final logo red (RGB)

 

Communications and Digital Committee

Corrected oral evidence: Digital regulation

Tuesday 2 November 2021

2.30 pm

 

Watch the meeting

Members present: Lord Gilbert of Panteg (The Chair); Baroness Bull; Baroness Buscombe; Viscount Colville of Culross; Baroness Featherstone; Lord Foster of Bath; Lord Griffiths of Burry Port; Lord Lipsey; Baroness Rebuck; Lord Stevenson of Balmacara; Baroness Stowell of Beeston; Lord Vaizey of Didcot.

Evidence Session No. 1              Heard in Public              Questions 1 - 10

 

Witnesses

I: Stephen Almond, Director of Technology and Innovation, Information Commissioner’s Office; Kate Collyer, Chief Economist and interim Director of Competition, Financial Conduct Authority; Kate Davies, Public Policy Director, Ofcom; Will Hayter, Senior Director, Digital Markets Unit, Competition and Markets Authority.

 

USE OF THE TRANSCRIPT

This is a corrected transcript of evidence taken in public and webcast on www.parliamentlive.tv.

 


28

 

Examination of witnesses

Stephen Almond, Kate Collyer, Kate Davies and Will Hayter.

The Chair: Welcome to the first evidence session of our inquiry into the future of digital regulation. We have representatives of a number of regulators with us. I will introduce them briefly in a moment. Today’s session will be broadcast online and a transcript will be taken. Thank you very much indeed all of you for joining us.

Stephen Almond is director of technology and innovation at the Information Commissioner’s Office. Kate Collyer is chief economist and interim director of competition at the Financial Conduct Authority. Kate Davies is the public policy director of Ofcom. Will Hayter is senior director of the Digital Markets Unit that has been established in the Competition and Markets Authority.

As we get stuck into questions, we are going to ask you to decide who should take a lead and who will follow on, which will give us a good idea as to whether digital regulation co-ordination is working or not. Thank you very much for your time. The first question will be from Lord Stevenson.

Q1                  Lord Stevenson of Balmacara: Thank you very much. I gather, Stephen, you are going to answer the question, but, as has been said, everybody is welcome to join in. You have given us a lot of material; thank you. You have set out—and it bears on the second part of my question—a work plan that you are engaged in. So, I think we are up to speed with the activity on the ground. It probably seems a slightly odd question to ask, but can you judge whether digital regulation has kept pace with developments in technology?

Stephen Almond: Certainly. As regulators, we need to become increasingly agile and co-ordinated in order to respond to the challenges posed by digital technologies, and I think that we have. The pace with which we have responded, with the CMA, to Google’s plans to phase out third-party cookies, and our work with Ofcom to promote child safety online, are both examples of our being world leading in the initiatives we have brought forward. We have also prompted changes in digital platforms not just in the UK but more broadly, globally, where they have been rolled out.

But—and there is a “but”—we are creatures of statute, and, ultimately, we have to operate within our legislative framework. While it takes, in some cases, a matter of weeks or months to introduce a new business model or product, it takes years to pass changes in legislation. That presents a limitation for us on what we can do. We have legislation coming forward on matters such as online safety and digital competition that will provide welcome reinforcement to the powers we can use, and that obviously provides a degree of a brake. Will, do you want to expand on that in relation to digital competition?

Will Hayter: Yes, thank you, Stephen, and thank you for the question. The regulatory system as a whole comes from a combination of statute and how we, as regulators, implement it. The latter part of that can and should adapt as much as it can to keep pace, and we all do that in our respective areas—for example, the way we have updated our merger assessment guidelines, in our case, to identify changes in the way we take account of innovation and future competition when we look at a merger or an acquisition. That can happen more quickly, but, clearly, statutory change necessarily takes longer.

As Stephen says, in our particular area of digital markets, it has become clear, including through the Furman report and, indeed, your previous reports, that the statutory framework for traditional competition law has not proved well equipped to handle digital markets. That is exactly the reason why the Government are consulting on a new pro-competitive framework, and for establishing a Digital Markets Unit in anticipation of that.

We expect and anticipate that that will enable us to be more agile in how we respond to market developments. It is also worth noting, on the flip-side, that it does not and should not imply a rush to regulate. In this specific instance, the concept of strategic market status for the most powerful digital firms is intended to be a high bar, and only once that high bar is passed are remedies potentially available.

Lord Stevenson of Balmacara: I have listened carefully to what you have said but you have not really answered the question, have you? You have pointed out and described one elephant in the room, which is the slow pace of legislation when you need it. Your pleas are being listened to, I think is what you are saying, but it takes time. The narrow question was, have we kept pace, or are we being outmanoeuvred by big tech on all flanks? The answer, presumably, is no, but can you amplify that, perhaps Kate, or the other Kate?

Kate Davies: I do not want to put words in their mouth, but I think what Will and Stephen are saying is that we are at that moment in time where the changes are being brought forward to ensure we are keeping pace.

Lord Stevenson of Balmacara: Yes.

Kate Davies: At the moment we are making that transition to ensure that we are able to regulate these platforms effectively, but I think Will’s point is important. You do not want to jump to overregulation. You will, at points in history, hit that time when it is the right moment to regulate, and that is reflected in the Online Safety Bill from an Ofcom perspective, and then more broadly in other areas for colleagues.

Lord Stevenson of Balmacara: Okay.

Kate Collyer: It is clearly true that there has been rapid technological development, and that has had a significant effect. I cannot speak for others, but certainly in the financial services sector we have seen a huge increase in online banking, just to name one particular area. The need for regulators to keep pace with those changes is why we are here today as part of the Digital Regulation Cooperation Forum: to work together to ensure that we are making those connections and joining up in a consistent, holistic approach to that regulatory challenge.

Lord Stevenson of Balmacara: My colleagues will drill down into what has been achieved later on. May I move on? Your work plan is on page 2 of your submission. Are those the challenges you see, or are they just the challenges you think you have the resources to deal with? Are there other dragons out there in uncharted territory that we ought also to be capturing?

Stephen Almond: As a cross-economy regulator that spans the full breadth of how personal data is used in the digital economy, there is always, frankly, more that we could hope to achieve. So, it requires us to set out quite carefully a set of priorities, and that is what we have focused on through our work plan. The challenges and the opportunities of artificial intelligence, and the questions of how to respond to really seismic shifts in the online advertising market and how we balance privacy and safety in encrypted spaces protecting children online, are the most important issues for us right now, but there is obviously more that sits beyond that. I have not mentioned privacy-enhancing technologies or cloud computing, let alone the metaverse.

We need, therefore, to think not just about the individual technological developments that we need to respond to, but how we work as regulators and how we are going to build in that agility, flexibility and co-ordination among us to be able to respond almost no matter what hits us.

Lord Stevenson of Balmacara: Can you expand on that a bit? Are you reflecting perhaps a cultural issue there?

Stephen Almond: There is a variety of things that we are very conscious we need to reflect on. If we are going to be on the front foot, we need to scan the horizon better for developments that are coming up. If we are going to be able properly to get under the bonnet of certain developments, we need to have the right skills and capabilities. If we are going to be able to regulate those actors where they are operating, in effect, in a borderless digital world, we need to have very solid relationships with our international partners to leverage our relationships to maximum effect. Those are all areas we are working on, but they are an area of active pursuit.

Lord Stevenson of Balmacara: Would anyone else like to come in on this?

Kate Davies: Stephen is absolutely right. We needed to prioritise our work plan. Those were areas—algorithms and end-to-end encryption—where we felt we needed to do work right now together. The DRCF is relatively small, so we needed to prioritise. We are currently in the process of launching a broader, horizon-scanning piece of work that will involve significant public engagement to get input. Obviously, we all do that on our own, but we recognise that in the digital space all these issues we are engaging with come right up against each other, much as this committee has helpfully recognised in its report. Therefore, we need to be better. Rather than each of us saying, “Okay, there is a technology over here that we need to think about”, we need to ask: how do we think about that together, how do we engage platforms together, how do we show consumers that we understand what these things mean not just from a privacy perspective, but from a safety or competition perspective?

