Chris Kelly (Dudley South) (Con)

- Hansard -

Copy Link

- - Excerpts

I am grateful to you, Mr Weir, for giving me the opportunity to speak in this important debate on the internet and privacy, and I congratulate my hon. Friend the Member for Harlow (Robert Halfon) on securing it. I want to preface my comments by saying that I am not particularly a civil libertarian, and I believe that the first role of the state and therefore our Government is to protect our population. To do so effectively requires sacrifices in the civil liberties that we would all ideally like to have all the time. For the population in modern Britain to be protected, we must accept that some of our liberties have to be curtailed slightly, or pooled for the greater good. In our liberal democracy, if a person has nothing to hide, they have nothing to fear.

What I am about to say about Google is not in any way a criticism of the industry or individuals within one company. It is an important industry and a major employer in the UK. I am actually a great admirer of Google and have been using its online services, particularly its search engine service, for 12 years or so. The company provides a first class service, and who here has not Googled themselves?

I want to cover the issue of Google’s aforementioned Street View project, which went live in March. The project was undoubtedly a brave and innovative commercial decision. It was a logistical task that is probably on a par with carrying out a population census. It has also been a hugely expensive task for the company. Like my hon. Friend the Member for East Hampshire (Damian Hinds), I am a capitalist and therefore I admire Google’s willingness to take a risk and provide a hugely innovative new online service. However, as my hon. Friend the Member for Harlow stated, there are a number of legitimate concerns about the way that the project was developed and about the regulator’s response to the legitimate concerns of many private citizens about the project.

The main concern is about data capture. As Google’s cars drove around the UK and many other countries, the wi-fi receptors on board captured information being transmitted online over the networks around them. What was captured, how much was captured and from whom is currently unknown and unclear. Encrypted and unencrypted data were captured. Given the number of people affected, it is almost certainly the largest intrusion into privacy ever to happen in this country. The code that enabled the capture of data from unknowing people by Google’s cars as they were driven through neighbourhoods was apparently written in such a form that encrypted data were separated out and dumped, specifically sifting out and storing the vulnerable unencrypted data on Google hard drives. If that is true, that goes well beyond the “mistake” explanation that was given to us by Google. Therefore, the question is whether Google intentionally breached the privacy of many people’s communications.

Chris Kelly

- Hansard -

Copy Link

- - Excerpts

Absolutely. I am very grateful to my hon. Friend for that intervention, and I will talk about locking routers very shortly. His point is very valid.

Ian Lucas (Wrexham) (Lab)

- Hansard -

Copy Link

- - Excerpts

It has been a real privilege to be here this afternoon to listen to the debate, which has certainly been educational for me. I commend the hon. Member for Harlow (Robert Halfon) for taking the opportunity to initiate this debate and I also commend the Backbench Business Committee for choosing this debate for Westminster Hall. We are at the beginning of a very important process and the hon. Gentleman can take great credit for initiating the debate today.

I particularly want to praise the hon. Gentleman for focusing on the invasion of privacy by private organisations. Although there have been many discussions about personal liberty during the past decade in the context of terrorism legislation, as the hon. Member for Cambridge (Dr Huppert) observed, the focus in those discussions was very much on the position of the state. While that debate has been happening we have paid too little attention to the increase in the collection of information by private organisations. It is very important that we are discussing this issue today. We need to be at the beginning of a process that deals very seriously with what is a difficult and complex issue. I think that that complexity is the main reason why it is only now that the general public is waking up to what is already happening in the internet sector.

The contributions from all Members who have spoken have been very valuable. I want to refer to those contributions, as they deserve further discussion, and I hope that we will discuss them as we take the debate further forward. The hon. Member for Cambridge perhaps concentrated more on the state aspect than any other speaker so far. We had many debates before the last general election on the issues related to the state and I think that today we should concentrate on the issues relating to internet privacy and private organisations. We need to focus on that aspect.

Ian Lucas

- Hansard -

Copy Link

- - Excerpts

That is helpful. We need to consider the position concerning regulation on the issue. I will come to that later in my remarks.

It might be helpful to refer back to the present position as far as I understand it. It is a complex area, so I might get some things wrong. The Data Protection Act 1998 established principles for the retention of personal data, and the Information Commissioner has had a role in supervising those principles generally. The Information Commissioner has been referred to several times. I certainly agree that he needs to push the boundaries of his powers in protecting the individual’s rights, and I do not think that that has happened sufficiently in the past.

In respect of private marketing, the Privacy and Electronic Communications (EC Directive) Regulations 2003 focused on the sending of unsolicited marketing messages by e-mail, and consultation on the further development of regulations in that area is taking place. The history of regulation is a consistent race between technological development and legislation. One example is the Data Retention (EC Directive) Regulations 2009, which included internet activity in the communications data to be retained for a year by communications providers. All those regulations should be viewed against the backcloth of the Human Rights Act 1998 and its attempt to balance privacy and freedom of speech. Recent developments in the common law on privacy add to the mix, making the legal position even more complex.

It has been said in this debate that in some respects, the United Kingdom has been slower to act on such issues. I believe that part of the reason is that the English legal system does not have the same common law right to privacy that many other countries do. For example, France and Germany have laws specifically to protect individuals from invasions of privacy. I think that most people are surprised by the limitations on enforcement of privacy rights within the UK. The tools that exist in common law are very limited.

We have a difficult balancing act when trying to take matters forward. I was the Minister for Business and Regulatory Reform before the general election and, although it may come as a surprise to some Members here, I always adopt the principle that one should regulate as a last resort, only in pursuit of a particular policy end and where other options are not available. My first reaction to proposals to reform the legislative or regulatory framework is to ask whether we can use some form of self-regulation. I think that we all accept that it is a difficult problem that we need to confront. Can we do so through self-regulation within the industry? Self-regulation would have some advantages. The problem is not, of course, confined to the United Kingdom.