Motion to Approve
That the draft Regulations laid before the House on 19 March be approved.
Relevant document: 23rd Report from the Secondary Legislation Scrutiny Committee (Sub-Committee A)
My Lords, noble Lords will be aware that the Secondary Legislation Scrutiny Committee reported on this instrument on 3 April. Its report drew attention to provisions relating to intra-EU calling, which I will cover in my speech.
I do not anticipate that many of the provisions in the regulations will be of significant interest to the House, as they simply revoke EU legislation which is directly applicable and would be redundant if converted into UK law after exit. Nevertheless, I will cover these briefly. Detailed explanations of each EU instrument being revoked are provided in the Explanatory Memorandum accompanying this instrument.
The redundant EU legislation being revoked here includes, for example, laws governing the workings of EU bodies such as the Body of European Regulators for Electronic Communications, or BEREC, and the European Regulators Group for Audiovisual Media Services, or ERGA. The EU legislation governing these bodies would have no effect if retained in UK law if we were not a member of the EU. Future UK participation in such bodies has already been discussed at length by the House in other debates. This instrument does not impact that future relationship so I do not intend to retread that ground here. Similarly, EU legislation concerning the .eu internet domain would have no effect if retained in UK law.
The regulations also make technical amendments to EU legislation relating to the notification of personal data breaches by providers of electronic communications services. These include matters such as replacing references to the “competent national authority” with references to the Information Commissioner. These amendments are designed with continuity in mind, seeking to maintain the current approach in a way that makes sense once the UK has left the EU.
I turn to those provisions which I expect to be of more interest to the House. These concern the regulation of prices for certain intra-EU communications. I shall refer to these as “intra-EU calls”, meaning mobile and landline telephone calls, although they also apply to text messages. New European rules regulating the price of intra-EU calls were legislated for in December 2018. However, while these rules are now in UK law, they become effective only on 15 May this year. These rules regulate the maximum cost of mobile and landline calls and texts made from one EU member state to another. For example, a Spanish person calling from Spain to a friend in Italy would be making an intra-EU call. I highlight the obvious point that this is different from rules on mobile roaming, which apply when people travelling in the EU outside their home country use their mobile phones to make calls, send texts and use their data. The EU exit SI relating to mobile roaming was approved by both Houses and made on 14 March.
I return to intra-EU calls. The new European rules will require communications providers in the EU to charge their customers no more than 19 euro cents per minute for calls and 6 euro cents for texts. As I stated earlier, these rules come into force in the EU from 15 May this year. I appreciate that the intra-EU calls rules can be seen as a benefit to consumers. These rules have been introduced as a single-market measure. The rules establish a reciprocal framework which has the purpose of strengthening the European single market. Obviously, if we leave the EU without a deal, the UK will not be part of the single market, and equally obviously, it would not be appropriate to adopt single-market measures when we are not benefiting from its reciprocal framework. Therefore, this instrument revokes the regulation of intra-EU call prices so that the rules do not come into effect in mid-May this year.
However, consumers will experience no negative impact as a result of this instrument. This is because it is not coming into force, and there are currently a range of alternatives to calls and texts available to them. These include internet-based services if they are worried about the costs of traditional calls and texts. Consumers can also use calling cards or bolt-on deals, which are options that provide cheap calls and texts to the EU on top of an existing phone package. In addition, Ofcom already has the power to regulate international markets in certain instances where it identifies that serious competition concerns have led to market failure. To remove the provisions regulating intra-EU calls from the statute book is therefore the appropriate thing to do.
As a Government we are committed to ensuring that the law relating to electronic communications continues to function appropriately after exit. We must provide clarity and certainty to consumers and businesses. That is what these regulations will do, and I commend them to the House.
My Lords, as the Prime Minister traipses around European capitals, seeking to get an extension and, I hope, prevent a no-deal Brexit, I very much hope that today’s relatively short debate will be wasted time. None the less, I was somewhat surprised that this SI was before us. It was only on 18 February this year that we debated the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, so I was somewhat surprised that we needed another one.
