[Relevant documents: e-petition 575833, “Make verified ID a requirement for opening a social media account”, and e-petition 332315, “Ban anonymous accounts on social media”; oral evidence taken before the Petitions Committee on 21 May and 2 July 2020, and 2, 16 and 23 November, and 1 December 2021, on Tackling Online Abuse, HC 364 [Session 2019-21] and HC 479.]
That this House has considered the Report of the Joint Committee on the draft Online Safety Bill, HC 609.
I would like to start by thanking the members and Clerks of our Joint Committee, who put in a tremendous effort to deliver its report. In 11 sitting weeks, we received more than 200 submissions of written evidence, took oral evidence from 50 witnesses and held four further roundtable meetings with outside experts, as well as Members of both Houses. I am delighted to see my Joint Committee colleagues Lord Gilbert and Baroness Kidron in the Gallery. I thank the Under-Secretary of State for Digital, Culture, Media and Sport, my hon. Friend the Member for Croydon South (Chris Philp), and the Secretary of State for the open and collaborative way in which they worked with the Committee throughout the process and our deliberations. I also thank Ofcom, which provided a lot of constructive guidance and advice to the Committee as we prepared the report.
This feels like a moment that has been a long time coming. There has been huge interest on both sides of the House in the Online Safety Bill ever since the publication of the first White Paper in April 2019, and then there were two Government responses, the publication of the draft Bill and a process of pre-legislative scrutiny by the Joint Committee. I feel that the process has been worth while: in producing a unanimous report, I think the Committee has reflected the wide range of opinions that we received and put forward some strong ideas that will improve the Bill, which I hope will get a Second Reading later in the Session. I believe that it has been a process worth undertaking, and many other Lords and Commons Committees have been looking at the same time at the important issues around online safety and the central role that online services play in our lives.
The big tech companies have had plenty of notice that this is coming. During that period, have we seen a marked improvement? Have we seen the introduction of effective self-regulation? Have the companies set a challenge to Parliament, saying “You don’t really need to pass this legislation, because we are doing all we can already”? No. If anything, the problems have got worse. Last year, we saw an armed insurrection in Washington DC in which a mob stormed the Capitol building, fuelled by messages of hate and confrontation that circulated substantially online. Last summer, members of the England football team were subject to vile racist abuse at the end of the final—the football authorities had warned the companies that that could happen, but they did not prepare for it or act adequately at the time.
As Rio Ferdinand said in evidence to the Joint Committee, people should not have to put up with this. People cannot just put their device down—it is a tool that they use for work and to stay in communication with their family and friends—so they cannot walk away from the abuse. If someone is abused in a room, they can leave the room, but they cannot walk away from a device that may be the first thing that they see in the morning and one of the last things that they see at night.
I commend the hon. Gentleman for bringing this forward. We have a colleague in Northern Ireland, Diane Dodds MLA, who has had unbelievably vile abuse towards her and her family. Does the hon. Gentleman agree that there is a huge loophole and gap in this Bill—namely, that the anonymity clause remains that allows comments such as those to my colleague and friend Diane Dodds, which were despicable in the extreme? There will be no redress and no one held accountable through this Bill. The veil of anonymity must be lifted and people made to face the consequences of what they are brave enough to type but not to say.
The hon. Gentleman raises an important issue. The Committee agreed in the report that there must be an expedited process of transparency, so that when people are using anonymity to abuse other people—saying things for which in public they might be sued or have action taken against them—it must be much easier to swiftly identify who those people are. People must know that if they post hate online directed at other people and commit an offence in doing so, their anonymity will not be a shield that will protect them: they will be identified readily and action taken against them. Of course there are cases where anonymity may be required, when people are speaking out against an oppressive regime or victims of abuse are telling their story, but it should not be used as a shield to abuse others. We set that out in the report and the hon. Gentleman is right that the Bill needs to move on it.
