Kevin Brennan (Cardiff West) (Lab)

- Hansard -

Copy Link

-

It is welcome to have a deadline, but would it not be better if that meeting took place before Report, so that the Commons has an opportunity to consider the points made at it?

Kevin Brennan

- Hansard -

Copy Link

-

I beg to move, That the clause be read a Second time.

I hope that the Minister enjoys his concert next week; I am sure he will be feelin’ groovy. I rise to speak to new clause 15, which is a probing new clause to clarify when a digital service is deemed to be an active provider of copyright-protected content. Taking on board what you have said, Mr Stringer, I will truncate my remarks.

The Electronic Commerce (EC Directive) Regulations 2002, which put into law the EU’s e-commerce directive 2000, include certain exemptions from liability for online services, including copyright-protected works. The fundamental concern from the music industry is that the hosting defence provided by regulation 19 of the 2002 regulations acts as a safe harbour and allows some services, including user-uploaded services such as YouTube, to circumvent the normal rules of licensing.

Those services can use copyright-protected content—a song by Paul Simon or Green Day, for example—to build businesses without fairly remunerating rights holders. In recent years, the music industry has argued that the online content market has developed in such a way that there is now a value gap between rights holders, such as artists, record companies and publishers and so on, and the digital services themselves, such as YouTube.

As evidence of that, the recent report by UK Music, “Measuring Music 2016”, highlighted that user-uploaded service YouTube, the most widely used global streaming platform, increased its payments to music rights holders by 11% in 2015, despite consumption on the service growing by 132%. That is the value gap in a nutshell. Further industry analysis indicates that video streams increased by 88% year on year, but generated only a 0.4% increase in revenues. Nine of the top 10 most watched videos on YouTube are official music videos by artists such as Adele, Psy, Taylor Swift and Justin Bieber.

The inequality ensuing from that safe harbour is not only between those who produce music and those who promote it online; the provisions in new clause 15 have benefits for other sectors that seek to achieve a level playing field in online markets, too. The current legal ambiguity and imbalance has created a distortion in the digital market itself, with services such as YouTube benefiting from those exemptions while other services, such as Apple Music and Spotify, do not. The reality is that many people principally use YouTube to play music. It is nonsense to suppose it is not an active provider of copyright-protected content as those other services are.

There was, and continues to be, a justification for exemptions in some areas for passive hosts, but those must reflect the balance between the rights of rights holders and users. The industry is concerned that existing provisions are not sufficiently defined and as a result are open to deliberate manipulation. New clause 15, which stands in my name and that of my hon. Friend the Member for Sheffield, Heeley, aims to clarify the legislative framework, so that creators and rights holders can secure a fair and proper value for the use of their work by online services in a fair and properly functioning market.

Will the Minister clarify some issues? Many of the matters raised by new clause 15 are being considered by European institutions at this very moment. On 14 September, the day after Second Reading, the European Commission published a draft directive on copyright that seeks to address many of these points. That is a welcome development, and the Minister will probably to refer to it in his response. After the recent referendum put us on the path towards Brexit, many issues have been raised in relation to these proposals. It is highly conceivable that we will be Brexiting at the same time as Europe begins to adopt copyright rules for a digital age.

I would like to ask the Minister a few questions. First, will he assure us that the UK Government remain committed to engaging constructively with the European Union on matters relating to the draft copyright directive, and that they will put the interests of the creative industries at the heart of their representations? Secondly, will he support the positive measures in the draft directive that address the value gap between rights holders—particularly the music industry—and digital services?

Thirdly, and more generally, once article 50 is triggered, how do the UK Government intend to implement legislation agreed in Europe before we Brexit? Finally, what commitments is the Minister prepared to make today to reassure UK creators and rights holders that they will not miss out on any positive measures contained in the draft directive as a result of leaving the European Union?

Kevin Brennan

- Hansard -

Copy Link

-

The new clause was a probing amendment, and I thank the Minister for his response. It is important to have the Government’s response on the record.

We debate this issue in the context of the UK music industry’s growth: over a four-year period, it has grown by 17%. During that same period, there has been a massive shift from consumers owning music towards the streaming of music. The value of subscription streaming services has jumped from £168 million in 2014 to £251 million in 2015. So there is a model, if you like, in the market, which can produce value for the industry, but it is being undermined by the value gap that is created by the different treatment of these different types of services.

