Baroness Howe of Idlicote (CB)

- Hansard -

Copy Link

- - Excerpts

My Lords, I am glad to support Amendment 7 and the related amendments in the name of my noble friend Lady Kidron. Like others, I commend her for her perseverance and commitment in ensuring that we see children flourish as they grow from the early years of digital interaction to adulthood.

In 2010, the annual Ofcom media report made no mention of tablet computers. In 2017, 21% of three year-olds have their own tablet. This is the world in which our children are growing up. We use the global term “children” easily, which under the United Nations Convention on the Rights of the Child means a person under the age of 18. As those years encompass such diverse development, the Information Commissioner has a considerable challenge ahead to identify design suitable to cover all those needs. I for one wish her well.

As I have made clear on many occasions, I am for positive use of the internet by children, and for resources which help parents raise their children in the digital age. With that preface in mind, I would like to ask some questions about these amendments to clarify the intentions and the way forward.

First, during the debates we have had on Clause 8, we have talked about children aged between 13 and 16. Amendment 109 refers to a code being developed for sites,

“which are likely to be accessed by children”.

I hope that my noble friend and the Minister will clarify which age group we are referring to, since there is no definition of children in the Bill but the terms “child” and “children” are used in the headings of Clauses 8 and 191, where the relevant age of the child is 13 and 12 respectively. As Amendment 109 refers to the UNCRC, I assume that the intention is that the age-appropriate design code of practice will cover all children up to the age of 18. However, it would be very helpful for a definition of children to be included in the relevant clauses so that there is no uncertainty.

Secondly, I hope that there will be clarification of which sites will fall within the requirements of the code. Clearly, the expectation is that the code will go beyond sites which would require the consent of children, but will it apply only to sites whose primary intention is to reach children? For instance, in the last couple of weeks, Facebook has launched a chat app for children who are not old enough to be signed up to Facebook. The new app is aimed at six to 12 year-olds. Will the new code apply just to this app or to the version of Facebook that permits access by those aged 13 and above as well?

On 23 November, this House discussed online problem gambling. A number of interventions were made by noble Lords on online gambling sites that have games involving cartoon characters which look similar to characters in children’s TV, and most certainly appeal to children. When the Times reported on these games, the chief executive of the Remote Gambling Association said that companies were not deliberately targeting children but that some nostalgic games might inadvertently be attractive to them. I hope that the position of these sites under the code, which in theory should not be accessible to children but clearly are, will also be addressed.

Thirdly, how will sites complying with the age-appropriate design be obvious to parents, especially to parents who consent to their child’s use of any data? In this context, will the new code be incorporated into the next draft of the Internet Safety Strategy? Finally, how will the code be enforced? Without some good enforcement mechanism, it is likely that it will not have as wide-reaching an impact as this House hopes that it will.

These amendments have come at a late stage in our consideration of this Bill. I look forward to hearing what my noble friend and the Minister have to say in response to my questions. I hope that the other place will continue to reflect on the proposal before us today and refine it if necessary. I hope too that it will continue to ask questions about whether the digital age of consent of 13 is the most appropriate age, and that there will be satisfactory evidence that 13 is in the best interests of our young people.

The internet puts the world at the fingertips of our children. I commend my noble friend Lady Kidron for working to ensure that children are able to make the most of this amazing resource in a way that supports child development.

Lord McNally (LD)

- Hansard -

Copy Link

- - Excerpts

My Lords, not for the first time in her distinguished career in this House, the noble Baroness, Lady Howe, has asked some pertinent questions, the answers to which I look forward to. First, however, I pay tribute to the noble Baroness, Lady Kidron. It is quite often difficult for a parliamentarian to know whether they have made a difference; we all get swept up in the tide of things. However, I have looked at the Bill as it has moved through both the other place and here, and without her intervention, her perseverance and her articulate exposition of the case, we would not be where we are today. She should take great credit for that.

In some respects, there is a sense of déjà vu. I am glad to see the noble Lord, Lord Puttnam, in his place; I was on his committee 15 years ago which looked at the Communications Act and the implications of what were then new technologies. However, looking back, the truth is that we had only an inkling of the tsunami of technology that was about to hit us and how we would control it. There are some things that we might have done during the passage of that Bill to anticipate some problems that we did not do. However, it is always difficult to know the future. Indeed, of all the things I have had a bit to do with, the creation of Ofcom is one that I take great pride in. For all its problems, Ofcom has proved itself a most effective regulator, and these days it seems that it is asked to do more and more.