Lord Stevenson of Balmacara: Kate?

Kate Collyer: It is a shared endeavour to undertake the horizon planning and ensure that we are joined up in recognising the challenges coming our way with regard to technology. We need to do that effectively to identify the risks and, indeed, the benefits, because there are benefits from technological innovation as well. Our role as regulators is to ensure that we protect against the harm but also ensure that the benefits of regulation and innovation are delivered for consumers.

In terms of our joint working, we have identified the key areas where we think that we need to prioritise and work effectively together and, from our perspective at the FCA, that has been beneficial and is starting to pay off already. We would be happy to give examples of some of the ways in which that effective collaboration has been beneficial for our individual priorities as well.

Lord Stevenson of Balmacara: Will?

Will Hayter: I support what my colleagues have said. The trick we are trying to pull off is to be more than the sum of our parts. The danger with all the technology coming over us in waves is that we could spend person years looking at any one of those issues. Indeed, we have done that in some cases. The amount of resource it took us to do our study on online advertising and to understand the ad tech stack, for example, is a case in point of how much it takes to really get under the skin of those areas.

We could look at any of those future technologies—things that are coming down the track. If we indulged ourselves, each of us could have 10 people beavering away looking at one of those issues, and that would not be a responsible use of our time and scarce resources, as Stephen has hinted.

We are trying to do as much as we can to pool all the individual work we are doing. In recent weeks, we have had our horizon-scanning teams talking to each other in a workshop. We all saw the news last week about the metaverse. We are planning, for example, a specific workshop on that among us to compare notes and get a sense of what the different implications for our different regulatory spheres might be. More than the sum of our parts is the key.

Lord Stevenson of Balmacara: But it is knowledge and understanding rather than any particularly different change in mode or anything like that that we are talking about. Is that right?

Will Hayter: We would all say that, compared to—I will pick a number—10 or 15 years ago, we are trying to have a bit of a change in mode. Indeed, the statutory changes, particularly in our area on the digital markets side, are precisely intended to allow a bit of a change in mode to get away from the backward-looking enforcement model to a more forward-looking regulatory model, trying to spot things coming and head them off before they cause harm. I am sure there are more examples that we can talk about.

Lord Stevenson of Balmacara: I am sure we will. I will stop. I am sure some of my colleagues would like to come in on that. Thank you, Chair.

The Chair: Can I pick up before we move on? The issue of horizon scanning is something we drew attention to in previous reports. You have talked about the importance of horizon scanning and pooling your expertise to look further ahead. You have talked about the foreseeable things that we already know are coming down the road—the metaverse, for example. Horizon scanning is also looking well beyond that, is it not? It is the things that none of us know about such as project X. Let us not even describe it because we do not know what it is. To what extent are you ambitious about getting up to and ahead of tech generally, understanding what is happening that is not currently foreseeable or currently being talked about in the industry?

If you achieve that using your combined expertise, how do you use that information? Clearly, you think about that in terms of your own regulatory workload, and you might think about how you might work together, but do you see a role in informing the public, informing Parliament and informing government about where tech is going, and the public policy issues that will arise in the future, or is this insight an internal thing in your mind? If it is external, could you describe how you think you might share that thinking with the outside world? I do not know who wants to lead on that.

Kate Davies: I am happy to start and I am sure others will want to come in. It is a really good set of questions. Apologies because it is a bit of expectation management, but the thing about the Digital Regulation Cooperation Forum is that we want to get on with it and we want to figure out how to do it, but it is a work in progress. I will say that as a start.

On the horizon scanning piece specifically, we absolutely want to go out and find out about those things that are beyond that list that we can all write down. We will have to see how successful we are. In Ofcom, individually, this year we did our future tech reports that were quite successful at looking at some of those things—quantum computing and how you think about that. Yes, you can write a list, but how do you actually think about that in terms of its impact on a sector or consumers? Together, we do have high ambitions, but we need to go through that process and engage people, and see what we can find out.

How do we then use it? It depends on what we come up with. It definitely will inform our internal work programme, but I would say that not all of us should go away and think about it individually. It precisely informs our work programme for the DRCF and those issues where we need to engage jointly and really work across our boundaries. Absolutely, it may then be right that we set it out publicly for consumers, figuring out quite how to make that meaningful for people, and then, of course, to you in government. At the moment, as we are launching, it is a little bit difficult to see quite what you find out and how far down that track you get, but we are very up for being transparent and open about what we find through the exercise. It is just a case of figuring out exactly how that works.

The Chair: I will bring others in. Do you see a merit in formalising how you bring that thinking to government and to policymakers?

Stephen Almond: From our perspective, we welcome the opportunity to share our insight with government and Parliament. I started out with my comments about the challenges of making sure that legislation keeps pace with technological development. The corollary of that is that it is incumbent on us that, where we spot signals, we share those signals and that intelligence. Quite how we do that is a matter for discussion, and I am sure that our counterparts in government will have reflections on that as well. That is a real sort of public responsibility for us.

Part of what I would describe as the beauty of the Digital Regulation Cooperation Forum is that, individually, as regulators, we are all getting slightly different signals and slightly different bits of intelligence about where the future may lie. There may be new parts that come from the FCA’s sandbox, for example, and the innovators that it is working with. New things may come out through Ofcom’s work with academics on its online nation piece. By combining those different strands of intelligence, to repeat what Will said, we get more than the sum of our parts. Certainly, from the ICO perspective, we learn about things that we would not learn about just by engaging directly with the sorts of people whom we normally engage with.

Kate Collyer: To follow that line of thought, at the FCA we are investing £120 million over three years in our data and technological capabilities, and we think there are real benefits in being able to share the insights that are generated from that, to learn from the experience of other regulators in other sectors and to make sure that we have a really holistic understanding of the challenges from technology and digital. We think that the collaboration that we are able to achieve through the forum is a really effective way of helping us to share and bring about those different perspectives around the same shared problems that we have.

The Chair: Do you have anything to add, Will?

Will Hayter: Just briefly. The discipline of looking far ahead and trying to spot what is coming down the track is a very specific one and one that we have all done separately, but we have also been trying to bring it together. We have been building up that capability. That is what informs all of this.

You were asking about how that comes out in public. One element of that is how we talk to government. We have been using that forward look to inform the discussions we have with government. Indeed, the Digital Markets Taskforce, which fed into the recent government consultation on digital markets, was a joint piece of work involving the CMA, ICO and Ofcom. That was informed by exactly this sense of the speed of change and the need to be able to respond.

I suppose the other element is Parliament. This committee has shown a very welcome appetite for this topic. Both individually and collectively, I am sure we are happy to use further communications with this committee as a way of offering some of the results of that work.

The Chair: A further question we may come to is how we formalise that and whether there are benefits in formalising it, but let us move on for a moment to Baroness Stowell.

Q2                  Baroness Stowell of Beeston: Thank you, Chair. I know you have tried to condition our expectations as far as how things are going. It is early days, but are you able to give us a sense of how the forum operates on a day-to-day basis? Can you give us an example of where you have co-operated as a result of that forum in a way that you might not otherwise have done?

Kate Davies: Absolutely. We have all collaborated in various ways for a very long time. The difference is that with the DRCF the ambition shown by chief executives for what they want to achieve in this work is really making a step change to that approach.

Baroness Stowell of Beeston: A new chief executive.

Kate Davies: No, as in our respective chief executives.

Baroness Stowell of Beeston: I see.

