Users warned over Windows 7 security vulnerability

The failure of regulation to keep pace kept pace the role of big tech in modern society has prompted action from the House of Lords Communications Committee.

The Committee is now calling for a new, overarching legal framework to ensure that services in the digital world are held accountable by an enforceable set of shared principles.

In its report, Regulating in a Digital World, the committee notes that over a dozen UK regulators have a remit covering the digital world but there is nobody which has complete oversight.

As a result, regulation of the digital environment is fragmented, and this worked to undermine the effort of big tech companies to tackle online threats.

In the face of an inadequate response to growing public concern, the House of Lords Communications Committee has recommended a new Digital Authority, guided by 10 principles to inform regulation of the digital world.

The recommendations within a new regulatory approach include a new ‘Digital Authority’ to co-ordinate regulators, continually assess regulation and make recommendations on which additional powers are necessary to fill gaps.

The Digital Authority should play a key role in providing the public, the Government and Parliament with the latest information. It should report to a new joint committee of both Houses of Parliament, whose remit would be to consider all matters related to the digital world.

Ten principles for regulation
The ten principles identified in the committee’s report should guide all regulation of the internet. They include accountability, transparency, respect for privacy and freedom of expression.

The principles will help the industry, regulators, the Government and users work towards a common goal of making the internet a better, more respectful environment which is beneficial to all. If rights are infringed, those responsible should be held accountable in a fair and transparent way.

Recommendations for specific action
A duty of care should be imposed on online services which host and curate content that can openly be uploaded and accessed by the public. Given the urgent need to address online harms, Ofcom’s remit should expand to include responsibility for enforcing the duty of care.

Online platforms should make community standards clearer through a new classification framework akin to that of the British Board of Film Classification. Major platforms should invest in more effective moderation systems to uphold their community standards.

Ethical technology
Users should have greater control over the collection of personal data. Maximum privacy and safety settings should be the default.

Data controllers and data processors should be required to publish an annual data transparency statement detailing which forms of behavioural data they generate or purchase from third parties, how they are stored, for how long, and how they are used and transferred.

The Government should empower the Information Commissioner’s Office to conduct impact-based audits where risks associated with using algorithms are greatest. Businesses should be required to explain how they use personal data and what their algorithms do.

Market concentration
The modern internet is characterised by the concentration of market power in a small number of companies which operate online platforms. Greater use of data portability might help, but this will require more interoperability.

The Government should consider creating a public-interest test for data-driven mergers and acquisitions. Regulation should recognise the inherent power of intermediaries.

Commenting on the report, the Chairman of the Committee, Lord Gilbert of Panteg, said:

“The Government should not just be responding to news headlines but looking ahead so that the services that constitute the digital world can be held accountable to an agreed set of principles.

“Self-regulation by online platforms is clearly failing and the current regulatory framework is out of date. The evidence we heard made a compelling and urgent case for a new approach to regulation.

“Without intervention, the largest tech companies are likely to gain ever more control of technologies which extract personal data and make decisions affecting people’s lives.

“Our proposals will ensure that rights are protected online as they are offline while keeping the internet open to innovation and creativity, with a new culture of ethical behaviour embedded in the design of service.”

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.