We are not just asking the companies to moderate content; we are asking them to moderate their systems as well. Their systems play an active role in directing people towards hate and abuse. A study commissioned by Facebook showed that over 60% of people who joined groups that showed extremist content did so at the active recommendation of the platform itself. In her evidence to the Committee, Facebook whistleblower Frances Haugen made clear the active role of systems in promoting and driving content through to people, making them the target of abuse, and making vulnerable people more likely to be confronted with and directed towards content that will exacerbate their vulnerabilities.
Facebook and companies like it may not have invented hate but they are driving hate and making it worse. They must be responsible for these systems. It is right that the Bill will allow the regulator to hold those companies to account not just for what they do or do not take down, but for the way they use the systems that they have created and designed to make money for themselves by keeping people on them longer, such that they are responsible for them. The key thing at the heart of the Bill and at the heart of the report published by the Joint Committee is that the companies must be held liable for the systems they have created. The Committee recommended a structural change to the Bill to make it absolutely clear that what is illegal offline should be regulated online. Existing offences in law should be written into the Bill and it should be demonstrated how the regulator will set the thresholds for enforcement of those measures online.
I thank my hon. Friend for his work on this important issue. Does he agree, as referred to in the report, that platforms must be required to proactively seek out that content and ensure it is changed, and if not, remove it, rather than all removals being prompted by users?
It is vital that companies are made to act proactively. That is one of the problems with the current regime, where action against illegal content is only required once it is reported to the companies and they are not proactively identifying it. My hon. Friend is right about that, particularly with frauds and scams where the perpetrators are known. The role of the regulator is to ensure that companies do not run those ads. The advertising authorities can still take action against individual advertisers, as can the police, but there should be a proactive responsibility on the platforms themselves.
If you will allow me to say one or two more things, Madam Deputy Speaker, we believe it is important that there should be user redress through the system. That is why the Committee recommended creating an ombudsman if complaints have been exhausted without successful resolution, but also permitting civil redress through the courts.
If an individual or their family has been greatly harmed as a consequence of what they have seen on social media, they may take some solace in the fact that the regulator has intervened against the company for its failures and levied fines or taken action against individual directors. However, as an individual can take a case to the courts for a company’s failure to meet its obligations under data protection law, that should also apply to online safety legislation. An individual should have the right, on their own or with others, to sue a company for failing to meet its obligations under an online safety Act.
I commend the report to the House and thank everyone involved in its production for their hard work. This is a Bill we desperately need, and I look forward to seeing it pass through the House in this Session.
I congratulate the hon. Member for Folkestone and Hythe (Damian Collins) and the members of his Committee on bringing forward an incredibly thorough and very good report. I know Ministers have been consulting well with all Back Benchers, and I hope they do not pay lip service to the report’s conclusions, but really take on its important recommendations. What is interesting about this whole debate is that there is a broad consensus on the Back Benches. None of us are bound by ideology on these issues; our approach is based on our experience, the data and the wide body of research.
I will also say at the beginning that the business model of the platforms means that they will never tackle this themselves. They make their money by encouraging traffic on their platforms, and they encourage traffic by allowing abusive content to exist there. Their algorithms are there almost to control and encourage more abusive content. The idea that there can be any self-regulation in the legislation to be proposed by the Government is false.
I will draw attention to three sets of issues in the short time available to me. The first, the recommendations on paid-for scams and frauds, has already been discussed. It is ridiculous that user-generated content can be subject to regulation but that paid-for scams and frauds cannot be. Everybody who gave evidence to the Committee, including the Financial Conduct Authority, pleaded for its inclusion. The figure I have is from Action Fraud: 85% of the £1.7 billion lost in fraudulent scams in the past year resulted from cyber-enabled frauds. During the pandemic, this figure of course exploded. Again, there is no incentive for the platforms to do anything about this. They get paid for by the advertisements so they wish to encourage them. Indeed, there is a double benefit in this particular space for them, because the FCA also pays for them to prioritise the legitimate websites over the scam adds, so again self-regulation will not work. I know that Ministers support the proposal, and I hope that they are not swayed by advice that it is not legally possible, as I just do not accept that. I hope that they do not miss this opportunity by way of promises of legislation down the line.