Kate Davies: Dame Melanie Dawes and so on. In terms of the day-to-day work, you have all seen the work plan. We are focused on, broadly, three areas. There are the big strategic questions. We have already talked about those a little bit. There are the questions about the interactions between individual regimes; the work the ICO and the CMA have done on privacy and competition, which I am sure they will want to speak to as a result of this question; the work that we are doing with the ICO on the video-sharing platform and age-appropriate design code, which I will expand on a little bit; and, finally, some more operational work on particularly skills and capabilities, and how we, as the DRCF, might be more attractive to particular skill sets.

On the day to day, we have a small central team. They are populated by staff from each regulator, but they very much feel part of a DRCF team as well as feeding back into their respective regulators. They work on the strategy, planning and delivery, and our engagement with other regulators. We recently held a round table with a much wider set of domestic regulators, but there is also our international engagement. Of course, there is the new chief executive, which was announced yesterday.

As to a specific example, I would just pause on the ICO and Ofcom. Of course, pre-DRCF, I would hope that with the age-appropriate design code and video-sharing platforms we would have joined the dots. I do not think DRCF means that something specifically new is happening, but we have done that incredibly proactively. We went out with guidance recently for video-sharing platforms, setting out our approach, and very much throughout that are references to how we are thinking about this in relation to the age-appropriate design code.

We do not have all the answers. We are working on that. For example, how do the two regimes operate when it comes to something like age assurance? Can you have age assurance solutions that protect children in the context of the video-sharing platform regime but that are also privacy enhancing? The difference the DRCF brings in that specific example is the proactive nature of that engagement. It is not that two regulators go out with regimes and then figure out how to join them up. It is that in going out and talking about them we are already engaging with those questions.

We recognise that we need answers for industry in how they engage with both of us, where the interactions and overlaps are, but we also need answers for users—parents and children. How does this work? Do they complain to the ICO? Do they complain to Ofcom? That is what we are working through. I think the DRCF has made a difference in that specific example. I am sure Will or Stephen will want to talk about the work on privacy and competition.

Will Hayter: I echo Kate’s point about the commitment and statement of intent from the four chief executives, including the appointment of a DRCF chief executive, because that makes a difference at all levels through our respective organisations. Now, it is an expectation that we would look to work together. It could have happened before, but it makes it a lot more likely now that it will happen in a much deeper way. That is to be welcomed.

I offer a couple more specific examples. There will be some things where all four of us will naturally want to co-operate. Some of the projects in the work plan work in that way, such as algorithms. All the stuff around skills and capabilities is a big thing for all four of us, and I am sure we will talk about that some more later as well.

Other issues will just be more applicable to two or three of us, given the different nature of our remits. For example, the Secretary of State for DCMS back in May asked the CMA and Ofcom to think about how a digital markets code of conduct would apply to the relationship between the biggest platforms and content providers such as news publishers. Helped by post-pandemic virtual working, a team is working away on a joint product there, which has been really positive.

Others have mentioned it already, but an example is the way that the CMA and ICO have worked together on the broad issue of the interactions between data protection and competition. That has come out in two specific, concrete outputs already. One is a joint statement on how the two sets of priorities interact to try to counteract a narrative that is pursued by some people, which is that the two are naturally in tension. We highlighted some possible tensions, but we said that in many cases the two agendas can work very much hand in hand, noting that for good data protection and strong competition you need user choice and control and understanding.

That has also come out more specifically in our work around Google’s so-called privacy sandbox. Google made an announcement that it was going to remove third-party cookies from its Chrome browser. We are now in the process of using the Competition Act to seek commitments from Google essentially to enable it to try to achieve the same privacy objectives but without doing what we feared was the risk, which was that it would cause competitive harm because it would chase that privacy benefit but entrench its own advantage at the expense of its competitors. It is a really nice example of the sort of thing we can do if we do a good job on horizon scanning and are forward looking. It was a prospective announcement by Google, and we stepped in with this case and are in the process of consulting on the commitments from Google.

It is a nice example, hopefully, of being able to get in early, spot a problem, spot the interactions between two sets of priorities and two different regimes, and get to a good result that serves both—in this case—consumers and people from the point of view of data protection. That has been accelerated and supported by the fact that we have the DRCF so that co-operation is a default rather than an exception.

Baroness Stowell of Beeston: Do you think other regulators will join the DRCF? I cannot get the name right.

Kate Davies: It is a terrible acronym.

Baroness Stowell of Beeston: How far can this go in terms of who might join? Is there a limit to who is relevant to this? Who are you encouraging to get on board?

Kate Davies: It was ICO, Ofcom and the CMA. We are delighted that the FCA joined this year. The approach we are taking at the moment is that we set out a work plan and we want to deliver on it. There is a risk that if you expand too quickly that dilutes your ability to get on and do stuff—precisely in answer to your question about examples of where co-operation is actually making a difference.

The approach we are taking in parallel is that we are engaging a range of other regulators. I do not know if you will be talking to any of the other regulators, but our experience to date is that specific regulators want to be engaged in a specific area of our work. For most other regulators, the questions we are looking at are not so core and pervasive to their full remit as they are to the four of us. For example, there are some very good conversations with the Advertising Standards Agency about how it might want to engage specifically in relation to advertising and ad tech, but it would not want necessarily to engage in the full breadth of the programme.

As I say, we are engaging. We had a first round table with regulators—and I think we are due to have another one before the end of the year—to keep them abreast very much of the work we are doing, share any lessons that we are learning, and find out where and how they want to engage and keep that under review.

Baroness Stowell of Beeston: It becomes a professional go-to place if you are a regulator with digital issues or want to collaborate.

Kate Davies: Yes.

Baroness Stowell of Beeston: Okay. I think that is enough from me. Thanks.

The Chair: Lord Lipsey, do you want to come in?

Q3                  Lord Lipsey: Yes, if I may. I read your, if I may so, slightly Panglossian paper about what you are going to do. I then dipped into all the evidence that we have received from individual companies and organisations, which is much more critical of the way regulators are working together.

This week I even had a personal example of this because I complained to the Advertising Standards Authority, which is not a member of yours but you work closely with it. As an ex-member of the council at the ASA, I am pretty sure that my complaint would have been upheld if it had been judged by the ASA, but it was passed to the FCA, which turned it down, looking at it in a quite different cultural way, I thought, than the ASA council would.

My question really is, is this a doable task, in the sense of delivering outcomes that people accept are sensible, from the regulatory machinery, as opposed to the theoretical but not necessarily practical plans that you have for moving forward?

Stephen Almond: First and foremost, as Kate has said, this is a work in progress in pursuing a vision of seamless co-ordination between us as regulators, but there are areas of practice already where we provide a seamless user experience. I think, for example, of the collaboration that the ICO and the FCA have in relation to innovation. If you approach the FCA sandbox or engage in one of its techsprints, and you bring forward a fintech innovation that has data protection implications, we work together behind the scenes. Our innovation hub supports the sandbox such that you are provided with joined-up, integrated advice, and you are better able to bring your products and your new ideas to market in a joined-up way.

Clearly, that is not necessarily the experience across the piece, and there will be new boundaries that come up as new technologies emerge as well, but it is certainly our aspiration that we are moving towards, as Will said, that co-ordination by default.

Kate Davies: You are absolutely right to challenge us. The message from our respective chief executives is one of significant ambition. When they spoke at the Global Counsel event, I remember Elizabeth Denham being very clear that this is not a talking shop. If it turns out to be a talking shop, we have failed. That is why we set out the work plan. It is the first year. It does not do everything, by any means. We set out the work plan, and we will report on it at the end of the year because we want to be held accountable. We want to make this meaningful and not theoretical, as you say. That is challenging. There is a lot to do and a lot to work through, but you are right to challenge us on that.

Lord Lipsey: I realise it is a work in progress. There may also be a problem of language. If you think everybody knows what a sandbox is, I am afraid you are very much mistaken. Sometimes, regulation appears to be talking in one language and people out there are talking in another language, and it may be that you find—or it may not—that one of the challenges you face is from translating all that so that not only Parliament but the public in general have some idea of what is going on.

