Lord Foster of Bath
Main Page: Lord Foster of Bath (Liberal Democrat - Life peer)The Internet and Privacy
Lord Foster of Bath Excerpts(13 years, 6 months ago)
Westminster HallRead Full debate Read Hansard Text
Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.
Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
Robert Halfon
My hon. Friend is exactly right. It is that sort of thing that I hope the independent commission of inquiry would consider.
Although internet companies are global, nothing would stop the Government from fining their operations in the UK.
I stand before the Chamber known as Robert Halfon. However, if I took the advice of the Google chief executive, Eric Schmidt, I might have changed my name by now. In August, Mr Schmidt suggested that people might have to change their names in order to wipe their personal histories as captured on the internet. His vision for Google is not just to monitor people, but to predict their behaviour. He has said that
“most people don’t want Google to answer their questions. They want Google to tell them what they should be doing next”.
In the future, Google will
“know…who you are…what you care about…who your friends are”.
Mr Schmidt also said:
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
Therein lies the problem we have been discussing today. It is the nub of the whole subject. For Mr Schmidt and his company, Google, the burden of taking defensive action because of activity by internet companies lies on the individual. In fact, in my view and that of many others, it should be the opposite.
Mr Don Foster (Bath) (LD)
On that very point, would my hon. Friend not accept that it is almost impossible for the individual to take action? We saw that in particular, for example, in 2007, in the what I would call illegal trials by BT of the system of Phorm to identify internet users’ advertising preferences, so that they can be targeted. The individual cannot protect him or herself.
Robert Halfon
In some ways my hon. Friend is right, but that is why we should have an independent commission and a Bill of Rights, because they would help. We will never be able to stop everything, but we would have some right of redress. It should be up to the internet companies to respect the rights of the individual, not the other way around.
I am calling for an internet Rill of Rights, a proper inquiry and an Information Commissioner who genuinely acts to safeguard our liberties. I hope that hon. Members and the Government will be able to support that.
Mr Don Foster (Bath) (LD)
Many other Members want to speak, so I will make my remarks as brief as I can. I congratulate the hon. Member for Harlow (Robert Halfon) on securing this really important debate. In passing, let me tell him that it is not necessary for many of us to repeat what he said about Google, because I suspect that nearly all of us share a real concern about what has happened. We are particularly concerned that this country seems to be doing significantly less about these issues than almost anywhere else in the world, and we need to do something about that.
I particularly commend the hon. Gentleman on drawing attention to the simple fact that there is a big difference between an ordinary member of the public taking a photograph of somebody’s house and Google taking pictures for Street View. That is because of not just the scale at which Google is operating, which my hon. Friend rightly mentioned, but the purpose. Google is doing this for commercial purposes. I do not know whether my hon. Friend is aware of this, but the latest figures on the value of e-commerce in this country were revealed just today. In a few years, the value of e-commerce has gone from nothing to £100 billion, or 7% of the economy, and we all know that that figure will rise. It is therefore not surprising that Google wants to capture as many data as possible and to use them for commercial purposes. That is why we have to be particularly mindful to ensure that we have the right safeguards in place in the growing e-commerce market.
I was delighted that my hon. Friend drew attention to others who are scraping and gathering data of one sort or another. As has been said, there is a real issue not only about whether they should be allowed to gather data and to use them for some of the purposes that they do, but about security, as we have seen, sadly, on so many occasions with the large collections that are held.
I draw particular attention to ACS:Law. Many people will be aware that that law firm is making money by sending letters to people saying that they have allegedly been involved in illegal file sharing or similar illegal activities on the internet. It then demands about £500 from the recipient. If they fail to provide the money, the firm threatens legal action. As my hon. Friend said, the idea that someone is innocent until proven guilty does not seem to apply for that law firm. However, the real concern is not about the activity that ACS:Law is undertaking, although many of us should be concerned about it, but about the simple fact that it, too, recently managed to get hold of a lot of data from ISPs. The information, which was not encrypted, was sent by e-mail, which it should not have been. Other people then obtained it and used it for inappropriate activities. Even worse, the firm managed to put some of the data on its own website. There are real issues about the security of data.
Another issue, which has not been touched on, although I mentioned it in a brief intervention, relates to the activities of organisations such as Phorm. As many hon. Members know, Phorm was apparently established secretly. BT ran trials in about 2007 to gather details about how people operated on the internet and what sites they looked at, so that information and advertising could be targeted at them. I accept that Phorm claims that it was developing a system that would completely protect the individual and maintain their anonymity. The problem, however, is that there was no evidence that members of the public knew that the trial was happening or that the system would give the protection that the firm claimed it would. I am, once again, saddened that proper investigations have not taken place.