I accept that the Minister has put on the record the Government’s current position and said that there will be a positive engagement with this issue. On that basis, I beg to ask leave to withdraw the motion.

Clause, by leave, withdrawn.

New Clause 16

E-book lending

‘In section 43(2) of the Digital Economy Act 2010, leave out from “limited time” to “and loan.”’

This new clause aims to extend public lending rights to remote offsite e-book lending.—(Kevin Brennan.)

Brought up, and read the First time.

Kevin Brennan

- Hansard -

Copy Link

-

I beg to move that the new clause be read a Second time.

This new clause would enable the consideration of public lending right for remote e-lending from libraries. That would be achieved by amending section 43(2) of the Digital Economy Act 2010, which sets remote loans outside the definition of lending under public lending right.

I do not know whether the Minister, like me, is a bit of a dinosaur and prefers his books to come in physical form—I am currently reading Bruce Springsteen’s autobiography, which I recommend, as well as Ed Balls’s book on politics, which is also very good. However, in this Digital Economy Bill we should acknowledge the increasing role of e-books and their impact on the income of authors. The spirit of the Bill is that we should better reflect how technology has changed our economy, so it is important that we go further in some places to acknowledge where technological change has outpaced legislation in relation to the arts.

Our approach here should be informed by the fact that we have the Digital Economy Act 2010. At the time that it was passed, some opportunities were missed. We should keep that in mind as we discuss this Bill and make sure that we do not allow those opportunities to pass by again as the Bill completes its stages in the House of Commons and afterwards in the other place.

The Digital Economy Act 2010 made some progress but it failed to forecast how our relationship with books would change. In particular, the 2010 Act touched on the subject of e-books, but its wording ignored the main way libraries would end up lending e-books: remotely, over an internet connection. Of course, remote lending is a natural continuation of the function of e-books. One of the main benefits of e-books is that they escape physical constraints such as location and storage.

However, under current legislation, authors receive no payment when a public library loans their book remotely, which is different from any other form of book loan. Last year, 2.3 million remote loans were made, but they were not counted at all towards authors’ payments because the 2010 Act allowed only for on-site loans of e-books, of which there was a negligible number—who will go to a library when they can borrow the book remotely? That is the whole point of e-books. There is no reason in principle why the distinction should exist; that is what the philosophy of this Bill is supposed to be. Nevertheless, as a result, the public lending right—a right for authors established in 1979—has not been honoured, due to the failure of the 2010 Act to keep up with technological change.

I hope that we can take the opportunity today to avoid repeating that mistake. The Society of Authors, the Association of Illustrators, and the Authors’ Licensing and Collecting Society all support the new clause. Public lending right is designed to balance the social need for free public access to books against an author’s right to be remunerated for the use of their work. Indeed, public lending right provides a significant and much-valued part of many authors’ incomes, particularly those authors whose books are sold mainly to libraries and those whose books are no longer in print.

The recent opinion of the Advocate General, relating to a case on rental and lending in respect of copyright works that is currently before the Court of Justice of the European Union, asserted that the lending of electronic books is the modern equivalent of the lending of printed books. I am aware that the Government expressed a desire to reflect this technological change in their March 2013 response to the independent review of e-lending in public libraries in England, but for some reason—perhaps the Minister can tell us why—they have neglected to take the opportunity presented by this Bill to put the matter right.

Furthermore, figures from March this year show that 343 libraries in the UK have been shut down in the past six years, with another 111 closures planned for 2016, which will result in the loss of almost 8,000 jobs. So it is particularly nonsensical not to apply PLR to remote e-book lending, given that it is becoming increasingly hard to visit a physical library. PLR is a legal right and a keystone of a society in which authors receive reward for their considerable cultural contribution. While we can all benefit from technological change and new ways of accessing creative works, it is important that the obligation to remunerate authors fairly is acknowledged and honoured.

Having acknowledged this loophole and the difficulties it causes, it is vital that the Bill addresses the issue, so that right-holders are treated equitably. Will the Minister take action on this issue and accept the new clause—and if not, why?

