With permission, Mr Speaker, I would like to make a statement. As the House knows, the Government announced that age verification for online pornography, under the Digital Economy Act 2017, would come into force on 15 July 2019. It has come to my attention in recent days that an important notification process was not undertaken for an element of this policy, and I regret to say that that will delay the commencement date. I wanted to take the opportunity to come to the House as soon as possible to apologise for the mistake that has been made and to explain its implications.
In autumn last year, we laid three instruments before the House for approval. One of them—the guidance on age verification arrangements—sets out standards that companies need to comply with. That should have been notified to the European Commission, in line with the technical standards and regulations directive, and it was not. Upon learning of that administrative oversight, I instructed my Department to notify this guidance to the EU and re-lay the guidance in Parliament as soon as possible. However, I expect that that will result in a delay in the region of six months.
As the House would expect, I want to understand how this occurred. I have therefore instructed my Department’s permanent secretary to conduct a thorough investigation. That investigation will have external elements to ensure that all necessary lessons are learned. Mechanisms will also be put in place to ensure that this cannot happen again. In the meantime, there is nothing to stop responsible providers of online pornography implementing age verification mechanisms on a voluntary basis, and I hope and expect that many will do so.
The House will also know that there are a number of other ways in which the Government are pursuing our objective of keeping young people safer online. The online harms White Paper sets out our plans for world-leading legislation to make the UK the safest place in the world to be online. Alongside the White Paper, we published the social media code of practice under the Digital Economy Act 2017, which gives guidance to providers of social media platforms on appropriate actions that they should take to prevent bullying, insulting, intimidating and humiliating behaviours on their sites. We will also publish interim codes of practice detailing the steps that we expect companies to take to tackle terrorist content, and online child sexual abuse and exploitation. These will pave the way for the new regulatory requirements.
We set out in the White Paper our expectation that companies should protect children from inappropriate content, and we will produce a draft code of practice on child online safety to set clear standards for companies to keep children safe online, ahead of the new regulatory framework. During the consultation on the White Paper, technical challenges associated with identifying the specific ages of users were raised, so I have commissioned new guidance, to be published in the autumn, about the use of technology to ensure that children are protected from inappropriate content online.
The new regulatory framework for online harms that was announced in the White Paper will be introduced as soon as possible, because it will make a significant difference to the action taken by companies to keep children safe online. I intend to publish the Government response to the consultation by the end of the year, and to introduce legislation as soon as parliamentary time allows after that.
I recognise that many Members of the House and many people beyond it have campaigned passionately for age verification to come into force as soon as possible to ensure that children are protected from pornographic material they should not see. I apologise to them all for the fact that a mistake has been made that means these measures will not be brought into force as soon as they and I would like. However, there are also those who do not want these measures to be brought in at all, so let me make it clear that my statement is an apology for delay, not a change of policy or a lessening of this Government’s determination to bring these changes about. Age verification for online pornography needs to happen. I believe that it is the clear will of the House and those we represent that it should happen, and that it is in the clear interests of our children that it must.
I thank the Secretary of State for advance sight of his statement and the sincerity with which he has made this apology today. However, the statement is proof that a serious and important policy has descended into an utter shambles under this Government. I would like to ask the Secretary of State one question that he did not answer in his statement: when did he find out about this? He says that it was in the last few days, but could he be a bit clearer about that?
Age verification was supposed to be introduced last April; it was delayed. Then it was going to be introduced next month, and today we hear it is going to be delayed again. The Secretary of State says he regrets this. We do too, very much, because it is not good enough—it is not acceptable and it is letting children down. Recent reports showed that 70% of eight to 17-year-olds have seen images and videos that are not suitable for their age in the past year. Given the rise in the use of mobile devices and tablets in the past decade, the case for appropriate online pornography enforcement has increased.