That brings us to the role of the Information Commissioner. I hope that many Members will have listened to what he has to say. I do not want to make accusations about his role, but the difficulty for him and his team is that there is a lack of clarity about where the boundaries of his powers lie. One reason why we need to set up organisational structures to allow us to have the investigation that he proposes is that we need to look, among other things, at his role in dealing with the issues that we are discussing.
Nadine Dorries
Does the hon. Gentleman accept that there is a lack of clarity and that the only way to guarantee clarity is to test those boundaries? It is not enough for the Information Commissioner to stand back and say that he does not know where the boundaries are; he needs to push them and test them, and he will soon find out where they are.
Mr Foster
The hon. Lady—indeed, my hon. Friend—is absolutely right to raise that issue. We have heard it argued that one barrier might be data protection legislation, but I have some difficulty understanding why somebody who is there to check out these issues on our behalf is being told that he and his staff cannot do their jobs because of such legislation. It is absolutely right that we have to push at the boundaries in the way that my hon. Friend suggests.
I want to end with a point that has been made by the hon. Member for Harlow and my hon. Friend the Member for Cambridge. I have one criticism of my hon. Friend and I share one area of agreement with him. I find it difficult to accept entirely what he says about the Digital Economy Act 2010. I accept entirely that the provisions of the Act that dealt with illegal web activity included a proposal, which I and my party opposed, that could block websites even before they had done anything illegal, because they might possibly do something illegal in the future. It was a bit like the film “Minority Report” in which someone could be arrested because they might do something in the future. That is nonsense and must go, but if my hon. Friend looks closely at the elements of that Act on illegal file sharing, he will find that it is not true that the idea that someone is innocent until proved guilty is not there.
The staged approach in the legislation—we must have some sort of law to protect intellectual property—is going the right way. I disagree with my hon. Friend about that, but I entirely agree with him about the intercept modernisation programme. I am delighted that he raised it yesterday in the House with the Prime Minister. Many of us are very concerned, for the reasons that he eloquently gave, to think that the programme may still be going forward under the coalition Government. There are those of us who care about privacy and the freedoms of people in this country: the very people who have stood up against the growth in the number of CCTV cameras. It is ludicrous that we have 1% of the entire world’s population and 20% of its CCTV cameras. Is any other evidence needed of the way Big Brother is beginning to operate? We have rolled back some of that effect; we rolled back ID cards and some of the other planned databases of the Labour Government. We must be on the ball in checking what the Government do about the intercept modernisation programme. I congratulate the hon. Member for Harlow on an important debate and desperately hope the Government will listen. I shall be listening particularly to my hon. Friend, the excellent Minister.
Mr Vaizey
My hon. Friend has raised two very important points that encapsulate the two principles behind the debate, which is unsurprising, given that he secured it. First, the internet is an enormous step change in the collection of personal data. What are the implications of that? Secondly, given that enormous step change, what rights—I use the word advisedly—should consumers have to protect their personal data when they interact with organisations on the internet?
Another general point about internet regulation is that a consistent approach to it is rarely adopted. It is always interesting to see those who want the internet to be regulated and those who do not. The hon. Member for Cambridge (Dr Huppert), who made a useful speech attacking the Digital Economy Act 2010, does not want the internet to be regulated when it comes to combating illegal file sharing, but he does want it regulated when it comes to protecting personal data. He kindly let me know that he would have to leave the debate at 4 o’clock to attend an event that he is hosting. He is very knowledgeable on the subject, and I hope that he will be prepared to share with me—an erstwhile colleague—the findings of the Liberal Democrat policy group on that issue, which will be an extremely useful contribution to the debate.
Mr Foster
I hope that my hon. Friend the Member for Cambridge (Dr Huppert) will share that information not only with the Minister, but with me; that is proving a little difficult at the moment. On a more serious note, I say to the Minister that one problem we all have in the debate is recognising that a balance has to be struck; we want to protect people’s privacy on the one hand, and their livelihoods on the other. That is the difficulty, and it is probably one with which my hon. Friend the Member for Cambridge is still struggling.
Mr Vaizey
I hear what the hon. Gentleman says; when a senior Liberal Democrat comments that a junior Liberal Democrat is struggling with an issue, the junior Liberal Democrat should certainly take note of his colleague’s experience in the matter. The hon. Member for Bath (Mr Foster) made an incredibly useful contribution to the debate, as he always does, and mentioned the report published today by the Boston Consulting Group, which might have been commissioned by Google. The report estimated that in the UK alone, the internet economy is worth £100 billion. He was right to point out that a balance has to be struck between how we regulate the internet and protect personal privacy online on the one hand, and the fact that it is now an incredibly important economic force on the other. One of the reasons for its economic importance is that it has had the freedom to develop and businesses have had the freedom to establish themselves online.