Kevin Brennan

- Hansard -

Copy Link

-

I will, but I do not think that there is any real need for the Minister not to commit carrying the measure out in the Bill. It simply extends what is already available. If someone borrowed an e-book by turning up at a library, the author would receive their public lending right, but if they did so remotely through the same library service, the author would not. Clearly that is an unacceptable injustice and anomaly.

The Minister has said that the Government need to take their time. It was March 2013 when they said in their response to the independent review that they intended to reflect that technology change. Three years and eight months later, we have a Bill in Committee in the House of Commons and still the Government say they need to take their time to get it right. This Bill is the right time to get it right. I hope the Minister will reflect further on the raft of amendments to this defective Bill that will be introduced in the House of Lords if we do not put this right in the House of Commons. I beg to ask leave to withdraw the motion.

Clause, by leave, withdrawn.

New Clause 19

Personal data breaches

‘(1) The Data Protection Act 1998 is amended as follows.

(2) After section 24 insert—

“24A Personal data breaches: notification to the Commissioner

(1) In this section, section 24B and section 24C, “personal data breach” means unauthorised or unlawful processing of personal data or accidental loss or destruction of, or damage to, personal data.

(2) Subject to subsections (3), (4)(c) and (4)(d), if a personal data breach occurs, the data controller in respect of the personal data concerned in that breach shall, without undue delay, notify the breach to the Commissioner.

(3) The notification referred to in subsection (2) is not required to the extent that the personal data concerned in the personal data breach are exempt from the seventh data protection principle.

(4) The Secretary of State may by regulations—

(a) prescribe matters which a notification under subsection (2) must contain;

(b) prescribe the period within which, following detection of a personal data breach, a notification under subsection (2) must be given;

(c) provide that subsection (2) shall not apply to certain data controllers;

(d) provide that subsection (2) shall not apply to personal data breaches of a particular description or descriptions.

24B Personal data breaches: notification to the data subject

‘(1) Subject to subsections (2), (3), (4), (6)(b) and (6)(c), if a personal data breach is likely to adversely affect the personal data or privacy of a data subject, the data controller in respect of the personal data concerned in that breach shall also, without undue delay, notify the breach to the data subject concerned, insofar as it is reasonably practicable to do so.

(2) The notification referred to in subsection (1) is not required to the extent that the personal data concerned in the personal data breach are exempt from the seventh data protection principle.

(3) The notification referred to in subsection (1) is not required to the extent that the personal data concerned in the personal data breach are exempt from section 7(1).

(4) The notification referred to in subsection (1) is not required if the data controller has demonstrated, to the satisfaction of the Commissioner—

(a) that the data controller has implemented appropriate measures which render the data unintelligible to any person who is not authorised to access it, and

(b) that those measures were applied to the data concerned in that personal data breach.

(5) If the data controller has not notified the data subject in compliance with subsection (1), the Commissioner may, having considered the likely adverse effects of the personal data breach, require the data controller to do so.

(6) The Secretary of State may by regulations—

(a) prescribe matters which a notification under subsection (1) must contain;

(b) provide that subsection (1) shall not apply to certain data controllers;

(c) provide that subsection (1) shall not apply to personal data breaches of a particular description or descriptions.

24C Personal data breaches: audit

‘(1) Data controllers shall maintain an inventory of personal data breaches comprising—

(a) the facts surrounding the breach,

(b) the effects of that breach, and

(c) remedial action taken

which shall be sufficient to enable the Commissioner to verify compliance with the provisions of sections 24A and 24B. The inventory shall only include information necessary for this purpose.

(2) The Commissioner may audit the compliance of data controllers with the provisions of sections 24A, 24B and 24C(1).

(3) In section 40 (Enforcement notices)—

(a) in subsection (1)—

(i) after “data protection principles,” insert “or section 24A, 24B or 24C”;

(ii) for “principle or principles” substitute “principle, principles, section or sections”;

(b) in subsection 6(a) after “principles” insert “or the section or sections”.

(4) In section 41 (Cancellation of enforcement notice”)—

(a) in subsection (1) after “principles” insert “or the section or sections”;

(b) in subsection (2) after “principles” insert “or the section or sections”.

(5) In section 41A (Assessment notices)—

(a) in subsection (1) after “data protection principles” insert “or section 24A, 24B or 24C”;

(b) in subsection (10)(b) after “data protection principles” insert “or section 24A, 24B or 24C”.

