My Lords, some of the issues that we have been dealing with in this Bill are more abstract or generic harms, but here we are responding to a specific need of families in the UK who are facing the most awful of circumstances.
I want to recognise the noble Baroness, Lady Kidron, for her direct support for many of those families, and for her persistent efforts to use policy and the tools we have available to us here to improve the situation for families who, sadly, will face similar tragedies in future. I appreciate the time that she has spent with me in the spirit of finding workable solutions. It is an alliance that might seem improbable, given our respective responsibilities, which have sometimes placed us in publicly adversarial roles. However, one of the strengths of this Committee process is that it has allowed us to focus on what is important and to find that we have more in common than separates us. Nothing could be more important than the issue we are dealing with now.
I am pleased that it looks like we will be able to use this Bill to make some significant improvements in this area to address the challenges faced by those families, some of whom are here today, challenges which add to their already heart-wrenching distress. The first challenge these families face is to find someone at an online service who is willing and able to answer their questions about their loved one’s use of that platform. This question about contacts at online platforms is not limited to these cases but comes up in other areas.
As noble Lords will know, I used to work for Facebook, where I was often contacted by all sorts of Governments asking me to find people in companies, often smaller companies, concerning very serious issues such as terrorism. Even when they were dealing with the distribution of terrorist content, they would find it very challenging. There is a generic problem around getting hold of people at platforms. A real strength of the Online Safety Bill is that it will necessarily require Ofcom to develop contacts at all online services that offer user-to-user and search services to people in the UK. The Government estimate that 25,000 entities are involved. We are talking about Ofcom building a comprehensive database of pretty much any service that matters to people in the UK.
Primarily, these contacts will be safety focused, as their main responsibility will be to provide Ofcom with evidence that the service is meeting its duties of care under the Bill, so again, they will have the right people in the right companies on their database in future. Importantly, Ofcom will have a team of several hundred people, paid for by a levy on these regulated services, to manage the contacts at the right level. We can expect that, certainly for the larger services, there may be a team of several people at Ofcom dedicated to working with them, whereas for the smaller services it may be a pooled arrangement whereby one Ofcom staff member deals with a group. However, in all cases there will be someone at the regulator with a responsibility for liaising with those companies. We do not expect Ofcom to use those contacts to resolve questions raised by individuals in the UK as a matter of course, but it makes sense to make this channel available where there is a relatively small number of highly impactful cases such as we are dealing with here.
12.30 pm
Having established contact, which we hope will happen in a more orderly way in future with the support from Ofcom, the second challenge lies in the decision about what information a service is willing and able to disclose to assist an inquiry. The frustration that services are unwilling, or declare themselves unable, to disclose the information required has been very widely publicised. We see a potential answer in this Bill, in that it grants Ofcom these new powers to order services to disclose a wide range of information under the clauses listed in Chapter 4. It seems entirely sensible to use these new powers for these specific purposes. Services will understand that they have to respond to information requests. As the noble Baroness pointed out, this will not be discretionary: they will be under serious sanction if they refuse, without good reason, to respond to an information request. It seems to me that this will make the decision quite straightforward for many services and, if they seek legal advice, as is often the case, this will come back to say that they do not have a choice and must disclose.
One way to think about the overall effect of the Bill is that it is replacing discretionary decision-making by online services with a body of instructions from the British state, via our regulator, Ofcom, on how we expect decisions to be made in relation to safety. When platforms have received requests from bereaved families to date, they have been exercising their own discretion,
weighing up their views on the potential benefits and harms of certain forms of disclosure. I have been involved in those: a platform weighs up the decision; it is not carried out by any third party. With the information notice process that we expect to be coming forward, the decision about what should be disclosed in which circumstances moves from the platforms to coroners and Ofcom acting on behalf of the British state and affected families. Frankly, if I still worked for an online service, I would welcome this shift of responsibility for these decisions. I hope that we will see the new process—which, as I understand, will be introduced in later amendments—work smoothly, with good co-operation from regulated services.
There are still two provisos to that, which are worth noting at this stage. The noble Baroness, Lady Kidron, has already touched on these, but we should put them on record because they will need to be answered as we get into the debate on the government amendments.
First, we need to ensure that any process for data disclosure has the right checks and balances in place to ensure that it is not used inappropriately. I am certainly very confident in Ofcom’s propriety as a regulator and in the overall legal framework that we have in the Bill and in the Human Rights Act that underpins that, which creates an overall framework for issues such as people’s privacy rights. Everything has to work within that framework. But we should keep stressing the safeguards in place, because these mean that services can feel very safe about complying with orders under the Bill and that it will not involve breaching other rights that they have to users. This is a broader question: there are orders that come from other Governments, shall we say, for disclosure of data that certainly would be problematic. If we are going to order companies to disclose data, we need to make absolutely clear that all of those safeguards are in place for them to feel confident to do so.
Secondly, it must also address any actual or perceived conflicts of law. The noble Baroness touched on this. I particularly note that we have the Data Protection Act and that it is very clear in data protection law that you should not be holding personal data without good reason, so platforms have policies in place that they believe that they are instructed to follow by the Information Commissioner’s Office, for example to delete data from accounts that are no longer in use. We need to think about a process for data preservation in particular circumstances. That already works well in law enforcement: for example, there is a well-established process when somebody is accused of a crime to request data preservation of information relevant to that crime. We need to think about how that principle may apply here and ensure that it is in place. I do not think that the companies are being awkward in this case: they are being told by the data protection regulator to do one thing, and if we are now going to tell them to make an exception, we need to give them a legal basis on which to do that.
There is also the point of potential conflicts with law in other regimes, especially companies outside the UK. The noble Baroness mentioned the Stored Communications Act, which is quite significant for
US companies, but there are similar measures in place in other countries—we cannot put companies in a position where they have to choose whose law to break. It should not be beyond our wit to work with a friendly Government such as that of the United States to say, “We all understand that we are trying to help bereaved families here, and we have pieces of law in place; how do we make those work together so that they do not create frustration, which none of us wants them to do and is not what they are intended for?”
I repeat my offer to help if there is anything I can do to try to unblock some of this, work on the detail and make sure that this is effective. This is an area where we could make significant progress and certainly move on from a situation that has frustrated everybody and been unacceptable to date.