We should make no mistake that the internet is regulated, a point that I make time and again. There sometimes seems to be a lazy assumption that what happens on the internet is beyond the law. That is absolutely not the case; illegal activity is still illegal, whether or not it takes place online. Indeed, we have a sophisticated and comprehensive regulatory framework that is intended to protect the individual, both offline and online. Matters of online privacy are regulated through the Data Protection Act 1998 and the Privacy and Electronic Communication (EC Directive) Regulations 2003, not to mention the Freedom of Information Act 2000 and the Environmental Information Regulations 2004. Much of that is enforced through the Information Commissioner’s Office, which is responsible for upholding information rights, promoting openness by public bodies and enforcing data protection rights for individuals. Where a breach of those laws amounts to a criminal offence, appropriate enforcement action can be taken, either by the police or the Information Commissioner.
We all recognise, however, that there are practical differences between the online world and the physical world, which can cause difficulties for individuals and companies. My hon. Friend the Member for Harlow suggested that perhaps the time has come for an internet Bill of Rights, and I hear what he says. The Information Commissioner has published a code of practice on the collection of personal information online, and I have a copy here. It is 36 pages long and densely printed—I do not think the commissioner has worked in public relations—so I am not sure that it is being read in the Dog and Duck, but at least the detail exists. The commissioner would do well to meet my hon. Friend to discuss how the code of practice could be promoted and whether it meets some of the concerns that his proposed internet Bill of Rights would seek to address.
The code of practice sets down detailed guidance for public and private sector organisations operating online. It covers topics such as online marketing, cloud computing, the protection of young people online and, of course, privacy settings. The document is not set in aspic, and we continue to debate with a range of stakeholders how we can improve privacy online and other concerns. Only yesterday, the Department for Business, Innovation and Skills held a meeting with more than 100 stakeholders from across the sectors, including consumer interest groups and Consumer Focus, to discuss that issue. The ICO, as well as publishing the guidance, expects organisations to recognise that online processing brings with it new risks to individuals and that the mitigation of those risks requires careful consideration of privacy impacts before products and services are launched.
I want to take that further and to see businesses signing up openly to the ICO’s code of practice to demonstrate to their users that their services adhere to the highest standards. I cannot remember who asked, in an intervention, whether some sort of kitemark might be useful for internet sites. If an internet company signs up to the code of practice and adheres to it, I think that that information should be clearly displayed on their home page for the reassurance of consumers. Indeed, a link to that code of practice might be provided—not necessarily 36 pages of dense text, but an easy-to-read summary that aids the consumer in understanding privacy implications.
Mr Vaizey
I think that that would be a breach of my official’s privacy.
I shall turn briefly to Facebook and the consumer’s right to privacy. As I have already talked about the personal information online code of practice, hon. Members will be aware that there was great controversy earlier in the year about Facebook, because its privacy settings were seen as unclear. Its default settings put one in the public space as opposed to the private space, so, suddenly, one had to opt out of rather than into that sphere. I am delighted to say that Facebook has been working closely with colleagues at the Department for Education and is now a member of the UK Council for Child Internet Safety, as is Google and BlackBerry. As such, it follows the good practice guidance—produced to guide companies that provide internet services popular with children and young people—about what additional safeguards it can put in place to protect children online and provide a positive online experience. The guidance includes advice on companies’ obligations to ensure the privacy of their users’ information and on options and settings they can provide users to protect privacy further, and it recommends making information on safety and privacy easily accessible to users, so they understand the privacy options available. The UKCCIS continues to work with companies providing internet services used by children, including Facebook, to improve safeguards, including safeguarding their privacy.
On scraping and cookies, as I am sure hon. Members are aware, a cookie is a piece of text stored by a user’s web browser. There are many uses for cookies, including authentication, storing site preferences and shopping cart contents and as the identifier for a server-based session. Cookies are also used to speed up the user’s web browser as they help to remember the settings and options used the last time a website or page was visited. They have been a hot topic for some time. At the moment, information obtained through cookies can be used to categorise users’ internet interests to serve adverts that match broad interest categories, though the user should be able to refuse the import of cookies on to their machines. Clearly, that has commercial benefits, and, indeed, benefits to the individual—we should not be shy about saying that, and my hon. Friend the Member for East Hampshire was clear about the benefits of targeted marketing to individuals. However, organisations have to ensure that users are aware that they are collecting such information and know why.
The revised e-privacy directive will give users greater control by requiring organisations to get their agreement before the information is collected.