The Chair: Does anyone want to come back on that? If not, we will move on.

Kate Collyer: No—it is nothing in particular.

The Chair: Okay. Lord Vaizey.

Q4                  Lord Vaizey of Didcot: I grew up with the word “sandpit”. These terrible Americanisms come out, like “sandbox”.

In your evidence, you say that the DRCF effectively goes as far as you can go, or starts the work going as far as you can go, to create a digital authority without creating a digital authority. Clearly, the elephant in the room, as it were, is the creation of a digital authority whereby you merge different regulators, and that could be extraordinarily expensive and difficult to achieve, so I would be quite happy with where we are on the DRCF.

But are there bits that are missing because you have stopped at that stage? Are there ways of partially merging? I know, for example, you want to jointly hire people, which is a good thing. Could you see things from the banal point of view of perhaps sharing a building, or could you see specific regulatory functions within your regulatory purview that are effectively formally merged—data oversight, for the sake of argument—without formally merging all the regulators, if that question makes any sense?

Stephen Almond: Indeed. As digital regulators, we do not think that we need to wait for a digital authority to make collaboration happen. We are seeing the proof of that in the join-up between the four of us today. We think we can do this now. We think that by working together voluntarily we are able to move further and faster than we would be if we had to have a separate organisation co-ordinating our activity.

Lord Vaizey of Didcot: I agree.

Stephen Almond: What you see today is a work in progress. We are building the foundations of our collaboration now, but we are challenging ourselves hard on what this would look like in the future. For example, can we produce joint guidance so that businesses receive an integrated product from us? How can we join up our communications? How can we co-ordinate our engagement with firms, for example?

To your point about whether we could be going further and what that would look like, realising the full potential of our collaboration will require a degree of legislative reform. We have been discussing with government what mechanisms will be needed to enable us to formally consult our partner regulators on matters relevant to their interests. We have also been exploring what information-sharing mechanisms we would need to be able to work together as seamlessly as we would want to, and in some cases that will require a degree of legal change.

Will Hayter: You described in passing that people or buildings is perhaps banal. We would not see it that way; we would see that as really important.

Lord Vaizey of Didcot: So do I, but I was just covering myself.

Will Hayter: To Lord Gilbert’s point at the beginning, here we are all in a room, and it is a better discussion than if we are all on screens. We are precisely exploring things like joint hiring and potential collocation. We need to recognise some of the limitations of the further reaches of what you described when you talked about quasi-formally combining functions. As we talked about earlier, we are each creatures of separate statutes, which may create a block at the very, very advanced level of that. That is not to say that our data scientists and data engineers cannot really work together and be exchanging ideas—

Lord Vaizey of Didcot: That is a very interesting point. That is precisely what this kind of committee can then reach a conclusion about, which is whether legislation is holding you back from ultimately realising greater co-operation without necessarily having a digital authority. So, I think that would be a good thing for us to look at.

In answer to Baroness Stowell’s question, somebody said that you had had a round table with all the other regulators that are desperate to get into your gang. That is a good example whereby I would have loved to have known about that and to have seen it. I do not know if that meeting is on a website somewhere, but it brings us back to the question of parliamentary accountability. Do you think an opposite number—for example, a Standing Committee made up of the great and the good such as Lord Gilbert and the Chair of the House of Commons Treasury Select Committee, which meets regularly to scrutinise the work of the DRCF—would be a good thing?

Kate Davies: The first meeting of the regulators was reasonably informal. There was not a write-up. We will be formalising them going forward, and we can think about that.

In terms of a Joint Committee, we are all accountable to Parliament in our own right, and we are very, very happy to continue this conversation. With regard to quite how that works, we are mindful of the fact that we need to be very agile and flexible, so making sure how anything is operationalised involves a pragmatic approach. We are absolutely happy to come and talk to you and other committees. For example, we talked about the horizon-scanning work and, once we get some inputs into that, how we engage you and other members on some of that work. Kate, do you want to add anything?

Kate Collyer: No, I very much agree with everything Kate has just said, particularly our commitment to transparency and openness, and our willingness to consider lots of different fora for engagement, both in engagement with you and with the public, and thinking about the ways in which we can share some of the insights that we are gathering with the public as well.

Q5                  The Chair: I want to pick up a little bit on accountability. From the perspective of all of your bodies, Parliament is increasingly looking to give you powers that are flexible and future-proof. Parliament is handing over to unelected regulators quite a lot of power to create, effectively, secondary and tertiary legislation in some cases because Parliament understands that the solution to these problems cannot be statutory provision; it cannot be primary legislation. There is potentially an accountability deficit there.

As you come back to Parliament and you describe the kinds of problems coming down the road, Parliament may want to give you further powers or make your powers even broader and even more flexible. It seems to me that there is a discussion to be had about how you become accountable to Parliament and how Parliament asserts societal priorities. All of you will have huge workstreams of issues that you are dealing with, but nobody is saying to you, “The things that we really want dealt with societally as the top priority are these three or four things. As a set of regulators, will you go away and think about all your existing powers and work together to come back to us and tell us how these issues can be addressed?”

It seems to me that there is an issue of accountability; there is also an issue of Parliament not interfering in your day-to-day work but asserting societal priorities. Is that something to which a relationship between this body, which may be more formalised, and a Joint Committee could make a contribution?

Stephen Almond: I will start, and I am sure my colleagues will follow. I believe that one of the strengths of the Digital Regulation Cooperation Forum is that it is not a separate entity; it is composed solely of the four independent regulators who retain their very direct accountability to Parliament and to government. I would be very keen, naturally, for us to consider how we can make sure, as each of us individually takes on regimes that have, as you say, greater flexibility to enable us to respond to new challenges, that we remain individually accountable around this. Ultimately, if we take a decision as DRCF regulators, we take that as individual regulators. There is no process whereby we can overrule one regulator within the grouping. We are each accountable for decisions that we take jointly.

My belief would be that we should seek to reinforce and make sure that we continue the transparency and openness that is needed to make sure that you have appropriate sight of our forward planning and the appropriate opportunity to be able to steer us. The same, of course, is true of government as well. Indeed, several of us are in conversation with government about the opportunity for it to set and steer priorities for us, inasmuch as there is new legislation coming forward.

The Chair: Would you be more comfortable if there was some parliamentary oversight of the Government’s role in that regard?

Stephen Almond: I will not speak for the Government’s regulatory proposals in this area, but we have seen in various forms that the Government would like to introduce opportunities to steer our strategic priorities in a way that currently exists for some regulators but probably not for all. It is already a matter of general practice, for example, that for Ofwat, the water sector regulator, the Government lay out a statement of strategic priorities that Parliament has an opportunity to scrutinise and check, and that informs the direction of travel. That certainly continues to be an area of discussion for some of us in relation to how the Government have an opportunity to steer our strategic direction. I will pause for—

Kate Davies: Can I come in on that?

Stephen Almond: Yes.

Kate Davies: Ofcom has a statement of strategic priorities from the Government, but, critically, it is a statement of strategic priorities for the sector. That is very important when we are thinking about this.

More broadly, coming back to—

Lord Vaizey of Didcot: Do you mean the telecoms sector?

Kate Davies: Yes, telecoms, broadcasting[1] and so on. That question then comes up again in the context of online safety.

In terms of the Online Safety Bill, there is a whole range of measures, which Lord Gilbert is very well versed in—both reporting to government and Parliament, provisions to review and various other elements.

I underline Stephen’s points about individual accountability but also any new proposals taking account of the various existing mechanisms and ensuring that regulators can operate with that flexibility that you rightly point out will be needed.

The Chair: Thank you. I will bring Lord Vaizey back.

