My Lords, the Government are supportive of improving data sharing and encouraging greater collaboration between companies and researchers, subject to the appropriate safeguards. However, the data that companies hold about users can, of course, be sensitive; as such, mandating access to data that are not publicly available would be a complex matter, as noble Lords noted in their contributions. The issue must be fully thought through to ensure that the risks have been considered appropriately. I am grateful for the consideration that the Committee has given this matter.
It is because of this complexity that we have given Ofcom the task of undertaking a report on researchers’ access to information. Ofcom will conduct an in-depth assessment of how researchers can currently access data. To the point raised by the noble Lord, Lord Knight, and my noble friend Lord Bethell, let me provide reassurance that Ofcom will assess the impact of platforms’ policies that restrict access to data in this report, including where companies charge for such access. The report will also cover the challenges that constrain access to data and how such challenges might be addressed. These insights will provide an evidence base for any guidance that Ofcom may issue to help improve data access for researchers in a safe and secure way.
Amendments 230 and 231 seek to require Ofcom to publish a report into researchers’ access to data more rapidly than within the currently proposed two years. I share noble Lords’ desire to develop the evidence base on this issue swiftly, but care must be taken to balance Ofcom’s timelines to ensure that it can deliver its key priorities in establishing the core parts of the regulatory framework that the Bill will bring in; for example, the illegal content and child safety duties. Implementing these duties must be the immediate priority for Ofcom to ensure that the Bill meets its objective of protecting people from harm. It is crucial that we do not divert attention away from these areas and that we allow Ofcom to carry out this work as soon as is practicable.
Further to this, considering the complex matter of researchers’ access to data will involve consultation with interested parties, such as the Information Commissioner’s Office, the Centre for Data Ethics and Innovation, UK Research and Innovation, representatives of regulated services and others—including some of those parties mentioned by noble Lords today—as set out in Clause 146(3). This is an extremely important issue that we need to get right. Ofcom must be given adequate time to consult as it sees necessary and undertake the appropriate research.
3.45 pm
Amendments 233 to 234 would introduce a framework for approving independent researchers’ access to data and require Ofcom to issue a code of practice about it. Again, I am sympathetic to the intention, but it is vital that we understand and can fully mitigate the risks of mandating researchers’ access to data which are not publicly available before implementing such a framework. For example, there will be questions of privacy, the protection of personal data, user consent and the
disclosure of commercially sensitive information. As the noble Baroness, Lady Fox, pointed out, there are challenges involved in defining who is an independent researcher, particularly as we seek to ensure that such a framework could not be exploited by bad actors.
Exempting service providers from data protection legislation for the purposes of facilitating researcher access to information poses a number of risks. Making derogations from data protection legislation, outside that legislation itself, risks undermining the coherence of the data protection framework. Ofcom’s report on researchers’ access to information will develop the evidence base on current access to information, the challenges associated with accessing it and how these challenges might be overcome.
As we have discussed previously in Committee, researchers will already have access to the publicly available transparency reports which major platforms will be required to publish annually. They may use these data to conduct research into online harms. Additionally, Ofcom will be required to undertake research into UK users’ opinions and experiences relating to regulated services and will have the power to undertake online safety research more broadly. This will help Ofcom and the wider public to understand the experiences of users online and will help to inform policy-making. Ofcom will have wide-ranging powers to require information from companies to support its research activities. Companies will not be able to withhold relevant online safety data when they are required of them by Ofcom. If they do, they will face enforcement measures, including significant fines and the liability of senior managers.
As noted by noble Lords, Ofcom will also have the power to require a report from a skilled person about a regulated service. Ofcom may appoint an independent researcher as the skilled person. This power may be used to assist Ofcom in identifying and assessing non-compliance and, where Ofcom considers there to be a risk of failure, to develop its understanding of the risk. Amendment 234 requires Ofcom to issue a code of practice on researchers’ access to data. I reassure the Committee that following the publication of its report, Ofcom will have the power to issue guidance to providers and researchers about how to facilitate data sharing for research in a safe and responsible way.
In summary, the regulatory framework’s focus on transparency will improve the data which are publicly available to researchers, while Ofcom’s report on the issue will enable the development of the evidence base before further action is considered. At the risk of disappointing noble Lords about the more open-minded attitudes today—