(6) In section 41C (Code of practice about assessment notices)—

(a) in subsection (4)(a) after “principles” insert “and sections 24A, 24B and 24C”;

(b) in subsection (4)(b) after “principles” insert “or sections”.

(7) In section 43 (Information notices)—

(a) in subsection 43(1)—

(i) after “data protection principles” insert “or section 24A, 24B or 24C”;

(ii) after “the principles” insert “or those sections”;

(b) in subsection 43(2)(b) after “principles” insert “or section 24A, 24B or 24C”.

(8) In section 55A (Power of Commissioner to impose monetary penalty)—

(a) after subsection (1) insert—

“(1A) The Commissioner may also serve a data controller with a monetary penalty notice if the Commissioner is satisfied that there has been a serious contravention of section 24A, 24B or 24C by the data controller.”;

(b) in subsection (3A) after “subsection (1)” insert “or (1A)”;

(c) in subsection (4) omit “determined by the Commissioner and”;

(d) in subsection (5)—

(i) after “The amount” insert “specified in a monetary penalty notice served under subsection (1) shall be”;

(ii) after “Commissioner” insert “and”;

(e) after subsection (5) insert—

“(5A) The amount specified in a monetary penalty notice served under subsection (1A) shall be £1,000.

(5B) The Secretary of State may by regulations amend subsection (5A) to change the amount specified therein.”

(9) In section 55B (Monetary penalty notices: procedural rights)—

(a) in subsection (3)(a) omit “and”;

(b) after subsection (3)(a) insert—

(aa) specify the provision of this Act of which the Commissioner is satisfied there has been a serious contravention, and”;

(c) after subsection (3) insert—

“(3A) A data controller may discharge liability for a monetary penalty in respect of a contravention of section 24A, 24B or 24C if he pays to the Commissioner the amount of £800 before the time within which the data controller may make representations to the Commissioner has expired.

(3B) A notice of intent served in respect of a contravention of section 24A, 24B or 24C must include a statement informing the data controller of the opportunity to discharge liability for the monetary penalty.

(3C) The Secretary of State may by regulations amend subsection (3A) to change the amount specified therein, save that the amount specified in subsection (3A) must be less than the amount specified in section 55A(5A).”;

(d) in subsection (5) after “served” insert “under section 55A(1)”;

(e) after subsection (5) insert—

“(5A) A person on whom a monetary penalty notice is served under section 55A(1A) may appeal to the Tribunal against the issue of the monetary penalty notice.”

(10) In section 55C(2)(b) (Guidance about monetary penalty notices) at the end insert “specified in a monetary penalty notice served under section 55A(1)”.

(12) In section 67 (Orders, regulations and rules)—

(a) in subsection (4)—

(i) after “order” insert “or regulations”;

(ii) after “section 22(1),” insert “section 24A(4)(c) or (d), 24B(6)(b) or(c),”;

(b) in subsection (5)—

(i) after subsection (c) insert “(ca) regulations under section 24A(4)(a) or (b) or section 24B(6)(a),”;

(ii) for “(ca) regulations under section 55A(5) or (7) or 55B(3)(b),” substitute “(cb) regulations under section 55A(5), (5B) or (7) or 55B(3)(b) or (3C),”.

(13) In section 71 (Index of defined expressions) after “personal data |section 1(1)” insert “personal data breach |section 24A(1)”.

(14) In paragraph 1 of Schedule 9—

(a) after paragraph 1(1)(a) insert—

“(aa) that a data controller has contravened or is contravening any provision of section 24A, 24B or 24C, or”;

(b) in paragraph 1(1B) after “principles” insert “or section 24A, 24B or 24C”;

(c) in paragraph (3)(d)(ii) after “principles” insert “or section 24A, 24B or 24C”;

(d) in paragraph (3)(f) after “principles” insert “or section 24A, 24B or 24C.””

This new clause seeks to create a general obligation on data controllers to notify the Information Commissioner and data subjects in the event of a breach of personal data security. The proposed obligation is similar to that imposed on electronic communication service providers by the Privacy and Electronic Communications (EC Directive) Regulations 2003.—(Louise Haigh.)

Brought up, and read the First time.

Kevin Brennan

- Hansard -

Copy Link

-

It’s your tone that is the problem, Minister.