The internet, to regulate or not to regulate? House of Lords calls for new digital regulator

The House of Lords Select Committee on Communications has published a report recommending a new approach to, and comprehensive and holistic strategy for, regulating the digital environment. Unsurprisingly the report concludes that the "digital world has not kept pace with its role in our lives" and, in particular, it calls for the establishment of a new 'Digital Authority' to provide oversight, as well as instruct and co-ordinate existing regulators. While over a dozen regulators have partial responsibility for regulating the digital market, no one regulator has complete oversight. The Committee argues that this has resulted in a digital environment that is fragmented, with gaps and overlaps, as well as  a regulatory infrastructure that is incapable of responding to the challenges that the modern online world presents.

Digital Authority: The Authority would also continually assess the regulatory landscape and make recommendations to improve the efficiency of any regulatory framework. To ensure regulatory flexibility, the Authority will be guided by ten principles; namely  those of parity, accountability, transparency, openness, privacy, ethical design, recognition of children's rights, respect for human rights and equality, education on navigating the digital world and proportionality. The Committee also recommends that the new Authority reports into a new joint parliamentary committee whose remit would be to consider all matters related to the digital environment.

There are a number of other recommendations for the current regulatory environment set out in the report, these include:

• Ethical technology:
  • Data protection and privacy:
    • The report notes that whilst the General Data Protection Regulation ("GDPR") and Data Protection Act 2018 provide valuable safeguards for individuals (including subject access rights to ensure data are accurate and up to date), there are weaknesses in the regime. For example, a subject access request does not automatically provide access to behavioural data generated about the subject because it is "deemed to be the property of the company that acquired it".
    • The Committee recommends that users of internet services should have the right to receive a transparency report from data controllers on request which show not only what data they hold on the data subject (currently the case under the GDPR) but also behavioural data held in respect of that data subject (including that received from third parties and how they are obtained).
    • The Committee also suggests that controllers and processors are required to publish an annual data transparency statement setting out which forms of behavioural data they generate or purchase from third parties, how they are stored, for how long and how they are used and transferred. The report considers other areas of data protection as well such as safety settings in services by default, accountability transparency and age appropriate designs.
  • Ethical by design:
    • To reflect existing concepts of "rights by design", "privacy by design", "security by design" and "safety by design" the Committee recommends that ethical issues should be considered at the design process. The report concludes that establishing and enforcing standards that meet the ten principles (referred to above) would help reduce harm to users and society, whilst also recognising the importance of innovation and entrepreneurship.
    • The Committee suggests that digital service providers (such as hardware manufacturers, operators of digital platforms (including social media platforms and entertainment platforms) and games developers) should keep a record of time spent using their service which may be easily accessed by users, with periodic reminders of prolonged or extended use through pop-ups notices or similar according to an agreed industry standard. It was also recommended that the Information Commissioner's Office should set rules for use of algorithms, conducting audits and requiring explanations of how algorithms work. The ICO should also publish a code of best practice and possibly develop a gold-industry "kitemark" for the use of algorithms.
• Online service providers and platforms: The Committee considers that "notice and take-down" procedure are not an appropriate method of regulating harmful content online. It recommends that online services that host user-generated content which can be openly accessed and use by the public, should be subject to a statutory duty of care, which Ofcom should have the responsibility to enforce.
• Competition recommendations: The report acknowledges the modern internet is made up of a concentration of market power in a small number of companies that operate online platforms and that ex post analyses used by competition regulators is lagging behind, for example, large technology companies acquiring start-up companies before they become competitive. The Committee recommends that the Government consider a public-interest test for data-driven mergers and acquisitions. It was also suggested that the Government recognise the inherent power of intermediaries and widen the consumer welfare standard to take account of long-term innovation.

The Chairman of the Committee, Lord Gilbert, summarised the report stating:

"Self-regulation by online platforms is clearly failing. The current regulatory framework is out of date. The evidence we heard made a compelling and urgent case for a new approach to regulation. Without intervention, the largest tech companies are likely to gain ever more control of technologies which extract personal data and make decisions affecting people's lives. Our proposals will ensure that rights are protected online as they are offline while keeping the internet open to innovation and creativity, with a new culture of ethical behaviour embedded in the design of service."

This report represents one piece in the puzzle of the Government's strategy to addressing the challenges brought about by the internet and the online digital environment. Whilst it recognises the need for any regulation to be balanced against innovation and entrepreneurship, it remains to be seen whether this will be achieved in practice. The report follows a number of other recent Government reviews considering regulation of the online digital environment for example, the House of Common's DCMS Committee's report on the threat of fake news  as well as the House of Common's Science and Technology Committee's report recommending imposing a duty of care on social media providers.