Lord Vaizey of Didcot: I was thinking that this is a kind of virtual circle, in a sense. I cannot remember, for example, with Ofcom’s strategic priorities, whether it would be subject to a Whitehall write-round, but it raises the intriguing and welcome possibility of, say, the Secretary of State for digital having an input into the FCA’s priorities going forward as part of joined-up government mirroring joined-up regulators. I do not know whether that is already happening, or it is something you are thinking would happen from the Government’s side.

Kate Collyer: I do not know. I would be happy to follow up on that specifically.

The Chair: You are all being very polite. What is going through my mind is that we are always saying to you, “As regulators, you need to be more joined up”, and you are saying, “We agree. We do need to be more joined up, and we are doing this”. We say, “Well, maybe it needs to be more formalised”. But none of you comes back and says, “Well, it would be actually quite good if Parliament was a bit more joined up and if government was a bit more joined up”, which I think maybe you are thinking but not articulating. At the broadest point, does this principle extend to Parliament and government?

Kate Davies: At the broadest level—and I am going to continue being polite—

Lord Vaizey of Didcot: It has been nice knowing you, Kate.

Kate Davies: —unless somebody else kicks me under the table. Digital is not a sector. Issues in the digital space cut right across the four of us, but, as I say, we are bringing in other regulators and other issues. That is not just a regulatory question; that is, of course, also a question for Parliament and for government. I do not know if anybody else wants to come in on that.

Will Hayter: Especially on the two biggest areas that are in flux with the new proposals—the Online Safety Bill and the digital markets proposals—this is all up for grabs. In our case, in digital markets, we are waiting for the legislation to be laid, and that is dependent on where the Government’s eventual policy position comes out following the consultation, and then for Parliament to weigh in on that. We are there to implement whatever comes out of that. For my part, I absolutely understand the bargain you are describing with flexibility and with that coming accountability. Again, for my part, frankly, the more able Parliament is to ask us the right questions, the better, because that helps keep us on our toes and makes sure that, in turn, we are able to ask the right questions of the firms that we are seeking to regulate.

The Chair: Thank you. I will bring in Lord Foster, and then we will move on.

Lord Foster of Bath: I am struggling with one thing in what you have said, and I do not know if there is even an answer to it. You seem to be suggesting that you want to maximise the co-operation on those areas where it would be mutually beneficial to do so, but at the same time you wish to retain individual accountability for the decisions that you make. I do not quite see how that would work going forward. If you, for example, produced joint guidance to a company, presumably you have all signed up to it, and there would, no doubt, be a degree of compromise from one regulator or another in the drawing up of that. It would be interesting to see how that applies to accountability.

Let us go a stage further and, since we are talking about sandboxes, take a very specific sandbox example whereby the Gambling Commission wanted to explore the possibility of data sharing between gambling companies to enable a single-operator view. It was concluded ultimately that that could be achieved, but then the Gambling Commission will set out guidance to gambling companies on how they can do that, and yet, presumably, they will be accountable to the FCA when they do it. I have a problem with this joint accountability/single accountability for joint working.

Stephen Almond: I mentioned earlier the need for us to have the right legal frameworks to enable us to co-operate. There is a lot that we can do on a voluntary basis among ourselves. We have not yet tested the full extent of what we can do voluntarily. There is going to come a point where we are limited by the fact that we are set up by individual statute. That means that we need to have the right framework, particularly as new legislation is being brought forward, to enable us to co-operate. For example, if the Competition and Markets Authority brings forward a pro-competitive measure that has an impact on personal data and may promote data sharing, it should have that power to seek our views and to formally take account of that in a way that would give it a slightly different judgment than if it took that judgment alone. If we are talking about reaching that level of coherence, our view is that, in some cases, that would require some joining up of these respective frameworks to enable us to take account of our respective regulators’ views.

The other area where that becomes particularly true is information sharing. Say we are all very interested in a particular company and we want to be able to work together on how the implications of that company’s activity affect our different regimes. We face limitations that were put in place very sensibly to prevent excess sharing of very sensitive commercial information between regulators, but that prevents us, in some cases, from being able to maximise our alignment in relation to cases. Certainly, speaking to the work around the Google privacy sandbox, it is an area where we have had to tread very carefully to make sure that the join-up of our regimes has worked.

The Chair: Thank you. Lord Colville.

Q6                  Viscount Colville of Culross: I want to talk about digital skills. We all know there is a big digital skills shortage. We also know that the tech companies can pay top dollar to get people, which causes a problem for the public sector. The Institute for Government, in its report Finding the Right Skills for the Civil Service, said that pay constraints and barriers to switching between the Civil Service and the private and wider public sectors make it harder to attract people with the right skills. How problematic is it for you as regulators in the public sector to be able to attract people with the very best digital skills to work with you?

Will Hayter: It is a really vital area. Particularly where there are new functions being contemplated for our organisations, those come with an expectation that we will need to staff up to be able to deliver on those new challenges. Recruiting the right people is probably one of the main delivery risks around that, frankly. We are very focused on it.

Yes, we do not expect to be able to compete on salary with some of the very big tech firms. From a value-for-money point of view, we probably should not be attempting to do that quite that directly. We have to really play on all the other strengths that we think we can offer. In particular, there is the sense of purpose you get when you work for a regulator, the offer of really fascinating work, of having real impact, and all the other non-salary elements. They will be different within different organisations and different histories, but in terms of the particular cultures, which are very supportive across all the four organisations, there is flexible working and increasing ranges of locations for people to be based. One recognises also that there are different career paths. You get, naturally, some longer-term public servants and others who will come from the private sector, do two or three years and go back again, and all that is very healthy. There are different appeals to different kinds of people in those combinations.

We really do not underestimate the challenge, in case I risk sounding blasé about it. It really is a challenge, and it is a big focus for us. But it can work, and we have demonstrated that. I would refer particularly to our data and technology analytics team in the CMA, which is made up of data scientists, data engineers and behavioural scientists—exactly some of the scarcest types of skills and capabilities. We have built a genuinely world-class team, and it has taken a lot of work and some really creative thinking about how we go out and communicate the offer to people and how we do our recruitment work. That team is there and is really strong.

On top of all that, all our individual efforts, we then layer on top the DRCF, which is a tremendously positive addition to this whole agenda. To all the points I have already made, there is a better offer there because there is a greater prospect for people to move around among the four regulators and there is a more varied career path for people. Much of that already happens informally. There are a number of secondments currently under way in a variety of combinations within our different organisations. More of that will happen. We touched earlier on the possibilities of joint hiring of various sorts, which we are exploring particularly at the graduate level. We are all expanding our out-of-London presence, and as that happens there will be more opportunities for joining up.

I made some comments earlier about the CEOs’ collective commitment being reflected in all parts of our organisations. You have the likes of us talking, mainly policy people. Our HR directors and our COOs are all talking as well, and have been meeting precisely to talk about this skills and capabilities agenda. As I said, we do not underestimate the challenge, and it is a big focus for us over the next year or two years and onwards, but we think it can work.

Kate Davies: I would underline everything that Will said. In the context of us regulating cybersecurity, video-sharing platforms and forthcoming online safety, this is a big question. It is a big challenge for Ofcom. To date, we have had some success, which has been nice—for example, the recruitment of our chief technology officer, who is from Amazon and ran its product around Alexa. It can be done. As Will says, it is precisely about what the proposition is that does not relate just to salary, because we cannot compete on that basis. It is a challenge. This can help and the engagement across our departments can help.

Kate Collyer: To bring some of that to life, we have talked about sandboxes a few times this afternoon. A regulatory sandbox is a safe space within which a firm can bring forward a proof of concept with regulatory support and develop it and innovate. We have recently done digital sandboxes, which allow for the same sandbox activity to be taking place using data in an online digital space. That is an example of a cutting-edge approach that is attractive for building capability and staff. People are keen to get an opportunity to work on those sorts of products. Through the DRCF, we have an opportunity to share the experience of those sorts of regulatory innovations and practices. We talked earlier about the role of the ICO in supporting some of the privacy questions around how you make those sandboxes work, and it is a real example of how the DRCF can support that approach to making the regulators attractive.