That brings us to what is being suggested with the ICO. It is extremely important that the ICO is given the resources, the teeth and the political support to carry out the robust tasks that we are now charging it with. That was not thought of for the ICO when it was first created. We are therefore creating new responsibilities, and we have to will the ends in that respect.

One of the good things about the amendments in the name of the noble Baroness, Lady Kidron, is that this is beginning slightly to impinge on the tech companies—they cannot exist in a kind of Wild West, where anything goes. I think I said at an earlier stage that when I hear people say, “Oh well, the internet is beyond political control and the rule of law”, every fibre of my being as a parliamentarian says, “Oh no it’s not, and we’ll show you that it’s not”. This is a step towards making it clear to the tech companies that they have to step up to the plate and start developing a sense of corporate social responsibility, particularly in the area of the care of children.

Baroness Hamwee

- Hansard -

Copy Link

- - Excerpts

My Lords, I speak also to the other amendments in this group. All these amendments are suggested by the Bar Council and stand in my name and those of the noble Lord, Lord Arbuthnot of Edrom, and the noble Baroness, Lady Neville-Rolfe. All concern legal professional privilege, a subject which the Committee and the House have frequently debated. I know I do not need to stress its importance or remind noble Lords—but obviously, I am just about to—that the confidentiality and privilege are those of the client, not the lawyer.

The Bar Council comments that the powers of the commissioner to have access to the information and systems of data controllers should be limited where the data controller is a legal professional or anyone subject to the requirements of client confidentiality and legal professional privilege. It reminded us that there are exceptions in the 1998 Act which deal with this. Legal professional privilege cannot be waived by the lawyer but is subject to contractual or other legal restrictions. In the clauses in question, legal professional privilege seems to be overridden in circumstances where the commissioner considers that she needs to look at the data to perform her functions. Clause 128(1) refers to use or disclosure,

“only so far as necessary for carrying out those functions”—

that is, the commissioner’s functions. I suggest that this is inappropriate given the provisions elsewhere in the Bill which we now seek to amend.

Amendments 161A, 161B, 161C and 161D deal with confidential legal materials which it is proposed should be inserted and covered. These are defined in the last of these four amendments as “materials brought into being”, as distinct from documents which are communicated between an adviser and a client, and thus would be wider, and include materials brought into being,

“for the purpose of establishing, exercising or defending legal rights”,

which is wider than the Bill provides.

The Bill does not contain directions as to the purpose of the guidance on protection of privileged material. Amendment 161C would give a direction to the commissioner as to the purpose. Amendments 162A, 162B, 163ZA and 163ZB would again extend the protection. Clauses 138 and 141 are limited to documents that relate to data protection legislation. These amendments would widen the protection to all documents protected by legal professional privilege.

Clause 138(5) does not cover the right of self-incrimination of other persons, such as the client of a legal representative or a family member of a client, who would not be entitled to rely on privilege. Amendment 162C would widen the class of persons to others. Since the client may well be seeking advice or representation in relation to a matter which might incriminate him, the Bar Council asks us to point out that this is particularly important.

Amendment 163B reflects provisions in Clause 138, on information notices, and in Clause 141, on assessment notices, and extends the restrictions to enforcement notices. The clauses I have mentioned provide that a person is not required to give the commissioner privileged material—I beg your Lordships’ pardon; a bracket has been opened and I am seeking where it closes—in response to such a notice. As I say, this would extend that restriction to enforcement notices.

Finally, on Amendment 164B, professionals may be restricted in providing information to the commissioner in respect of their processing, because of privilege or an obligation of confidentiality, compliance with the Bar code of conduct, or rules or orders of the court. The Bar Council wishes the Committee to be aware that a barrister,

“may wish to disclose information in mitigation or explanation for a breach of the GDPR provisions, but be unable to do so because disclosure would place”,

counsel,

“in breach of professional conduct rules or other confidentiality obligations, or in breach of data protection obligations because it is not possible to obtain consent for”,

the processing.

Compliance with the profession’s rules might have the result of exposing a barrister to a higher penalty to be imposed by the commissioner as a result of that inability, which does not seem fair. The amendment would provide that circumstances of this kind may be taken into account by the commissioner when assessing the penalty by adding a paragraph to the mitigating circumstances in the list. As the Bar Council points out, none of these points would prevent the commissioner effectively carrying out her duties. Even if she were,

“prevented from seeing privileged and confidential material, this … would be a justified and necessary consequence of … proper weight being given to the citizen’s fundamental right to consult a lawyer and to maintain the confidentiality”.

