House of Commons Public Bill Committee Amendments: Digital Economy Bill, As Amended pages 1-7

Session 2016-17
Internet Publications
Other Bills before Parliament

House of Commons

Notices of Amendments

given up to and including

Wednesday 23 November 2016

New Amendments handed in are marked thus

Amendments which will comply with the required notice period at their next appearance

Amendments tabled since the last publication: 35 to 42 and NC25 to NC34

Consideration of Bill (Report Stage)

Digital Economy Bill, As Amended

Note

This document includes all amendments tabled to date and includes any

withdrawn amendments at the end. The amendments have been arranged in the

order in which they relate to the Bill.

New Clauses

Secretary Karen Bradley

NC28

To move the following Clause—

“Age-verification regulator’s power to direct internet service providers to

block access to material

(1)	Where the age-verification regulator considers that a person (“the non-complying

person”) is—

(a)	contravening section 15(1), or

(b)	making prohibited material available on the internet to persons in the

United Kingdom,

it may give a notice under this subsection to any internet service provider.

(2)	The notice must—

(a)	identify the non-complying person in such manner as the age-verification

regulator considers appropriate;

Notices of Amendments: 23 November 2016

Digital Economy Bill, continued

(b)	state which of paragraphs (a) and (b) of subsection (1) applies;

(c)	require the internet service provider—

(i)	to take steps specified in the notice, or

(ii)	(if no such steps are specified) to put in place arrangements that

appear to the provider to be appropriate,

so as to prevent persons in the United Kingdom from being able to access

the offending material using the service it provides;

(d)	provide such information as the regulator considers may assist the

internet service provider in complying with any requirement imposed by

the notice;

(e)	provide information about the arrangements for appeals mentioned in

section 17(4)(d);

(f)	provide such further particulars as the regulator considers appropriate.

(3)	The steps that may be specified or arrangements that may be put in place under

subsection (2)(c) include steps or arrangements that will or may also have the

effect of preventing persons in the United Kingdom from being able to access

material other than the offending material using the service provided by the

internet service provider.

(4)	The notice may require the internet service provider to provide information

specified in the notice, in a manner specified in the notice, to persons in the

United Kingdom who—

(a)	attempt to access the offending material using the service provided by the

provider, and

(b)	are prevented from doing so as a result of steps taken, or arrangements

put in place, by the provider pursuant to the notice.

(5)	The notice may specify the time by which the internet service provider must have

complied with any requirement imposed by the notice.

(6)	The notice may be varied or revoked by a further notice under subsection (1).

(7)	The age-verification regulator may publish, in whatever way it considers

appropriate, a notice given under subsection (1).

(8)	It is the duty of an internet service provider to comply with any requirement

imposed on it by a notice under subsection (1).

(9)	That duty is enforceable in civil proceedings by the age-verification regulator—

(a)	for an injunction;

(b)	for specific performance of a statutory duty under section 45 of the Court

of Session Act 1988; or

(c)	for any other appropriate relief or remedy.

(10)	Before giving a notice to an internet service provider under subsection (1), the

age-verification regulator must—

(a)	inform the Secretary of State of its decision to do so, and

(b)	give notice of that decision to the non-complying person under this

subsection.

(11)	A notice under subsection (10) (other than notice of a decision to revoke a notice

under subsection (1)) must—

(a)	where subsection (1)(a) applies—

(i)	say why the regulator considers that the non-complying person

is contravening section 15(1), and

(ii)	indicate what steps the regulator considers might be taken by the

non-complying person to comply with that section;

(b)	where subsection (1)(b) applies, say why the regulator considers that the

offending material is prohibited material;

Notices of Amendments: 23 November 2016

Digital Economy Bill, continued

(c)	indicate the circumstances in which the regulator may consider revoking

the notice it has decided to give under subsection (1) and the manner in

which the non-complying person may notify the regulator of steps taken

to satisfy the regulator that the notice ought to be revoked;

(d)	provide information about the arrangements for appeals mentioned in

section 17(4)(e).

(12)	In this section—

“the offending material”, in relation to a non-complying person, means the

material which the age-verification regulator considers is—

(a)	being made available in contravention of section 15(1) by the

non-complying person; or

(b)	prohibited material which the non-complying person is making

available on the internet to persons in the United Kingdom;

“prohibited material” has the meaning given in section 22(4).”

Member’s explanatory statement

This new clause enables the age-verification regulator to require internet service providers to

prevent persons in the United Kingdom from being able to access material on the internet where

it is being made available in contravention of clause 15(1) or is “prohibited material” as defined

in clause 22.