Viscount Colville of Culross: You talked about purpose, impact and flexible working. Ofcom is recruiting 300 new people. That is even before the Online Safety Bill comes into action. How is that going?

Kate Davies: That is for regulating online safety.

Viscount Colville of Culross: Okay. Odd.

Kate Davies: To date, it is going reasonably well. We are recruiting a number of people both from industry directly and people from relevant third-sector organisations who have considerable experience in this area, thinking about specific harms as well as the technology side of things. To date, we have been pleasantly surprised, but, as Will said, we are not complacent. I do not underestimate the challenges.

Thinking about specific areas—cybersecurity, for example—it is particularly challenging to find the right expertise, but it is really critical. If we are going to regulate these industries, we have to have people who understand these technologies. We were talking about horizon scanning. You cannot do that effectively unless you have people who can challenge in the right way and ask the right questions.

Viscount Colville of Culross: Can you give me a figure on how many outstanding vacancies you still have out of those 300?

Kate Davies: It ramps up over time. I can come back to you on the precise details. We are not recruiting a huge number of them before the regime is implemented. At the moment, we are doing relatively well at filling the vacancies we were expecting to fill this year. I can come back to you on the precise details.

Viscount Colville of Culross: What sort of concern is there about the revolving door of people understanding the policies and aims that you will have as regulators and then going off, which is what we have seen in the past few weeks, to go and work for the tech companies? What on earth can you do about that?

Kate Davies: I am sure others will want to come in. It is really important to get people with those experiences and skills. We need to recognise that there are different career paths, as Will pointed to. At the same time, we all have very robust conflict of interest policies in place to ensure that the right things happen at the moment that somebody says they want to go and work in a regulated entity.

Viscount Colville of Culross: How is it going in the ICO on that front?

Stephen Almond: More broadly, in relation to the skills and capabilities, I shall be frank. Being able to recruit the people with the expertise that we need, particularly when we are looking at emerging technology, remains challenging for us. The very fact that something is new and exciting and coming to the forefront means that there is a high degree of competition for those skills and will continue to be so. One thing that gives me a degree of hope in this area is the establishment of the DRCF. Where previously we might be looking for one person with very niche skills and they could not necessarily see a career for themselves at the ICO because they would be that one person, now they can see a career pathway that links them across those four regulators. If they have appropriate expertise in one technological domain, they will be of interest to the FCA, for example, and that means that they can seamlessly, hopefully, navigate our different career pathways. We are not there yet, but it is getting better.

Viscount Colville of Culross: So, where are you on this? In the evidence you said, “We are also considering how to leverage existing skills and capabilities, for example by developing cross-regulator specialist teams which might be more effective for attracting data scientists and other highly-skilled experts”. That is all slightly putative at the moment. Where are you in bringing together joint recruitment and retention policies?

Stephen Almond: It is early days. There is a sliding scale of what we can do here. Some of it is about, frankly, trying to target the same markets using all our collective channels to be able to reach out to people, trying to show that there is a broad set of benefits; but the deeper that you run into this if you are talking about, for example, co-recruitment initiatives, you run into the fact that we are four separate regulators with four separate sets of terms and conditions and frameworks, and so forth.

Kate Davies: Sometimes, something that gets a little lost in some of this conversation, because of how genuinely passionate we all are about co-ordination, is that we all have individual remits and functions. When it comes to skills and capabilities, we are absolutely looking at what we can do to help each other in this space, but, as Stephen says, it is early days. There may be areas where we say, “Actually, that is something that Ofcom specifically needs”, and we just carry on. It is really mapping out and thinking where we can be most strategic in joining up on skills and capabilities, not just assuming that it is right across the piece, because we may have different needs and different things we want to do.

Viscount Colville of Culross: You have talked about the analytical team at the CMA. Where are the other areas that you might be able to do that joining up?

Kate Davies: We all have relatively similar teams. We have an emerging technology and online technology team. We have a data team. I am sure the ICO has similar. These are very common areas where we think that this is probably one of the biggest areas to explore.

Stephen Almond: Indeed. I would say data science and artificial intelligence. Cybersecurity is an area that affects several of us. They are very scarce skills. Moving into more niche areas for us, there is joint work in end-to-end encryption, but there is also work that we have, for example, in relation to biometrics, privacy-enhancing technologies—all these areas where we are trying to get a very small amount of very highly skilled and very expert people who are able to say, “This is what the future should look like in this space”, and that is a hard ask.

Kate Collyer: I mentioned earlier that we have been investing £120 million over three years in data and technology at the FCA. A large part of that is about people and capabilities, and making sure that we have people with the right skill sets to be able to deliver the benefits that we see from technological adoption and from being able to do the horizon scanning. We are very much part of the thinking around how we can ensure that we have that holistic approach to understanding what the potential career paths might be for people, whether it is our data scientists, our behavioural economists or our technologists. Understanding the potential benefits of that regulatory join-up from a recruitment and retention perspective is really important.

Will Hayter: Perhaps unsurprisingly, we have all talked about the shiniest and newest skills, but we should also remember that there are quite a lot of lawyers and economists in all our organisations, and it is fairly well established that people move around among the organisations. The ICO’s new general counsel was recently a senior CMA lawyer. Kate is ex-CMA. I am ex-Ofcom. There is all that kind of movement anyway on some of the more traditional regulatory skills.

Viscount Colville of Culross: Thank you very much indeed. That is very helpful.

The Chair: Can we stick with the shiny new roles for a moment? You have been at pains to point out how passionate you are about joined-up regulation. Is there any way that you can be passionate about levelling up here and building a really exciting centre of expertise, bringing together people with a range of different skills and base it away from London? Have you talked about whether part of your future might be to get some of these really future-looking roles away from London and the south-east?

Kate Davies: In high-level terms, that is part of the people conversation. I am waiting for somebody else to tell me I am wrong. Ofcom is establishing a hub in Manchester, and I know that colleagues are thinking in similar terms. I do not know quite what the progress is on plans. From an Ofcom perspective, thinking about how much of this we can do out of London and how much that is part of the offer on some of these skills is really important.

The Chair: You could cluster your stuff together. It is not just a case of whether you bring everything into this overarching structure. You could work together to create a cluster of roles within your own organisations.

Stephen Almond: Indeed. That is something that we have been thinking about. For the ICO, our primary base is outside London in Wilmslow. It is not too far away from the new hub that will be created for Ofcom. We definitely see synergy there and an opportunity to forge close links. As we are looking at how we build capability and create new talent, that is going to be really important. We also need to recognise that, in some cases where we are looking for some very scarce technology talent, there is also a real challenge in where you can find that talent. In some cases that talent will be overseas, and in some cases it will have some quite restrictive constraints on where it can be based. We need to have the appropriate flexibility in order to bring in those skills as and when we need them.

The Chair: Okay. Baroness Rebuck.

Q7                  Baroness Rebuck: Thank you. Lord Colville asked some of the questions I was interested in. Talking about the scarcity of technology talent, unlike lawyers and other areas, do you get much cross-organisational poaching at the moment as opposed to the kind of placement of people and hopefully the specialist teams, which I thought was quite an interesting concept to put together and could be persuasive given that a lot of this talent, as you say, either works remotely because they have to or because they choose to and because they can?

Stephen Almond: I am happy to report that we do not get a significant degree of poaching. What we do, and what we try to encourage, is to support people to move across the organisations because it is better for us if we have people who understand and have experience of working across multiple regimes. We have seconded staff from my directorate, for example, to the CMA. That delivers real benefits for us. Having people who have deeper insight into the competition regime means that we are better able to get some of those insights and bring them to bear, and they will get us better, more joined-up positions. I probably worry less about the poaching between us and more about the overall size of the pie, and how we all collectively bring in people because we are all trying to bring in people, and that is a different question for us.