I very much agree with the point my right hon. Friend is making and with the recommendation in the report. I wonder whether she noticed that the Prime Minister told the Liaison Committee in July that
“one of the key objectives of the Online Safety Bill is to tackle online fraud.”
Does she agree that it cannot possibly do that if it misses out scam adverts?
I completely agree with my right hon. Friend on that, and I hope that the Minister will confirm that he will include this in the legislation.
The second issue I wish to raise relates to anonymity. No one wants to undermine anonymity—we all recognise that it is crucial for whistleblowers, for victims of domestic violence or child abuse, and for others—but we do want to tackle anonymous abuse. Sadly, most of the vile abuse that appears online is anonymous, as we have seen in the spreading of disinformation, particularly in relation to the pandemic. I have seen it in my experience, and it really undermines my right to participate in democratic debate. If people paint someone online as a terrible person, as a hypocrite or as a hateful, wicked woman, which is what they do with me, that person is then not trusted on anything and therefore their voice is shut down in the democratic debate.
What we are all after is not tackling anonymity but ensuring third party verification of the identity of people so that they can be traced if and when they put abusive content online. The proposals that came from the Law Commission, and which one of the four ex-Culture Secretaries who has worked on this issue has diligently pursued, to introduce a new offence to tackle serious online harms more effectively is very important. It is about shifting from content to the effects of the online harm.
My third point relates to director liability. All my experience in working in the field of tackling illicit finance and economic crime demonstrates to me that if we do not introduce director liability for when wrongdoing occurs in the actions of individuals associated with a company, we do not change the behaviour of those companies. Even fines of £50 million are not significant against Facebook’s gross revenue of more than £29 billion. I do not understand why we have to wait for two years to implement director liability, as it could be done immediately. I would be grateful to the Minister if he said that he will implement that.
3:13 pm
Julian Knight (Solihull) (Con)
I congratulate my hon. Friend the Member for Folkestone and Hythe (Damian Collins) on securing this debate, which is clearly sparking enormous interest. I welcome the majority of the Joint Committee’s recommendations. Indeed, they very much build on the work already carried out by the Select Committee on Digital, Culture, Media and Sport over recent years. When the big tech giants were in their infancy, the Select Committee, which I am proud to chair today, was already leading on some of this work. The Select Committee has been scrutinising the online harms White Paper over the past year and is continuing to do so, and it will be coming up with its own recommendations shortly. The Joint Committee’s report even acknowledges the ongoing work of the Select Committee by stating
“the DCMS Committee has maintained its interest on the issue through the work of its Sub-committee”
—its standing Sub-Committee—
“on Online Harms and Disinformation”.
Let me add to my hon. Friend’s speech by identifying some points with which I agree, but which go above and beyond what he actually said. First, I support the Joint Committee’s work on journalistic content, and its recommendation that existing protections relating to journalistic content and content of democratic importance should be replaced by a single statutory requirement for proportionate systems and processes to protect
“content where there are reasonable grounds to believe it will be in the public interest”.
I also welcome some of the work that the Joint Committee has done in exploring age assurances, building on the work already done by the Select Committee. In particular, it rightly makes several recommendations for Ofcom to establish minimum standards for age assurance technology and governance linked to risk profiles to ensure that third-party and provider-designed assurance technologies are privacy-enhancing and rights-protecting, and that in commissioning such services, providers are restricted in respect of the data for which they can ask.
It is right that the Joint Committee acknowledges the serious threats that misinformation poses to society. In recent months we have witnessed the rise in fake news from the anti-vaccine campaigns as it has hit our social media feeds. I therefore support the recommendation that there should be
“content-neutral safety by design requirements, set out as minimum standards in mandatory codes of practice.”