Secretary Karen Bradley

NC29

To move the following Clause—

“On-demand programme services: specially restricted material

(1)	Section 368E of the Communications Act 2003 (restrictions on harmful material

contained in on-demand programme services) is amended as follows.

(2)	In subsection (5), after paragraph (b) omit “or”.

(3)	In that subsection, after paragraph (c) insert—

“(d)	a video work—

(i)	in respect of which the video works authority has issued

an 18 certificate, and

(ii)	whose nature is such that it is reasonable to assume that

its principal purpose is to cause sexual arousal, or

(e)	material whose nature is such that it is reasonable—

(i)	to assume that its principal purpose is to cause sexual

arousal, and

(ii)	to expect that, if the material were contained in a video

work submitted to the video works authority for a

classification certificate, the video works authority

would issue an 18 certificate.”

(4)	In subsection (6), after “(5)(b)” insert “or (e)”.

(5)	In subsection (7), after the definition of “the 1984 Act”, insert—

““18 certificate” means a classification certificate which—

(a)	contains, pursuant to section 7(2)(b) of the 1984 Act, a

statement that the video work is suitable for viewing

only by persons who have attained the age of 18 and that

Notices of Amendments: 23 November 2016

Digital Economy Bill, continued

no video recording containing that work is to be supplied

to any person who has not attained that age, and

(b)	does not contain the statement mentioned in section

7(2)(c) of the 1984 Act that no video recording

containing the video work is to be supplied other than in

a licensed sex shop;”.”

Member’s explanatory statement

Section 368E of the Communications Act 2003 prohibits an “on-demand programme service”

(defined in section 368A) from containing “specially restricted material” except in a manner

which secures that persons under the age of 18 will not normally see or hear it. This new clause

adds further kinds of “specially restricted material”.

Claire Perry

Mr David Burrowes

Fiona Bruce

Derek Thomas

Jeremy Lefroy

Caroline Ansell
Heidi Allen	Andrew Selous	Mr Iain Duncan Smith
Mrs Maria Miller	Fiona Mactaggart	Mark Durkan
Sir Jeffrey M. Donaldson	Calum Kerr	Sammy Wilson
Mr Philip Hollobone	Sir Gerald Howarth	Tom Elliott
Danny Kinahan	Jim Shannon	Gavin Robinson
Sir Peter Bottomley	Kirsten Oswald	Helen Goodman
Susan Elan Jones	Stephen Timms	Kirsten Oswald
Liz Saville Roberts	Jonathan Edwards	Hywel Williams
Drew Hendry	Madeleine Moon	Robert Flello
Flick Drummond	Carolyn Harris

NC1

To move the following Clause—

“Power to require the blocking of access to pornographic material by internet

service providers

(1)	Where the age-verification regulator determines that a person has made

pornographic material available on a commercial basis on the internet to persons

in the United Kingdom—

(a)	in contravention of section 15(1), and

(b)	the person has been the subject of a financial penalty or enforcement

notice under section 20 and the contravention has not ceased,

the age-verification regulator may issue a notice to internet service providers

requiring them to prevent access to the pornographic material that is provided by

the non-complying person.

(2)	A notice under subsection (1) must—

(a)	identify the non-complying person in such manner as the age verification

regulator considers appropriate;

(b)	provide such further particulars as the age-verification regulator

considers appropriate.

(3)	When the age-verification regulator gives notice under this section, it must

inform the non-complying person, by notice, that it has done so.

Notices of Amendments: 23 November 2016

Digital Economy Bill, continued

(4)	An internet service provider who fails to comply with a requirement imposed by

subsection (1) commits an offence, subject to subsection (5).

(5)	No offence is committed under subsection (4) if the internet service provider took

all reasonable steps and exercised all due diligence to ensure that the requirement

would be complied with.

(6)	An internet service provider guilty of an offence under subsection (4) is liable, on

summary conviction, to a fine.

(7)	In this section “internet service provider” has the same meaning as in section

124N of the Communications Act 2003 (interpretation).”

Member’s explanatory statement

This new clause gives a power to the age-verification regulator to require internet service

providers to block pornography websites that do not offer age-verification.

Liz Saville Roberts

Jonathan Edwards

Hywel Williams

NC3

To move the following Clause—

“Safety responsibilities of social media sites

(1)	This section applies to a person who operates an internet site for commercial

purposes which requires a user to create a personal account to fully access the

internet site.

(2)	A person under subsection (1) must—

(a)	undertake and publish an online safety impact assessment in respect of

their account holders,

(b)	inform the police if they become aware of any threat on its internet site

to physically harm an individual,

(c)	remove any posts made on its internet site that are deemed to be violent

or that could incite violence.”