Baroness Rebuck: Do you have an answer to that? Do you have strategies in place on training and recruitment to keep the pipeline going, because there is a genuine scarcity of those areas of expertise, whether it is in the private sector or in your organisations?

Stephen Almond: To be perfectly frank, we are throwing the kitchen sink at it right now. No one single answer will work. Some of it is about bringing in early talent and helping train and develop people. If you do not have the skills within the organisation to train and develop people, you need to bring in some of those skills from outside. Some of that is about bringing in people as permanent employees. Sometimes, it is about finding ways to second people into the organisation. Sometimes, it is about contracting in skills where we need them. Frankly, we need to do all of that in order to have the best possible chance of meeting the skills capacity needs that we have without trying to pay the rates that the largest tech firms are. We have to be really innovative about how we meet our needs.

Baroness Rebuck: I do not know what the timetable is for these specialist technical teams to be put together, but they seem an important development. Once they are up and running, obviously that is going to take away from some of the sector-specific activities that these individuals were engaged in before, in so far as they will be co-operating across all of you. Would it be your intention once you have gone deeply into a particular area—let us say data analytics or whatever—to share that expertise with outside organisations that are not part of this grouping at the moment?

Kate Davies: We are still exploring what the options are—our people teams are getting much more engaged with each other—and what the most strategic approaches are. One of them is set out in the evidence that we are considering. We do not know what would happen at the end of that.

On taking it away from the organisations, I would say two things. First, we all recognise that we can do more if we join up on these issues, but at the same time we need to ensure that we each have the skills to underpin our regulatory decision-making, and that is a difficult balance.

Secondly, the work we are doing—algorithms and end-to-end encryption—in these big, strategic tech areas is work we would all need to do anyway. The fact that we are joining it up is not taking it away from an organisation; it is actually improving that work and bringing more to it. I would hope that we can engage our technical specialists across the four organisations in a way that adds to and benefits each organisation and does not take something away.

The Chair: Thank you. Baroness Buscombe on this, and then we will move on to Baroness Bull for a final question.

Q8                  Baroness Buscombe: Thank you. People watching this or listening to this may be asking themselves, if they are not close to the subject, whether this is all going to lead to more draconian regulation. I cannot remember how you worded it—I am not sure you used the term “light touch”—but only Will has touched on the point about ensuring that you do not go too far in terms of the regulatory outcomes.

The third part of your work plan is developing approaches for delivering coherent regulatory outcomes, but your organisations have quite different cultures when it comes to regulation, in my experience. Stephen, I have to say, for example, that as a Minister I was quite alarmed by some of the ICO’s, I felt, quite draconian regulatory approaches to disclosure. The powers seemed quite alarming, whereas the FCA was much more careful or had the will to be light touch.

How do you agree about your regulatory outcomes, or do you feel that this is beyond your remit, in a sense, and it is just about collaboration in an organisational way rather than influencing the degree—which is the important word—of the regulatory outcome?

Stephen Almond: Perhaps I could start on that point. You would expect me, as director of technology and innovation, to say that innovation is a really crucial focus of our work at the ICO. All of us would agree that we take our role as stewards of the digital economy very seriously. That means that we need to think quite carefully about the imprint of our organisations. Will’s words were that we should not be in a rush to regulate, but we should be taking the appropriate time in thinking about how to respond. Of course, in a fast-paced environment that is challenging. We will not always get the balance perfectly right, but it is really important that we have that moment to reflect and think about how we get the balance right.

We have spent a lot of time today talking about our processes—

Baroness Buscombe: Yes.

Stephen Almond: —naturally, because of the focus of the inquiry, but for all of us it is the outcomes that are driving this collaboration. The outcomes of making children safer online, for example, unify us all as regulators, but particularly for ICO and Ofcom we are really striving jointly for that goal, and we are trying to strain every sinew in how we make sure that our regimes interact jointly to bring that to best effect. For businesses too, that also means that we have been thinking about how we conduct joint engagement with business so that they understand how our two regimes work and how they are aligned together.

Baroness Buscombe: When you are together, do you argue and say, “Well, hang on a minute, you are suggesting X and Y, but is that actually practical?” Do you have that tension and open discussion and say, “I think it’s a great idea but it’s not going to work for these reasons”? Do you see what I mean?

Stephen Almond: I would say that probably the majority of our conversation is one of ambition.

Kate Davies: And creative tension. It comes back to the point I made about the fact that we all have different remits and functions. Ofcom promotes the interests of citizens and consumers when it comes to communications, but we have duties related to competition and innovation. We absolutely deal with that balance that you are talking about all the time. In a funny sort of way, the DRCF is that balance, but across four regulators. How do we think about competing objectives? Our experience, for the most part, is that they are not necessarily competing, and that we need to expect industry to develop solutions that, for example, keep children safe while protecting their privacy. It is not too much to expect that. But I do not think that means more regulation and more draconian regulation.

Baroness Buscombe: Right.

Kate Davies: It means regulation that is more coherent, I would hope.

Baroness Buscombe: Thank you.

The Chair: Good. Thank you. Baroness Bull, all yours.

Baroness Bull: Thank you. I have three questions and about five minutes.

The Chair: No, you can take a bit longer.

Q9                  Baroness Bull: Perfect, thank you. I want to come to the forum’s sixth objective, which is about strengthening international engagement with regulatory bodies. Kate, it has been suggested that I direct this to you in the first instance. From what I can see, this priority does not feature in the work plan for the year ahead that you published in April, but it is covered in the annexe you provided where there is some detail on how each individual member engages internationally. There are lots of words about how important this is, but I would welcome more clarity on what the outcomes and benefits of that engagement might be.

We had some interesting submissions on this question. I particularly enjoyed the one from the LTS group at the LSE, which offered one definition of effectiveness in international co-operation.

My first question is, what is your definition of effectiveness in international collaboration? What do you hope to gain from this international engagement? What does it look like?

Kate Collyer: International engagement is really important. We mentioned that. It is particularly important when we are thinking about the global nature of many of the tech firms and indeed many of the digital markets that we are working with.

The outcomes that we are seeking to achieve through our international engagement strategy are ones where we are really able to build on our individual engagement to bring a broad international co-operation together—thinking about the individual relationships that each of us has, which are extensive, with our counterparts in other countries, within our own sectors or remit, and making sure that we are able to bring those together to take a joined-up approach and build off those.

A good outcome for us would be successfully leveraging that. There is a recent example where we spoke to the Dutch competition authority about the DRCF. A particular focus of our work in international engagement has been talking about sharing best practices to regulatory approaches and exchanging information, for example. We have been talking to our international counterparts about the importance of the dialogue between domestic regulators. In that context, we spoke with the competition authority in the Netherlands, and it has just announced that it will be setting up a body similar to the DRCF, bringing together its competition authority, its data protection authority, its media regulator and its financial regulator. That is an indication of a good outcome in terms of the move towards building a coherent and consistent global regulatory dialogue, which is an important part of what we are seeking to achieve.

Baroness Bull: The annexe talks about the individual engagement continuing as the DRCF undertakes more international engagement. How would those two things differ? How would DRCF engagement differ from individual engagement?

Kate Davies: They do not always differ in terms of individual conversations. For example, the Ofcom international team talks to a range of international partners, and often in those conversations the DRCF comes up. There is a parallel here between the outcomes that are good individually and the outcomes that are good for the DRCF. The outcome that is good individually, from the perspective of Ofcom, would be that these are global players and, in order to be effective in regulating, the greater consensus we can build around certain measures, the better. For example, we are having a lot of conversations about transparency right now. If we can get some consensus about metrics, having the impact we want to have in the transparency of what platforms are doing will be much easier if we have some global consensus.

You can then draw that across the DRCF. If we recognise that the approach we want to take overlaps between the ICO and Ofcom or between the ICO and CMA, it is much easier to make progress on that with a big tech platform if other competition and privacy authorities also recognise that interaction and want to take similar approaches.