The Secretary of State says that an administrative error caused the failure to notify the European Commission of key details, but are there more fundamental problems with this policy? Can the Secretary of State give us a commitment about exactly when it will be introduced? Indeed, is he confident that it will ever be introduced? When the legislation was going through this place, Labour raised serious concerns about whether the verification process was viable, and whether the process could work if very personal data was given over to commercial pornography sites. This delay shows we were right to be concerned. Is he confident that such extremely sensitive personal data will be safe from leaks or hacks?
Media reports from earlier this year showed serious flaws in the system, with journalists able to create fake profiles that circumvented age checks in minutes. Is the Secretary of State sure that when—if—the policy is finally introduced, it will actually work? The ultimate sanction under the age verification regime was the power to block rogue sites, with internet service providers compelled to comply, but new encrypted browser software is about to undermine this system fundamentally. The encryption will mean that ISPs are blind to the sites that users visit on the internet, and they will be unable to block rogue sites that compromise the safety of children. That system—DNS over HTTPS—undermines not only the age verification system, but the entire foundations of the regulation laid out by the Government in the online harms White Paper. Does the Secretary of State agree that online companies are outsmarting the Government, and that we urgently need to know how the Government plan to catch up?
I thank the hon. Lady for her remarks. As she knows, I have spoken to the shadow Secretary of State about this issue—I accept that he cannot be here today and I am grateful to her for stepping in.
The hon. Lady raised a number of issues, starting with when I discovered the error. The answer to that is Friday last week, and my hon. Friend the Minister for Digital and the Creative Industries found out a couple of days before that. As the House would expect, we have spent the intervening time seeking to confirm that there is no alternative way of doing what I have described. We do not believe there is, hence the course of actions that I have set out to the House.
The hon. Lady rightly asked about personal data and privacy, which is an area of concern. As she knows, it was discussed during the passage of the Digital Economy Act 2017 and subsequently. I do not believe that it is impossible to reconcile the important requirement that people’s data and privacy are protected with the equally important requirement that children are protected from material they should not see. It is perfectly feasible to do those two things in parallel, which is what we seek through our approach. As she knows, the British Board of Film Classification, which will be the regulator for this, has taken steps to ensure that beyond the requirement on all relevant companies under the general data protection regulation parameters, an additional scheme will be available to those who wish to take advantage of it. That scheme will set out a higher gold standard for privacy, which we believe should be publicised to those who may wish to use these services.
The hon. Lady mentioned sanctions, but she will recognise that the issue under discussion is not sanctions for a breach of the requirements, but notification of them to the European Union. It is important to understand changes in technology and the additional challenges they throw up, and she is right to say that the so-called “D over H” changes will present additional challenges. We are working through those now and speaking to the browsers, which is where we must focus our attention. As the hon. Lady rightly says, the use of these protocols will make it more difficult, if not impossible, for ISPs to do what we ask, but it is possible for browsers to do that. We are therefore talking to browsers about how that might practically be done, and the Minister and I will continue those conversations to ensure that these provisions can continue to be effective.
Is my right hon. and learned Friend aware that this is not the first time that a DCMS measure has had to be reintroduced because of a failure to notify the EU Commission? I hope that that problem will soon be removed, but while it exists, will he use this extra time to ensure that we get the measure right? There are still concerns on the grounds of freedom of speech and privacy, and about the ease with which measures can be circumvented through the use of virtual private networks. Will he raise similar concerns with the Information Commissioner to ensure that the age appropriate design code is right? It is much more important that it is properly designed than that it is rushed into place.
I suspect that my right hon. Friend knows from experience that this is not the first time that such a thing has happened, but I am doing my level best to ensure it is the last. It is important that we have new mechanisms to ensure that such oversights are not repeated, and that is exactly what I am doing at the moment. He is correct that we should use the time we now have to get this right and to work through some of the additional challenges that I described a moment ago—we will do that. It is important that we understand these technological changes and, if I may say so, that validates our approach in the online harms White Paper, which was not to be prescriptive about technology, but to ensure that we adapt our systems as technology moves. We will seek to do the same on this point.