Of course, I was aware that since that was laid in November last year, a number of changes made last December had had an impact, so I understand why some aspects of the new SI were necessary. Nevertheless, I was somewhat surprised to be told in a memo from the department that this SI was “a convenient vehicle” to sweep up a number of other small changes which, for various reasons, it had not been possible to include in earlier SIs. For example, I fail to understand why the previous SI did not, as does this one, replace “competent national authority” with references to the Information Commissioner. We knew that we had to do that back in November, so surely we should have done it in the previous SI.
Equally, why are we only now revoking EU legislation establishing the body to which the Minister referred, BEREC, and our membership of the European Regulators Group for Audiovisual Media Services? Why are we only now dealing with the .eu top-level domains? These are all issues that we knew we had to deal with last November, when the previous instrument was laid. What were the “various reasons” why the provision and some others contained in the SI could not have been included the previous one? That does not give us confidence that we do not have before us a further example of rushed legislation. Can he assure your Lordships’ House that this is the last SI on these issues that will come before us?
The new SI referred once again to the changes under GDPR, so it provides another opportunity for the Minister to give once-and-for-all clarity on the question raised several times in the February debate. After a no-deal Brexit, a UK data controller doing business in EEA countries will, because of the reciprocal obligations, need representation in the EEA. Can he clarify whether that is just one representative in the EEA or does it require representatives in each of the EEA member states in which the UK data controller is doing business? Clearly, that has a huge potential impact on the cost of doing business for UK businesses and leads to the question of why it was not included in the explanation of the costs.
Does the Minister acknowledge that the creation of a new data protection regime in the UK—the UK GDPR—presents additional complexities for controllers and processors who are caught up by both European and UK law? I accept that initially there may be very little difference between the two, but in time they will begin to diverge and that will provide added burdens on UK businesses. Surely that should have led to some comment in an impact assessment which, once again, we see is missing in toto from the SI.
I may have missed it, and I apologise if I have, but I can find no reference in the SI to Article 81 of the GDPR. This relates to situations when the courts in two or more EU countries have both issued proceedings against the same controller or processor. In such circumstances, under GDPR Article 81, one of the courts may well decide to decline jurisdiction or suspend proceedings until the other court has made its determination. As these provisions are now revoked, will that not increase the possibility of costly duplication of court action in both the UK and another EU court?
Finally, the SI relates to two recent changes approved by the EU Council in December last year, as I mentioned at the beginning of my contribution: the Electronic Communications Code and the revised remit for BEREC—the Body of European Regulators for Electronic Communications. These have led to some new initiatives. One is mentioned in the SI and the Minister has given us a detailed explanation of it: the introduction of price caps on intra-EU calls and text messages. I accept entirely the point the Minister made: this will have precious little impact on consumers within the UK, who can use alternative means of communication.
However, the other change is not mentioned: the plan being made within the Electronic Communications Code and under the new remit for BEREC that will require all EU member states to set up public warnings—systems that would send alerts to people’s mobile phones in the event of natural disasters, terrorist attacks or other major emergencies in the area. The requirement is that they be in place within three and a half years of the ECC coming into force. Several countries already have some such systems in place—I am sure the Minister already knows this—and in 2013 the Cabinet Office in the UK announced that trials of such a scheme would begin. Given that we are dropping out of involvement in the ECC, could he tell the House whether the Government have plans—notwithstanding the plan to leave the European Union—for such a system to be introduced within the UK, given that trials started way back in 2013?
With those few questions, I just say that I very much hope that this short debate will have been wasted.
My Lords, I looked behind me in vain for interventions from our side of the House. I am happy to provide as short a contribution to this debate as others, and very happy that my noble friend Lord Foster—if I may call him that—has made some of his usual penetrating comments that leave me free to look at things at another level. As the Minister said, this SI seems a simple matter of tidying up an area that had not been previously dealt with in full. I cannot comment on why some of this was not done earlier, but it is being done now. When I got it and saw the pages and pages of sheer drudgery that our very talented Civil Service has had to give its best time to, my heart sank.
