should say that I forgot to thank the noble Lord, Lord Clement-Jones, who sadly really is not here at the moment, for supporting my amendment. He is here in the spirit of the noble Lord, Lord Fox.
We have heard some excellent points—in particular the description from the noble Lords, Lord Lansley, Lord Fox and Lord Tyrie, of how regulating acquisitions in this sector is difficult and challenging. It is a sector where even quite small and apparently insignificant acquisitions can end up having a really substantial impact; we had the description from the noble Lord, Lord Tyrie, of the change in culture that will be required at the CMA to deal with that. This is an area that the Government will have to continue thinking about. We might want to discuss this further between now and Report.
I am also grateful to the noble Baroness, Lady Harding, for correcting me on Google’s desire to co-operate with the competition authorities, which is obviously most welcome. I am grateful for her correction. She is also right that my Amendment 59 is a small one, but I think that it is important, and I very much welcome the Minister’s offer to discuss it further as the process goes on. On that basis, I beg leave to withdraw Amendment 59.
Data Protection and Digital Information Bill
Lord Vaux of Harrowden ExcerptsTuesday 19th December 2023
(4 months, 2 weeks ago)
Lords ChamberRead Full debate Data Protection and Digital Information Bill 2022-23 View all Data Protection and Digital Information Bill 2022-23 Debates Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: Consideration of Bill Amendments as at 29 November 2023 - large print - (29 Nov 2023)
Lord Vaux of Harrowden (CB)
My Lords, it is a great pleasure to follow my noble friend Lord de Clifford and to congratulate him on an excellent and insightful maiden speech. I am pleased that he has chosen this important Bill for this occasion. Data protection is something of a minority sport and it is great to add another person to the select group in this Chamber.
Data protection is about finding the right balance between protecting individuals’ privacy and the bureaucracy and costs that go with it, for small businesses and others. My noble friend’s long experience in managing small and medium-sized businesses gives him great insight into how these regulations will impact the businesses that typically find it most difficult to deal with greater bureaucracy, as he so rightly pointed out. SMEs are often overlooked more generally, so having such an experienced voice to remind us of their importance during our deliberations will be a great asset to the House, and from a personal point of view it is a great pleasure to welcome a fellow finance professional to join us.
The noble Lord’s experience in the veterinary sector should also be of enormous value to the House. I hope that my noble friend Lord Trees will not mind having his monopolistic position in the field broken. It seems that the noble Lord has also been hiding another light under a bushel: I believe that he has also competed for Great Britain in equestrianism, so he is clearly a man of many talents. I tried to find a joke to do with horsing around, but I am afraid that inspiration completely deserted me. I—and, I am sure, all noble Lords—look forward to his future contributions, both on this Bill and more widely.
I turn now to the specifics of the Bill. As I mentioned, data protection is about finding the right balance between individual privacy and the costs, processes and rules that must be in place, alongside the ability to carry out essential criminal investigations and national security. I think it is generally agreed that the GDPR has its flaws, so an effort to look again at that balance is welcome. There is much in the Bill to like. However, there are a number of areas where the Bill may move the balance too far away from individual privacy, as a number of other noble Lords have already mentioned. In fact, there is not much that I have disagreed with in the speeches so far.
It is a long and very complex Bill; the fact that the excellent Library briefing alone runs to 70 pages says a lot. It will not be possible to raise all issues; noble Lords are probably grateful for that. I am going to concentrate on four areas where I can see significant risks, but the Minister should not take that as meaning that I disagree with other things that have been said so far; I agree with almost everything that has been raised.
First, a general concern raised a number of times, in particular by the noble Lord, Lord Allan, is that the Bill moves us significantly away from our existing data protection rules, which were based clearly on the EU regulations. We are currently benefiting from an EU data adequacy ruling which allows data to be transferred freely between the EU and the UK. This was a major concern at the time of the Brexit discussions. At that time, data adequacy was not a given. This ruling comes to an end in July 2025, but it can be ended sooner if the EU considers that our data protection rules have diverged too far.
The impact assessment for the Bill—another inch-thick document—says:
“Cross-border data transfers are a key facilitator of international trade, particularly for digitised services. Transfers underpin business transactions and financial flows. They also help streamline supply chain management and allow business to scale and trade globally”.
It is good that the impact assessment recognises that. The loss of data adequacy would therefore have significant negative impacts on trade and on the costs of doing business. Without it, alternative and more costly methods of transferring data would be required, such as standard contractual clauses. There are also implications for investment, as the noble Lord, Lord Allan, pointed out. Large international financial services organisations would be much less likely to establish data processing activities in the UK if we were to lose data adequacy. Indeed, they may decide that it is worth moving their facilities away from here.
The impact assessment suggests surprisingly low costs that might arise: one-off costs of £190 million to £460 million, and annual lost trade of £210 million to £420 million. However, these are only the direct reduction in trade with the EU; as the impact assessment points out, they will likely be larger when taking into account interactions with onward supply chains.
The impact assessment does not judge the probability of losing the data adequacy status. I find that rather extraordinary, possibly even shocking, as it is so important. The New Economics Foundation and UCL conservatively estimate the cost of losing data adequacy at £1 billion to £1.6 billion; however you look at it, these are very large numbers.
What can the Minister tell us that could set our minds at rest? What discussions have taken place with the EU? What initial indications have been received? What changes have been made to the original draft Bill to take account of concerns raised by the EU around data adequacy? What is the Government’s assessment of this risk? The Bill has been on the blocks for a long time now. I have to assume that a responsible Government must have had discussions with the EU around data adequacy in relation to these proposals.