Louise Haigh

Kevin Brennan

Dr Rosena Allin-Khan

Drew Hendry

Calum Kerr

NC5

To move the following Clause—

“Personal data breaches

(1)	The Data Protection Act 1998 is amended as follows.

Notices of Amendments: 23 November 2016

Digital Economy Bill, continued

(2)	After section 24 insert—

“24A	Personal data breaches: notification to the Commissioner

(1)	In this section, section 24B and section 24C “personal data breach”

means unauthorised or unlawful processing of personal data or accidental

loss or destruction of, or damage to, personal data.

(2)	Subject to subsections (3), (4)(c) and (4)(d), if a personal data breach

occurs, the data controller in respect of the personal data concerned in

that breach shall, without undue delay, notify the breach to the

Commissioner.

(3)	The notification referred to in subsection (2) is not required to the extent

that the personal data concerned in the personal data breach are exempt

from the seventh data protection principle.

(4)	The Secretary of State may by regulations—

(a)	prescribe matters which a notification under subsection (2) must

contain;

(b)	prescribe the period within which, following detection of a

personal data breach, a notification under subsection (2) must be

given;

(c)	provide that subsection (2) shall not apply to certain data

controllers;

(d)	provide that subsection (2) shall not apply to personal data

breaches of a particular description or descriptions.

24B	Personal data breaches: notification to the data subject

(1)	Subject to subsections (2), (3), (4), (6)(b) and (6)(c), if a personal data

breach is likely to adversely affect the personal data or privacy of a data

subject, the data controller in respect of the personal data concerned in

that breach shall also, without undue delay, notify the breach to the data

subject concerned, insofar as it is reasonably practicable to do so.

(2)	The notification referred to in subsection (1) is not required to the extent

that the personal data concerned in the personal data breach are exempt

from the seventh data protection principle.

(3)	The notification referred to in subsection (1) is not required to the extent

that the personal data concerned in the personal data breach are exempt

from section 7(1).

(4)	The notification referred to in subsection (1) is not required if the data

controller has demonstrated, to the satisfaction of the Commissioner—

(a)	that the data controller has implemented appropriate measures

which render the data unintelligible to any person who is not

authorised to access it; and

(b)	that those measures were applied to the data concerned in that

personal data breach.

(5)	If the data controller has not notified the data subject in compliance with

subsection (1), the Commissioner may, having considered the likely

adverse effects of the personal data breach, require the data controller to

do so.

(6)	The Secretary of State may by regulations—

Notices of Amendments: 23 November 2016

Digital Economy Bill, continued

(a)	prescribe matters which a notification under subsection (1) must

contain;

(b)	provide that subsection (1) shall not apply to certain data

controllers;

(c)	provide that subsection (1) shall not apply to personal data

breaches of a particular description or descriptions.

24C	Personal data breaches: audit

(1)	Data controllers shall maintain an inventory of personal data breaches

comprising—

(a)	the facts surrounding the breach;

(b)	the effects of that breach; and

(c)	remedial action taken

which shall be sufficient to enable the Commissioner to verify

compliance with the provisions of sections 24A and 24B. The inventory

shall only include information necessary for this purpose.

(2)	The Commissioner may audit the compliance of data controllers with the

provisions of sections 24A, 24B and 24C(1).

(3)	In section 40 (Enforcement notices)—

(a)	in subsection (1)—

(i)	after “data protection principles,” insert “or section 24A,

24B or 24C”;

(ii)	for “principle or principles” substitute “principle,

principles, section or sections”;

(b)	in subsection 6(a) after “principles” insert “or the section or

sections”.

(4)	In section 41 (Cancellation of enforcement notice”)—

(a)	in subsection (1) after “principles” insert “or the section or

sections”;

(b)	in subsection (2) after “principles” insert “or the section or

sections”.

(5)	In section 41A (Assessment notices)—

(a)	in subsection (1) after “data protection principles” insert “or

section 24A, 24B or 24C”;

(b)	in subsection (10)(b) after “data protection principles” insert “or

section 24A, 24B or 24C”.

(6)	In section 41C (Code of practice about assessment notices)—

(a)	in subsection (4)(a) after “principles” insert “and sections 24A,

24B and 24C”;

(b)	in subsection (4)(b) after “principles” insert “or sections”.

(7)	In section 43 (Information notices)—

(a)	in subsection 43(1)—

(i)	after “data protection principles” insert “or section 24A,

24B or 24C”;

(ii)	after “the principles” insert “or those sections”;

(b)	in subsection 43(2)(b) after “principles” insert “or section 24A,

24B or 24C”.

Back to Start Next

	Revised 23 November 2016