However, if unamended, there could be a conflict between the legal regulators and the commissioner. I beg to move.

Lord Whitty (Lab)

- Hansard -

Copy Link

- - Excerpts

My Lords, I have two sets of amendments in this group. The first ones are actually amendments to that of the noble Lord, Lord Arbuthnot, because, like him, I think it would be useful, given the range of delegated powers within the Bill, if we wrote the super-affirmative resolution into the Bill. If we do not succeed in greatly reducing the amount of delegated legislation that is permitted under the Bill—although I hope my noble friend Lord Stevenson and others do—we need to treat that delegated legislation when it is brought forward in a way that is more intensive, consultative and engaging than our normal simple affirmative resolutions.

So I support the principle of the amendment of the noble Lord, Lord Arbuthnot, and the noble Baroness, Lady Neville-Rolfe. My Amendments 182A to 182C would simply add an additional dimension. As I read the amendment at the moment, it is emphatic on getting the Government to identify the impact on industry, charities and public bodies. The main point that we are all concerned about is actually the impact on individuals, the data subjects, yet they are not explicitly referred to in the draft of the amendment before us. My three amendments would therefore effectively do two things: first, they would require the Minister to consult data subjects or organisations representing them, such as consumer organisations, as well as those stipulated in the amendment as it stands; and, secondly, they would ensure that the impact assessments related to the impact on individuals as well as on organisations. I hope that the noble Lord would agree to my amendments at whatever point he and the noble Baroness propose to put this to the vote, in which case I could fully support their amendment.

My Amendment 22A is a specific example of the themes that my noble friend Lord Stevenson and the noble Baroness, Lady Jones, have already spelled out. I will not repeat everything they said but it is a particularly egregious form in that it allows the Minister—the noble Baroness, Lady Jones, has already referred to this—to add, vary or omit any safeguard that is in Schedule 1. I particularly object to “omit”. That does not simply mean modifying or tinkering in order to keep up with the technology; rather, it means omitting a serious safeguard that has been put in the Bill during its passage through Parliament.

Since Schedule 1 is pretty wide ranging, this could include issues that related to legal proceedings, crime, taxation, insurance, banking, immigration, public health or indeed any aspect of the public interest. That is a huge range of potential removal of safeguards that would not be subject to the approval of this House through primary legislation. If the safeguards persist and are maintained through the Bill when it eventually emerges, the ability of Ministers to vary them so drastically should be curtailed. I understand that my amendment would be pre-empted if my noble friend Lord Stevenson’s amendments were carried—but if they are not we definitely need to alter that clause.

This is a complex Bill because of the technology and because of the juxtaposition between European legislation and the position we are currently in with regard to it. The Bill is also an exemplar of what we are going to go through in Brexit-related legislation in a much wider sense. We must get right how we deal with delegated legislation post Brexit, and we need to ensure that the Bill is an example and does not concede powers to Henry VIII or indeed to the Minister that we might regret when his successors make use of them later.

Lord Lester of Herne Hill (LD)

- Hansard -

Copy Link

- - Excerpts

My Lords, one of my many character defects is party loyalty. That has led me in the past even to vote against my own amendment, which I will never do again. Today, I have the misfortune to disagree with my party. I will explain briefly why I cannot possibly support the original amendment, which is constitutionally illiterate, or the attempt to rescue it in the manuscript amendment.

The Minister has rightly put on the front page of the Bill his opinion that the Bill is compatible with the convention rights. Those rights include the right to free speech in Article 10 and the right to respect for privacy in Article 8. The Minister could certify in that way because the Bill rightly carries forward from the previous Act journalists’ rights—for example, to protect their sources—which you can find buried away in Schedule 2(5). The Minister was able to do that because we have the Human Rights Act, which requires him to do so, and the European convention, which strikes a balance between free speech and privacy.

I do not understand what on earth the charter has to do with that. As the noble Lord, Lord Faulks, rightly explained in the better part of his speech—the first part—the charter is there as a shield against the abuse of power by EU institutions. Maybe he did not say that, but he would like to have done, I am sure. It is not intended to be a source of rights in parallel with the European convention. The amendment in its original form, and its amended form, seeks to give legal force to one bit of the charter. It squints. It looks at Article 8 of the charter on privacy and data protection, but it does not look at the other bit of the charter that deals with free speech. Then, because it is obvious that the original version was constitutionally illiterate, the manuscript amendment seeks to repair that by saying that it is subject to the exceptions and derogations in the Bill. That is not good enough because it then seeks to give fundamental importance to the right of data protection, as though it were in the Human Rights Act and the European convention, and then it completely fails to explain how on earth any court is meant to reconcile the amendment, if it became law, or the amended amendment, if that became law, with what we already have in the European convention.