Baroness Bull: Is there a chance that the interests might be in conflict?

Stephen Almond: I would argue that the interest that we have received has been very much more in how we are working together. The experience that most of us have had in engaging with international counterparts has been one of almost surprise that it is possible to achieve this degree of integration between us as regulators, and the degree of co-operation that is possible. We are seeing this mirrored now in how some of the other authorities are trying to work through the trade-offs inherent between the regimes. For example, our experience in relation to competition and privacy has been that we have received approaches from a number of different competition and privacy authorities globally as to how we have managed to square off these trade-offs and how we are thinking about this in relation to these cases.

That gives us a real opportunity to provide global leadership because, if we can show in the UK that we can work out how to solve some of these trade-offs and have impact on cases such as the Google privacy sandbox jointly, together, we will have a greater impact across the globe in encouraging other authorities to follow suit and join in in taking the same sorts of actions.

Will Hayter: I echo what Stephen says. I have been really struck by just how much interest there has been around the world in other authorities in the joint statement produced between the CMA and the ICO. As Kate says, the DRCF has attracted a lot of interest. It will remain the first of its kind but is now not the only one of its kind. But that joint statement on competition and data protection remains the only one of its kind, and it draws a lot of interest.

To illustrate one way in which this sort of collaboration might be felt globally and might come about with international co-ordination, we have talked about the privacy sandbox case a couple of times. Google has stated publicly that, if a successful outcome is arrived at through the case in terms of a new set of arrangements for these changes it wants to make, it will roll those out globally. It is an example where we have done some good work, we think, in getting ahead and acting quickly, co-ordinating well between the two authorities, and having a constructive engagement with the firm in question. What might come out of this in a good outcome is a global solution, and, by the way, in the meantime we will have talked to a number of our counterparts around the world because they are all facing the same changes in the market.

Baroness Bull: Are there examples of strategic approaches to digital regulation in other countries that we could learn from and which we could not access without the collaboration of the forum?

Stephen Almond: The nature of this is that every country generally has its own slightly different institutional architecture. If we take the example of the US where the Federal Trade Commission largely covers both the responsibilities that we have in the ICO and the responsibilities of the CMA, that provides an interesting example of how you can bring those two functions together. As we have discussed earlier in the session, the organisational architecture is perhaps less interesting than how it works in practice. You can house two regulators within the same organisation, but are they speaking to each other and are they developing integrated products? We have seen such interest in something like our joint statement on competition and privacy because, yes, there may be different institutional arrangements in other jurisdictions, but lots of people are still working through how you reconcile these two objectives, so it has provided that moment of leadership.

Will Hayter: As with some of the other areas we have touched on, this is not straightforward. The companies are global. These various authorities are not. To take Stephen’s example, not only is the FTC in the US responsible for data protection and competition, but there is a whole other competition authority in the US, which is the Department of Justice Antitrust Division. Even dealing with one country, you have the challenge of that kind of co-ordination.

There are really quite fundamental differences in each of our areas in how our authorities go about their business. For example, the US model is an entirely litigation-based model, whereas we have an administrative system through the CMA. Both in our individual fields and across the DRCF, as we have described, we are working as hard as we can to even up the balance between these global companies and variation across international structures, but it is not straightforward.

Baroness Bull: I have a final question in an area of personal interest. You have talked about structural differences, legal differences and regulatory differences. Are there cultural differences that make collaboration or co-operation impossible or difficult?

Stephen Almond: I would say no. Maybe force of exposure, but I probably spend more time with my fellow directors from the different regulators than I spend with my counterparts within my own organisation. What we are forging—

Baroness Bull: I meant internationally.

Stephen Almond: Forgive me.

Baroness Bull: It is my fault; I was not clear. Are there cultural differences that make international collaboration impossible or more difficult? Are you going to say no again?

Stephen Almond: There I would give a more qualified answer. Different jurisdictions across all our different fields have different degrees of risk appetite in their regulatory portfolios. That will vary across portfolio, as you would expect, as different societies have different sets of priorities. We all probably find that there are partners that we are able to align with, which are interested in taking joint action, and we try to foster those alliances as far as we can. There will be some partners that will say, “Look, this is not for us. This is not our set of priorities right now”, and it is about building those alliances and coalitions that may mean that we can have maximal impact.

Kate Collyer: There are cultural differences, but I do not think that needs to be an impediment to successful collaboration and co-operation. At the FCA we chair, and indeed lead, the Global Financial Innovation Network, which brings together organisations looking at how to foster innovation in the financial sector globally. It started out as a group of 12 organisations back in 2019. It is now over 70 organisations that are looking to join up and think about ways in which, collectively, we can help to support and foster innovation. It is possible for that international collaboration to overcome those challenges as well.

Will Hayter: I would describe the challenges that you hit on as competition policy or financial services policy—or pick your policy—meets diplomacy. There is a reason, therefore, that we all invest significantly in our international teams and we devote real effort to that. It is not without challenges, but we are all seeing progress because everyone recognises the importance of it. Through things like the UK’s presidency of the G7 this year, we have a programme on additional competition track there. I know the data protection authorities among the G7 countries have all been talking and meeting. Things are happening. That policy-meets-diplomacy challenge is a decent-sized one.

Baroness Bull: Thank you.

Lord Griffiths of Burry Port: May I ask the quickest of quick questions? It really will be quick. This has been a learning experience.

The Chair: Lord Griffiths.

Q10              Lord Griffiths of Burry Port: I am intrigued by the job description that says that your team is responsible for anticipating, understanding and shaping, and then engineering information rights into the fabric of new ideas. I had always assumed that regulation was necessarily a retroactive and a retrospective activity in relation to what is there to regulate. This business of anticipating—those three verbs apply to a number of avocations I am familiar with—would solve all the world’s problems. Has your accumulated experience of regulation that we have been hearing about put you in a position where you can anticipate a measure coming forward such as the Online Safety Bill, which has gone through, as you know, bogs and quagmires and all kinds of things already, and anticipate some of the things that eventually you will have to regulate? In the light of that anticipation, can you bring a bit more wisdom to bear on the discussions we are having than sometimes seems to be the case?

Stephen Almond: The task of anticipating what is coming up is necessarily very challenging. It means that for us, as we are working together, we have to be highly innovative in working out how we can attract the future to come to us and how we can get organisations that are developing new ideas and new propositions to come to us and shape their propositions with us. Ideally, it is that ex ante intervention—that early-stage upstream intervention—that will have the greatest of impacts. That is why we invest in our innovation programmes, for example, to support people who are developing new ideas to integrate, whether it is data protection, competition or safety concerns, at the start.

One area that we have been particularly focused on, as you have seen through our work programme, is the idea of design frameworks. Basically, it is the idea that, if you can design protection in up front, surely, we are going to get better results than if we have to take retroactive action as regulators. Lots of our work is now thinking about how we can support product designers, for example, to think about how they can design their systems while thinking about privacy and safety right up front. If we can do that, we will save ourselves the job of having to regulate downstream when something goes wrong

Lord Griffiths of Burry Port: Precisely. Like the Online Safety Bill.

The Chair: Thank you very much indeed for your time, Kate, Stephen, Kate and Will. What strikes me is a point that we initially made when we reported on this some time ago. Digital regulation is not about regulating a bunch of different companies; it is about the way regulation now works in an environment where business and technology is so fast-moving that regulation has to be digital too. It is not just one or two regulators regulating digital pieces, but the work of all the regulators, including all of you and, I imagine, a number of regulators beyond.

Thank you very much indeed for your time today. You have covered a huge breadth of issues for us, and you have co-operated and co-ordinated very effectively, which is encouraging. That concludes this meeting.


[1]              Amended by witness: The statement of strategic priorities covers the following areas: telecommunications, radio spectrum and postal services as set out in Section 2A of the Communications Act of 2003.