Secondly, as we have heard, Clause 129 would enable Ofcom to require social media companies to retain information in connection with an investigation by a coroner into the death of a child, where the child was suspected to have died by suicide. This is a welcome addition but, as we have heard, it does not go far enough. It does not include all situations where a death was potentially related to online activity; for example, online grooming. My noble friend Lady Kidron has, as always, covered this with much greater eloquence than I could. I suspect the Minister already knows that the Government have got this wrong. As the noble Lord, Lord Knight, pointed out, it would be a brave Minister who tried to hold the current line in the face of opposition from my noble friend. I welcome the words that the Minister said at the beginning of this debate—that he is willing to engage on this matter. I hope that engagement will be constructive.
Thirdly, the Bill introduces draconian rules that would enable the DWP to access welfare recipients’ personal data by requiring banks and building societies to conduct mass monitoring without any reasonable grounds for suspecting fraudulent activity. As the noble Baroness, Lady Young, pointed out, this includes anyone receiving any kind of benefit, including low-risk benefits such as state pensions, so, as she has pointed out, most noble Lords will be subject to this potential intrusion into their privacy—although, fortunately, not me yet. The Government argue that this power is required to reduce levels of benefit fraud. My enthusiasm to tackle fraud is well known, but the Government already have powers to require information where they have grounds to suspect fraudulent behaviour. This new power, effectively enabling them to trawl any bank account with no grounds at all, is a step too far, and constitutes a worrying level of creep towards a surveillance society.
That brings me neatly on to my fourth concern, which the noble Lord, Lord Kamall, raised earlier. The Bill will abolish the post of Biometric and Surveillance Camera Commissioner—currently it is one person—as well as the surveillance camera code. It was interesting that the Minister did not mention this in his opening speech. It is extremely important.
The Government argue that these functions are covered elsewhere or would be moved elsewhere—for example, to the ICO—but that does not seem to be the case. An independent report by the Centre for Research into Information, Surveillance and Privacy, commissioned by the outgoing commissioner, sets out a whole range of areas in which there will be serious gaps in the oversight of handling biometric data and, in particular, the use of surveillance cameras, including facial recognition.
The independent report concludes that none of the Government’s arguments that the functions are adequately covered elsewhere “bear robust scrutiny”. It notes in particular that the claim that the Information Commissioner’s Office will unproblematically take on many BSCC functions mistakes surveillance as a purely data protection matter and thereby limits
“recognition of potential surveillance-related harms”.
Given the ever-widening use of surveillance in this country, including live and retrospective facial recognition, and the myriad other methods of non-facial recognition being developed, such as gait recognition or, as I was reading about this morning, laser-based cardiac recognition—it can read your heartbeat through your clothing—alongside the ability to process and retain ever greater amounts of data and the emerging technology of AI, having clear rules on and oversight of biometrics and surveillance is more important than ever. We see how the misuse of surveillance can go—just look at China. Imagine, for example, if this technology, unfettered, had been available when homosexuality was illegal. Why do the Government want to remove the existing safeguards? With the advances in technology, surely these are more important than ever. We should be strengthening safeguards, not removing them.
The outgoing commissioner—if the Government get their way, the last surveillance camera commissioner —Professor Sampson, put it best:
“There is no question that AI-driven biometric surveillance can be intrusive, and that the line between what is private and public surveillance is becoming increasingly blurred. The technology is among us already and the speed of change is dizzying with powerful capabilities evolving and combining in novel and challenging ways … The planned loss of the surveillance camera code is a good example of what will be lost if nothing is done. It is the only legal instrument we have in this country that specifically governs public space surveillance. It is widely respected by the police, local authorities and the surveillance industry in general. It’s one of those things that would have to be invented it didn’t already exist, so it seems absolutely senseless to destroy it now, junking the years of hard work it took to get it established”.
These are just four of the areas of concern in the Bill. There are many more, as we have heard. In the other place, following the failure of the recommittal Motion after all the new amendments were dropped in at the last minute, David Davis MP said that the Commons had
“in effect delegated large parts of the work on this important Bill to the House of Lords”.—[Official Report, Commons, 29/11/23; col. 888.]
That is our job, and I believe that we do it well. I hope the Minister will engage constructively with the very genuine concerns that have been raised. We must get this Bill right. If we do not, we risk substantial damage to the economy, businesses, individuals’ privacy rights—especially children—and even, as far as the surveillance elements go, to our status as a free and open democratic society.
Animal Torture: Online Videos
Lord Vaux of Harrowden Excerpts(10 months, 1 week ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Viscount Camrose (Con)
I have the numbers prosecuted for animal cruelty in my notes somewhere; I will happily write to the noble Lord.
Lord Vaux of Harrowden (CB)
My Lords, at the moment the law we have been talking about has been preventing those who are perpetrating the harm and publishing it, but is there any merit in going after the people who are watching it and paying for it and have it on their computers—the consumers who ultimately are generating the harm at the end?
Viscount Camrose (Con)
Indeed. I stress that laws preventing these behaviours are already in existence, and the Online Safety Bill supports those laws in some sense. If content is illegal, platforms are obliged to take it down. If content creates a risk of harm to children, again, platforms are obliged to take it down. In the case of the largest platforms, the so-called category 1 platforms, if content violates their terms of service, they are obliged to take it down.