I agree with every word of my noble friend Lord Pannick’s speech, and I agree with the first part of the speech by the noble Lord, Lord Faulks. I am afraid I cannot possibly support this amendment. I very much hope that it will be a probe and nothing more at this stage. We are at the beginning of Committee stage. We need to think about some of these issues carefully. If we were now to divide the House and vote to incorporate either version, we would be doing an injustice to the arguments and intelligence of the House.

When I first joined the House, I remember Lord Alexander of Weedon saying to me, “Anthony, you must remember that the House of Lords is not a Court of Appeal; it is essentially a jury”. He was right about that. Most noble Lords, including me, will have understood only half of what was said in some of the original speeches. What is surely clear is that we would be failing in our duty today if we were to amend the very beginning of the Bill at this stage, rather than consider it properly and come back to it at Report.

Lord Goldsmith (Lab)

- Hansard -

Copy Link

- - Excerpts

The amendment raises an important question of principle, and one which this House will have to consider further when we scrutinise the European Union (Withdrawal) Bill. One reason why the charter was brought into being was to give visibility to rights which existed elsewhere. As at least some noble Lords will know, I speak with some experience, having spent a number of months involved in the negotiation and conclusion of the European Charter of Fundamental Rights. It was a key aim behind the decision of the European Council at Tampere and Cologne to bring together a group of people to set out in the charter the rights which would affect them, largely in their relations with the EU institutions.

I emphasise the word “visibility”, because the point just made by the noble Lord, Lord Lester, about laypeople not understanding what lawyers say is all too familiar to those of us who are lawyers. It is a very good reason why we should attempt, when we are saying things which are important, to say them in a way which is clear and comprehensible. Both amendments—I shall come to the difference between them as I see it—start by saying that we all have the right to protection of personal data concerning ourselves. That is a very important principle, and one which is very reassuring, whatever the exceptions, derogations and limitations on it may be. That is what the charter sought to do: to make these things clear to everybody.

What are the objections to the amendments? The first is that they do not allow for the exceptions and reservations which apply. The noble Lord, Lord Pannick, referred to the provisions of the charter, which state that all of the rights in the charter, with almost no exception—although there are one or two—can be subject to exceptions and limitations. I agree with the noble Lord about that; that is the position taken in the charter, and rightly so. There is a balance between different rights of different people and of different rights between the citizen and the state.

That is what I understand that Amendment 4A is intended to correct, by making it clear that the general statement of principle, which I still believe is important, is none the less subject to certain exceptions and derogations set out in the Bill. The Bill in Clause 13 and the regulation-making power under Clause 14 provide for the ability to make exceptions, reservations and derogations. I sympathise with the noble Lord, Lord Pannick, when he says that he is not sure, in the time available, whether this will achieve the objective of turning something which he was concerned appeared to be too absolute into something which works. There are ways to deal with that and ensure that further time is available or—this is not for me to say—if my noble friend Lord Stevenson moves the amendment and it is passed, it can be corrected afterwards. But that is a point of timing, albeit an important detail. With respect, it appears to me that what matters is for us to give a clear statement that this principle of data protection applies to all of us.

It is then asked, “Well, what about other provisions in the charter?”. No doubt that is a debate that we will have when we come to the withdrawal Bill. Will those other provisions also be allowed to stand? That will be a matter for this House and the other place when the Government bring forward that Bill. However, there is a need for visibility and for reassurance to all that there will still be a principle of data protection that we will uphold. For that reason, while it is apparent from what I have said that my preference is for Amendment 4A as opposed to Amendment 4, I think that that amendment ought to receive the support of this House.

Lord Knight of Weymouth

- Hansard -

Copy Link

- - Excerpts

I am grateful for the noble Baroness’s comments. Something certainly can be done to think more about turnover than the number of employees, otherwise there would be a big loophole, particularly around marketing and being able to set up a company to harvest data, for which the Act would not apply. It could then sell the data on. It would not need very many people at all to pursue that opportunity.