It also occurred to me that debating it today is very ironical because the Prime Minister does not want a no-deal exit—neither do the Lords or the Commons. Nobody wants it, but we look as if we might be in danger of drifting into it. Once upon a time, a Roman emperor played the violin while the city around him burned. Now, our contemporary empress is fiddling in European capitals and burning our boats while she does it. We must ask ourselves very seriously whether this exercise of 500 or more statutory instruments being pushed through our procedures in this way has been beneficial to anybody.
I note the substantive point that the statutory instrument intends to deal with the,
“notification of personal data breaches by providers of publicly available electronic communications service”.
I have learned so many acronyms in reading for this debate—indeed, it has been on a par with “Line of Duty”, which I watch rather assiduously when I can. The replacing of “competent national authority” references with references to the “Information Commissioner” seems to tidy everything up. I looked and, as has been mentioned by others already, the Secondary Legislation Scrutiny Committee drew attention to the facts about these calls. Indeed, it added an appendix to one of its committee meetings to ask technical questions of the Minister. He has answered those and I need not therefore repeat them.
With the ground adequately covered and tidiness brought to a fundamentally futile exercise, I am happy to rest the case there. I invite the Minister to say some reassuring words and answer our questions so that we can move on to other business.
My Lords, I am grateful to both noble Lords for their points and detailed questions on a detailed SI.
The noble Lord, Lord Foster, castigated us for bringing these small changes forward at a late stage and asked why we did not bring them forward earlier. The noble Lord, Lord Griffiths, looked at the details, a substantial number of which need to be addressed, not only in legislation but in EU decisions, regulations and directives. That takes time, and we want to get it right. He also asked whether I can categorically assure him that he will not have to deal with these matters again. Of course I cannot give him that assurance, as he well knows, but the point is made and I accept it.
On a serious note, it is important to get these things right. I pay tribute to the civil servants in my department, who have worked very hard to try to do that. Most of the provisions in this statutory instrument are genuinely technical, changing the language so that it makes sense in the event that we leave the EU. Of course, this is a no-deal Brexit SI, so it is contingent on that.
The noble Lord, Lord Foster, asked some specific questions about his favourite subject—the BEREC regulations—such as why we did not bring them forward. The reason is that this SI repeals the 2018 BEREC regulation, which replaced the 2009 BEREC regulation. That regulation was repealed and replaced in December 2018, so it is now necessary to revoke the new 2018 BEREC regulation. It was not ready at the time of the previous SI, which is why we are doing that now. I hope that he can feel happy with that.
As far as the GDPR is concerned, we agreed the data SI in this House some weeks ago. The noble Lord referred to Article 81 on the suspension of proceedings, which is omitted from the UK GDPR. In a UK-only context, that provision becomes redundant, because it is right that breaches of the UK GDPR are brought before UK courts. Of course, amendments to the retained GDPR were debated by this House in February 2019.
I will be brief. The Minister is absolutely right: any breach affecting a UK citizen will be dealt with by a UK court. However, it is perfectly possible that the processor could have been guilty of similar offences in other European countries. In those circumstances, will he confirm that both countries will have to take proceedings in their respective courts, and that this is an additional cost that did not exist previously?
The noble Lord is right. If a data controller causes an offence in two different jurisdictions, two different jurisdictions could decide where they want to hold the controller to account. In the same way, if a person or a company committed a crime in two different countries that are not outside the EU, those countries would be able to take action against them for the law that pertains in their own countries.
The noble Lord, Lord Foster, also asked about the public warning system under the EECC. That is not part of this SI or the BEREC regulation and is therefore not part of the intra-EU core system. Post exit in a no-deal situation, the Government would be minded to implement the EECC where it fits in with UK policy objectives, but there will be no requirement to do that. I will take back his suggestion about the public warning system, but I can make no commitments on it at the moment.
On timing, the GDPR and the Data Protection Act came into force on 25 May 2018. The focus of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, which were debated in this House in February, was on the retained GDPR and the Data Protection Act. I think that was my last point, which I have already answered, so I beg the noble Lord’s pardon. I will check the record to make sure that I have answered his detailed questions, and if I have not I will write to him.