My right hon. Friend mentioned the age appropriate design code which, as he rightly says, is produced by the Information Commissioner, not the Government. He is right that it is important that we do not to rush this and that the Information Commissioner takes full account of the responses to the consultation. Having spoken to the Information Commissioner, I know that she will take full account of all the comments before taking the matter any further.
I agree with the Secretary of State that age verification needs to happen. The delay announced today is one thing, but the delays actually stretch back to April. This latest delay does not inspire confidence, which is extremely serious, given that this is about protecting children from harmful content. Another six-month delay is not acceptable. Can he guarantee that there will be no further slippage in the implementation of age verification? Does he agree that robust age verification must apply to social media companies, which may operate around the fringes of the law? Can he reassure us that he will do all that he can to prevent those who are unwilling to provide age verification from accessing pornography and other inappropriate material posted on a social media platform? Does he agree that that needs to be dealt with robustly as a matter of huge concern, as further delays will start to look like a lack of commitment on the Government’s part?
I can reassure the hon. Lady that there is no lack of commitment on the Government’s part, as I hope she would expect. When we discovered that the mistake had been made and realised there was no way to avoid its consequences, the right thing to do was to come and say so to the House of Commons, to apologise not just to the House but, as I said, to those beyond it who have campaigned on this matter, and to set out what we now believe needs to be done.
We will of course do everything we can to ensure there is no further slippage. Both my hon. Friend the Minister and I will spend a good deal of time making sure that we have the necessary measures in place to ensure that such mistakes do not happen again.
The hon. Lady is right to say that social media companies have a responsibility. She will know that in our White Paper on so-called online harms, one area of focus was making sure that young people are not exposed to material to which they should not be exposed. We believe that the duty of care that the White Paper will institute should apply to social media companies across the board. They should be responsible for making sure, where they reasonably can, that harms do not reach their users. Through that process, we expect to develop a regulatory framework that will make that happen. I do not believe that online companies should wait for the regulator to be in place before they change their behaviour, and a sensible company will not do so. When the regulator starts work, it will want to be persuaded not just that an online company is doing the right thing on the day of the beginning of that work, but that it has been doing so for some time.
I very much hope that that will make a difference—I believe it will. The hon. Lady has my commitment that we will continue to work on a whole range of measures to ensure that young people are as safe online as they can be.
I commend the Secretary of State for being so open and frank about this administrative mistake; if I may say so, that is absolutely the right approach. However, as has already been acknowledged, this is not the first time that such a thing has happened. I understand that measures are being put in place to ensure that it does not happen again, but when will that happen so that we can be confident that the Department is operating as it should?
We will conduct that exercise as quickly as we can. As I indicated in my statement, it is important that there is an external element in the process so that people outside the Department can look at what has happened and give us appropriate advice on how that can be avoided in the future. I also think that we will need to look at the mechanisms that are applied to ensure that such an administrative error cannot be made again.
It is worth my saying that it is an important convention of this House—I know, Mr Speaker, that you resolutely defend it—that Ministers should take responsibility for mistakes made by their Department. I am not here to talk about an error of a particular official; I am here to talk about a departmental mistake for which I take responsibility as Secretary of State. It is only right, too, that I reinforce the commitment and dedication of my Department’s civil servants to keeping young people safe online. The measures that we have taken over the past 12 months have represented significant steps forward, and I am grateful to my Department for having achieved that. I do not in any way defend this mistake, but I think it would be wrong to give the impression that the hard-working civil servants of the Department for Digital, Culture, Media and Sport are not doing everything that they can to keep young people safe online.
The Secretary of State is a very honourable man, and it is commendable that he has come to speak to the House today, but many people will be very disappointed by this delay. He said in his statement that he expected this to
“result in a delay in the region of six months”,
but often in this place we are able to expedite matters when they are urgent. Is there no opportunity to speed things up, rather than our having to wait for six months?