However, the recommendation that a permanent Joint Committee be established as
I congratulate the Joint Committee on an excellent report, consisting of 191 pages of well-researched, balanced, temperate and intelligent analysis and recommendations. It is rare to find such qualities when it comes to subjects as important as online harms and, indeed, technology in the society of today. I will not go through the report’s recommendations in detail because I do not have the time; also I support and welcome just about all of them. I will mention, for example, the design for safety recommendation, which I think is excellent, but it is one among many excellent recommendations. Instead, I will focus my remarks on why this report needs to be implemented as quickly as possible and what else needs to happen.
I want to start by speaking in praise of technology. I count myself as a tech evangelist. We have to think how many lives have been saved by remote medicine, how many marriages have been saved by not having to argue about the best way to get directions to an event, how much joy has been shared through cat memes or whatever, and how many businesses have been started on such platforms. Technology can and should be a force for good. That is why I went into engineering—to make the world work better for everyone—and my final year project at Imperial College was on a remote alarm to support people who need care in their own homes.
Engineering should be a force for good, but as the report sets out, that is no longer how it is seen. Many of my constituents, for example, feel they are being tracked, monitored, surveilled and analysed, and they feel undermined because they do not want to have to go online to do what they want to do without feeling safe and secure. Self-regulation is broken, as the report says, and it did not need to be this way. Some of us may remember concerns, back when the web started out, that if it was used for commercial purposes, people would be flamed with emails and condemned for trying to advertise or do direct marketing on the web. Somehow, however, the web was captured by those on what I can only describe as the libertarian right, who sought to maintain the lie that technology and the internet were nothing to do with Government, while building monopolistic platforms with more money and more power than most Governments. Their attitude to regulation and Government, as I remember from my days at Ofcom, was often that if they ignored them, regulation and Government would go away.
I too want to say how important this work is; this Bill is desperately needed. Refuge has found that one in three women have at some time in their life experienced abuse online. I would say that Muslim women in particular experience a triple whammy of race, faith and gender, and Tell MAMA has told us of the 40% increase in abuse against Muslim women during the lockdown. I hope my hon. Friend agrees that the social media companies must be held to account for their repeated failures.
20 of 65 shown
We have seen an increase in the incidence of child abuse online. The Internet Watch Foundation has produced a report today that shows that yet again there are record levels of abusive material related to children, posing a real child safety risk. It said the same in its report last year, and the issues are getting worse. Throughout the pandemic, we have seen the rise of anti-vaccine conspiracies.
This approach has been made possible because of the work of the Law Commission in producing its recommendations, particularly in introducing new offences around actively promoting self-harm and promoting content and information that is known to be false. A new measure will give us the mechanism to deal with malicious deepfake films being targeted at people. There are also necessary measures to make sure that there are guiding principles that the regulator has to work to, and the companies have to work to, to ensure regard to public health in dealing with dangerous disinformation relating to the pandemic or other public health issues.
We also have to ensure an obligation for the regulator to uphold principles of freedom of expression. It is important that effective action should be taken against hate speech, extremism, illegal content and all harmful content that is within the scope of the Bill, but if companies are removing content that has every right to be there—where the positive expression of people’s opinions has every right to be online—then the regulator should have the power to intervene in that direction as well.
At the heart of the regime has to be a system where Ofcom, as the independent regulator, can set mandatory codes and standards that we expect the companies to meet, and then use its powers to investigate and audit them to make sure that they are complying. We cannot have a system that is based on self-declared transparency reports by the companies where even they themselves struggle to explain what the results mean and there is no mechanism for understanding whether they are giving us the full picture or only a highly partial one. The regulator must have that power. Crucially, the codes of practice should set the mandatory minimum standards. We should not have Silicon Valley deciding what the online safety of citizens in this country should be. That should be determined through legislation passed through this Parliament empowering the regulator to set the minimum standards and take enforcement action when they have not been met.