The other thing these amendments allow us to do is ask the Minister to enlighten us a little on his thinking about how the Information Commissioner’s role will develop. In particular, if it is to pursue the sorts of education activities set out in these amendments, how will it be resourced to do so? I know there are some career-limiting aspects for Ministers who promise resources from the Dispatch Box, but the more he can set out how that might work, the more welcome that would be.

Lord Lucas (Con)

- Hansard -

Copy Link

- - Excerpts

My Lords, I declare an interest as the editor of the Good Schools Guide. We have three employees and we certainly should come under this Act in terms of the data on people and schools that we have in our charge. It is very difficult to find any measure that describes the importance of data that a business holds other than, “How important is the data that you hold?”. Therefore, I look to my noble friend to explain how the Information Commissioner will not take sledgehammers to crack nuts and how they will genuinely look at how important the data you have under your control is and, given that, what efforts you ought to have made. That seems the right criterion to get a system that operates in a human way, where there is a wide element of giving people time to get up to speed and being human in the way you approach people, rather than immediately reaching for the fine.

However, this is important. This is our data. Just because I am dealing with someone small, I do not want them to be free from this. I want to be secure in the thought that if I am dealing with a small company my data is just as safe as if I had been dealing with someone big. I want to encourage small businesses to grow and to be able to reassure their customers that they are every bit as good. They would have terrible trouble having contracts with the NHS and others if they are not up to speed on this.

I do not think that is the way, but I do think we have to understand that this will be very difficult for small businesses. We have to look at how we might construct a set of resources that small businesses can use not only to get up to speed but to stay up to speed, because this is a constant issue. I draw your Lordships’ attention again to what is going on in Plymouth, where both universities, the FE colleges, the schools and the local authority, and a lot of the big businesses, have got together to construct apprenticeships in cybersecurity tailored to small businesses. Expert cybersecurity advice has been made available to small businesses in small chunks, while young people are trained in how to take the right path in cybersecurity rather than wandering off to the point where they get arrested if they visit the United States. There is scope for extending that in areas such as social marketing but also in data protection, where expertise tends to be concentrated in large organisations and a structure is needed that enables small businesses to have ready access to it. We could greatly enhance the employment prospects of a lot of young people, and improve life for our small businesses, if we talked to BEIS and the DfE about tweaking the requirements for apprenticeships to make it rather easier to run them in small businesses.

Lord Stevenson of Balmacara

- Hansard -

Copy Link

- - Excerpts

As a Scot I can hardly complain, and I am always bewildered, too—not only about this but about many other things. Our Amendment 17 in this group is also one of bewilderment. Clause 8 is headed:

“Child’s consent in relation to information society services”,


and refers to “preventive or counselling services” not being included. This goes back to an earlier amendment, when we established that these references are actually recitals and not part of the substantive GDPR, so we are back in what is not normative language and issues that we cannot possibly talk about in relation to the wider context because we are talking about the law that will apply.

There are three points that need to be made and I would be grateful if the noble Lord would either respond today or write to me about them. The first is to be clear that the reference to “information society services”, which is defined, has nothing in it that would suggest that it is a problem in relation to the lack of inclusion of preventive or counselling services. The answer is probably a straightforward yes. Secondly, what are the preventive or counselling services that we are talking about? I think the context is that these are meant to exclude any data processing relating to a data subject if the data subject concerned—with parental consent if the subject is younger than 13 and on their own if they are older than 13—who is taking a form of counselling that may be related to health or sexual issues would not be allowed to be included. Is my understanding of that right? I am sure that it is.

Thirdly, could we have a better definition of preventive or counselling services because those are very wide-ranging terms? Yes, they come from a recital and perhaps in that sense they can be tracked back to earlier discussions around the formation of the GDPR, but they have to be applied in this country to situations in real life. I am not sure what a preventive service is and I should like to have it explained. Counselling services I probably do get, but do they include face-to-face counselling or is this about only online counselling services? Is it the same if the child is being accompanied by a parent or guardian? There are other issues that come into this and there is a need for clarity on the point.

While I am on my feet I should like to respond to the amendment moved by the noble Baroness, Lady Howe, who has campaigned long and hard on these issues. We would be bereft if she did not enter into this Bill with all its implications for children, given the wisdom and experience that she brings to the table. The point she makes is one of simple clarity. There is a need to be very careful about the evidence gathering on this issue and it is probably not appropriate for it to be left to Ministers in regulations. There needs to be a wider discussion and debate on the matter, perhaps involving the Children’s Commissioner and other persons with expertise. She has made her point very well and I should like to support it.