To ask Her Majesty’s Government, further to their call for views and evidence for the Review of Representative Action Provisions, Section 189 Data Protection Act 2018, published on 27 August 2020, what plans they have to reflect the views of the children consulted as part of the Review in changes to the Data Protection Act 2018.
My Lords, DCMS officials consulted children directly as part of the call for views. Children who responded pointed to a lack of awareness about how to complain to the ICO or take action against a data controller when things go wrong. That is why we have committed to work with the ICO and other interested parties to raise awareness about the redress mechanisms available to all data subjects, including children. Our focus is on improving the operation of current law, rather than making legislative changes.
I thank the noble Baroness for her response. However, the other thing that children said in the Government’s own review was that 96% of them thought that charities should be able to represent them—and that they had a “lack of support” and
“had not heard of the ICO.”
As the noble Baroness said, they also lacked awareness of how companies such as advertisers might use their personal data—so they may not even know that they have a problem. As such, I challenge the noble Baroness to say that only a handful people can successfully understand and challenge data protection law.
The other thing is that the Government’s reasoning was that children now benefit from the protections of the age-appropriate design code, so I ask the noble Baroness, as Minister for Youth Policy and DCMS: how do the Government reconcile wilfully ignoring the views of children—in favour of the business interests of the tech sector—with their duties under Article 12 of the Convention on the Rights of the Child, which is that views must be heard in “matters affecting the child”? Are we to understand from this that—
I reject the noble Baroness’s suggestion that the Government are blocking off meaningful means of redress. Our current data protection laws already offer strong protections to people, including children and other vulnerable groups, and we will continue to assist them in exercising their rights. Through the review, we sought, and have listened to, the views of children and their parents, and we are working with the Information Commissioner’s Office to raise awareness of the redress mechanisms available to them. Finally, civil society groups can still make complaints on behalf of children, as the noble Baroness suggests.
My Lords, it is very hard to square the two strands that the Minister is dwelling on: that children were in favour of more legislation to help them challenge the issues concerned with their data, but also that there was not a strong enough case for introducing legislation. Given that the consequence of that decision, as has been said, is more children suffering from identity theft, online grooming, data profiling and microtargeting, can the Minister help us by explaining what would have been a strong enough case?
As the noble Lord is aware, we considered the views of children and business, but the real issue here is less what would be a strong enough case and more whether the existing law is adequate—which we believe it is—and whether it needs to be implemented in a way that allows all data subjects to seek redress more easily, which it does; that is what we are working on.
My Lords, does my noble friend the Minister agree that there is a pressing need for much greater levels of awareness and understanding? Furthermore, does would she agree that it is crucial that we enable our young people, and indeed all people, to be financially, digitally and—crucially—data literate and aware?
My Lords, is my noble friend aware of just how time-consuming it is for a young person to go through a complaint under the ICO rules, which is something I personally have done and have helped children with? Does she not consider it worth making it very clear to children that the civil society organisations representing them can do the bulk of the work, without constantly having to refer back to the child?
My noble friend makes a fair point about the complexity in this area, but the ICO has been very clear that it will investigate companies that do not comply with the GDPR concerns reported to it—and that it will accept referrals and complaints from civil society organisations, which can play an important role.
My Lords, as a family judge, I regularly talked to children, some of them very young, about what they wanted to happen to them at the end of the proceedings. May I urge the Minister really and seriously to listen to children—because they very often have something extremely valuable to say?
My Lords, when I read the government response to the call for evidence, it struck me that it is as important, if not more so, to take account of and reflect on adequate protections and to ensure that they are in place for young people, who evidently have a distinct lack of knowledge and awareness about, for example, how an advertiser might use their personal data. If the noble Baroness agrees with me on that point, what thought have she and her department given to delivering that extra protection by non-legislative means? If she has any examples to share, I am sure the House would welcome them.
The noble Lord makes an important point, particularly in relation to adtech. As he will be aware, the ICO has recently reopened its investigation into it, which it had to pause last year because of Covid-19 constraints. If it is to be effective, our media literacy strategy needs to cover all these points, including giving children and their parents an understanding of how their data is used.
My Lords, among millions of disadvantaged parents and children, awareness of data protection and online harms in general is very fragmented. Could the Minister assure the House that the children consulted came from all sorts of backgrounds to give a broader picture? Does she agree that we cannot leave it to parents and teachers to manage the complexity of data protection—particularly in the context of online harms and safeguarding children from grooming and sexual exploitation—without government leadership with structural safety legislation?
The noble Baroness is right that it is important that we always talk to a wide range of children, which we always seek to do. She is also right that the responsibility to sort this out should not fall to the child or parents; really, we need this to be addressed much earlier on, which is one of the reasons that, in addition to the age-appropriate design code, the Government are developing a one-stop shop to give companies practical guidance about keeping children safer online.
My Lords, can the Minister comment on what steps the Government will take to stop organisations’ growing use of “legitimate interest” to get around cookie refusals? What will HMG now do to help improve knowledge of data protection rights and the Information Commissioner’s Office among young people? It is clear from this review that they are, in the main, not aware of what is done with their personal data or that they can complain to the ICO.
[Inaudible]—2021, seek children’s views. They were rejected because they were asking whether children’s voluntary sector organisations should represent them in presenting those views. I understand that this was rejected because there was a lack of evidence; could the Minister explain this?