We also believe that the Bill would be improved by removing a controversial area, the principles in clause 11. The priority areas of harm are determined by the Secretary of State and advisory to the companies. If we base the regulatory regime and the codes of practice on established offences that this Parliament has already created, which are known and understood and therefore enforced, we can say they are mandatory and clear and that there has been a parliamentary approval process in creating the offences in the first place.
Where new areas of harm are added to the schedules and the codes of practice, there should be an affirmative procedure in both Houses of Parliament to approve those changes to the code, so that Members have the chance to vote on changes to the codes of practice and the introduction of new offences as a consequence of those offences being created.
The Committee took a lot of evidence on the question of online fraud and scams. We received evidence from the Work and Pensions Committee and the Treasury Committee advising us that this should be done: if a known scam or attempt to rip off and defraud people is present on a website or social media platform, be it through advertising or any kind of posting, it should be within the scope and it should be for the regulator to require its removal. There should not be a general blanket exemption for advertising, which would create a perverse incentive to promote such content more actively.
The last thing I should say, in my final seconds, is on anonymity. I would like the Minister simply to confirm this afternoon whether he will tackle anonymous abuse and put in place the Law Commission’s proposals. When is the timeframe for that? I very much welcome the report and commend all those who worked so hard to put it together, and I hope we can make progress swiftly on a problem that is growing in British society and that is undermining, not supporting, democracy.
“a solution to the lack of transparency and…oversight”
concerns me, and my Committee, for a range of reasons. First, it would go against a long-standing parliamentary convention. Never before has a Joint Committee been established merely to provide post-legislative scrutiny. I know some Members have suggested that a Joint Committee on online harms would have terms of reference mirroring those of the Joint Committee on Human Rights and the Intelligence and Security Committee, but the Joint Committee on Human Rights was certainly never enshrined in the Human Rights Act 1998, and the responsibility of the Intelligence and Security Committee is to provide oversight for policies, expenditure, and operations adopted by MI5, MI6 and GCHQ.
We fear that the creation of such a standing Joint Committee would not only go against parliamentary convention, but would set a bad precedent for many decades to come. If some particularly complex legislation comes to the House in the future, will we just keep on setting up Joint Committees to provide post-legislative scrutiny? Of course we will not—we would be very foolish to do so—but this recommendation sets a precedent for it to happen. When I asked about the cost of establishing the Joint Committee, I was told that it would be £500,000 a year. Moreover, the work is already being done by an elected Committee of the House and a Committee in the other place.
What is the point of establishing another Committee merely to replicate the work that the Select Committee is already doing? If our Committee does need to conduct post-legislative scrutiny of legislation that is particularly complex and groundbreaking, we have a Sub-Committee for the purpose. We recognise the importance of this legislation and this area, and we will continue to scrutinise it through our Sub-Committee and through Standing Order No.152.
I raised this matter with the Leader of the House in my capacity as the Select Committee Chair, and I am grateful to him for his response, in which he said:
“Business Managers and I are of the view that this scrutiny can be arranged through current Standing Orders and that it should not require legislation, nor extraordinary powers, to achieve.”
I know from my conversations with Opposition Front Benchers that they strongly support retaining such scrutiny within current parliamentary procedures, rather than innovating in a way that could be damaging in the long term.
I welcome many aspects of this report, which builds on the Select Committee’s own report, but fine tuning is needed before the Bill comes to the House. My Committee stands ready to issue those fine-tuning exercises, and will do so in the coming days.
Now, of course, the tech giants use their immense riches to wield immense power over Governments—whether in opposing workers’ rights in Silicon valley or in delaying and minimising regulation here. In that, they have been all too successful, and I have to say that it was with the support of a series of Conservative Governments who wanted to leave this to the market and believed that the state was too slow or too stupid to regulate to keep people safe, while actively cutting the part of the state designed to do so. That is why, in my view, this Online Safety Bill is a decade too late. These measures cannot be in place for another year—and that is if the Government act in double quick time, which they seem unable to do—which means that it will be 2023 before we have online safety regulation.