I am grateful to the hon. Lady for what she says, and she asks a fair question. One reason why I did not come to the House before now was that I sought to explore exactly what we might be able to do either to avoid this delay altogether or to minimise it. Perhaps it would help if I explained why I think that six months is roughly the appropriate time. Let me set out what has to happen now: we need to go back to the European Commission, and the rules under the relevant directive say that there must be a three-month standstill period after we have properly notified the regulations to the Commission. If it wishes to look into this in more detail—I hope that it will not—there could be a further month of standstill before we can take matters further, so that is four months. We will then need to re-lay the regulations before the House. As she knows, under the negative procedure, which is what these will be subject to, there is a period during which they can be prayed against, which accounts for roughly another 40 days. If we add all that together, we come to roughly six months. As she will recognise, if we could proceed quicker than that, we would, but I do not believe that that will be feasible, so it is right that I am realistic at this stage.
The Secretary of State has made a sincere and frank statement to the House about the reasons for the delay, and I appreciate that this is a change of timescale, not policy. I understand that the technology to enable the changes required by this policy already exists and could be implemented. Will he therefore comment on whether the stakeholders responsible for this—the key internet players—are co-operating on the right scale and at the right speed? We know that they can co-operate, but are they doing so?
My hon. Friend makes a fair point. It is important that we have the necessary co-operation. Of course, that will need to come with the regulator, the BBFC, and those discussions are continuing, as he would expect. I have been clear that the reason for the delay is an administrative error—it is not anything else. We expect compliance by the companies that provide online pornography and, as I say, I see no reason why, in most cases, they cannot begin to comply voluntarily. They had expected to be compelled to do this from 15 July, so they should be in a position to comply. There seems to be no reason why they should not, but we do not rely on voluntary compliance and we will therefore pursue—somewhat later than we hoped—the regulations that I have described.
I welcome the Secretary of State’s statement and his honesty. The protection of our children is paramount for everyone in the Chamber. Does he agree that typing in a year of birth is not an acceptable form of security to protect children’s innocence? Parents, including my constituents, demand that there must be greater verification. What does his Department believe can be done to enhance the verification process?
I know the hon. Gentleman’s long-standing commitment to and interest in this issue. He is right that we should not accept that someone simply ticking a box or saying, “I am 18,” is sufficient for the companies concerned. The regulations that we have laid once, and will now re-lay, make it clear that from the point of view of the BBFC, as the regulator, that will not be an acceptable way of complying with the regulations. Companies will need to do more than that. There will need to be a way of demonstrating that someone is over 18 before they have access to this material so that companies can be sure of that fact, with us as legislators being sure that we are taking every measure that we can to keep young people away from material that will be harmful to them.
It is vital that our legislation is fit for purpose in a digital age, and it is very unfortunate that age verification for online porn is being delayed. I join my neighbour, my right hon. Friend the Member for Maldon (Mr Whittingdale), in calling for us to ensure that this time is used well. I urge the Secretary of State to keep up a relentless focus on making sure that children are safe online, particularly regarding content on social media sites—especially inappropriate content on Twitter—and action on online harassment and bullying. Fundamentally, if a teenage girl walks down the street and some male in a mac flashes his pieces at her, that is illegal. It should not be legal to send that teenage girl a photo via AirDrop in a public place.
I entirely understand my hon. Friend’s point. She is right: the principle that what is unlawful offline should be unlawful online guides much of the legislative activity in which we have engaged. As she says, we must maintain our focus on keeping young people—indeed, people of all ages—safe from online harms. As she knows, in parallel with these regulations, we will pursue the course set out in the White Paper.
We believe that the White Paper, along with the social media code of practice—which, as I mentioned earlier, has been published in conjunction with it—will start to drive these improvements, but the era of self-regulation has come to an end. It is important for the Government and legislators in the House to take seriously their responsibilities to keep people safe online, so that we know that social media companies will be more responsible in the future.