Digital Economy Bill - Committee (4th Day) (Continued)

Part of the debate – in the House of Lords at 10:15 pm on 8th February 2017.

Alert me about debates like this

Photo of Baroness Finlay of Llandaff Baroness Finlay of Llandaff Crossbench 10:15 pm, 8th February 2017

My Lords, I will try to be brief because the hour is late. I should also say that this amendment probably has one part missing. In my role as chair of the National Mental Capacity Forum, I have become aware of the large number of people who are subject to fraud through scams and through “suckers lists” which are compiled and which circulate for a great deal of money among criminal gangs. Unfortunately, these have often originated because people have purchased something online, have provided their details and have not opted out of those details being shared with others who may have like-minded sales intentions, partners or whatever.

One of the problems is that, when they are purchasing online, a lot of people really do not understand which boxes they should have clicked on—such as terms and conditions—and which they should have unclicked. So the point of this amendment is to try to require anyone selling any item online to have a box that has to be opted into for a mailing list, rather than the current opting-out system.

Where the amendment is deficient is that it does not stipulate that such permission should be time limited. I hope the Minister will point out to me that it should be time limited for a year, so that the criteria should be even tighter than in my amendment.

I think that enforcement would have to come through the Information Commissioner’s Office, rather than trading standards, but I am grateful to the trading standards workforce for having discussed this issue with me at length, as have social work leaders.

I know that the general data protection regulation will come into force across the European Union on 25 May 2018. This will replace the European data protection directive. It is associated with severe financial penalties for non-compliance. Despite our Brexit arguments, I would expect that, because of this timing, we should also be adopting this data protection regulation. I would be interested to know from the Minister whether that is correct. Coming in with it is law enforcement data protection—directive 2016/680—on protecting personal data processed for law enforcement purposes. This will replace the data protection framework decision 2008. It appears that this directive must be transposed into national law by member states by 6 May 2018. Again, there is a question over whether this will be coming into force. If both of these come into force fully, they may cover this area, although that is unclear and I cannot help feeling that it would be much better for us to get it in our own legislation first.

So that we are aware of the size of the problem, the national scams team has a current database of more than 240,000 people on suckers lists, which is growing all the time because data are intercepted by enforcement bodies and reveal that more and more people have had their data sold on in this way, often by criminal gangs, who then go on to target people and groom them. Many of the people targeted are lonely, isolated citizens who are confused by the opt-in/opt-out. They do not see the small print and they do not understand the significance. The amendment, I hope, would solve the problem. I beg to move.