Examination of witnesses
Adam Kinsley and Paul Morris.
Q61 The Chairman: Thank you very much for joining us, Paul Morris and Adam Kinsley. You are both extremely welcome. Although we have your biographical details here, I would ask you, if you would, to tell us a little bit about yourselves and how your work fits into the work of this inquiry, the consideration of children and the internet, our big theme. Alphabetically, Adam, you go first.
Adam Kinsley: Thank you very much for inviting me to speak here. I am director of policy at Sky. I am on the executive board of UKCCIS and have been involved in online child safety for Sky for a number of years. The area where I have engaged most closely with Government is in some of the technical measures Sky has put in place to do with filtering and, very importantly, to do with education, which we think is a critical component of keeping children safe online.
Paul Morris: I am Paul Morris, the head of government affairs and sustainability at Vodafone, which is, effectively, the public policy and CSR team. Obviously, in both buckets, we do programmes. Public policy is a very important part of this debate, which I am sure we will discuss today, and we do a number of programmes, which Sonia knows all about, which look at how we help parents and young people deal with some of the challenges of being online as well as, obviously, the benefits. We also take part in UKCCIS, IWF and some of the other main organisations that deal with this.
The Chairman: We have heard from various members of UKCCIS. Thank you both very much. Baroness Benjamin will kick us off.
Q62 Baroness Benjamin: I am sure you will agree that, as a society, we all have a corporate and moral responsibility for our children’s well-being, and the ISPs have a major role to play, especially in this new technological world that we are all exposed to. With that in mind, what do you see as the role of providers of the internet and mobile data services in helping to promote and inform about appropriate internet usage for children?
Paul Morris: It is a combination of things. First, the internet is now a more complex place, so you have network providers in this room today, but obviously there are other players as well and it is about how we all play a part. Clearly, from our perspective and for most of the industry on the network side, it is a combination of programmes to help educate parents and children about some of the challenges and, equally, what we can do on the technical side to ensure that they are safe to the best ability, which largely comes down to things such as filtering.
Adam Kinsley: From Sky’s perspective, we think of this under three separate prongs or approaches. The first is the technical tools that we can give to our customers to help them protect their children and to prevent them getting access to content they may not want to see. The second is to create products that are safe for children to use. The final part is that we do think we have a role in helping to educate our customers who are parents. We are in over 11 million homes across the country, so we have very good reach, which is why we have invested heavily in, and promote very actively, Internet Matters as a portal we can direct parents to to get more advice and help because, ultimately, all the technical tools in the world will never be any silver bullet and education is absolutely critical, so we think that is vital.
Baroness Benjamin: Perhaps you can highlight how you actually engage with not just the children but the parents to understand the way the technology works and what is and what is not safe. What do you, as a company, do to ensure that those children and parents are engaging with what your products are about?
Adam Kinsley: Sky is one of the four larger fixed-line ISPs and we have our own safety centre within our home page on sky.com. Back in 2013, we collaborated with the other large fixed-line ISPs to come together and provide a central portal, which is Internet Matters, which provides advice, pooling everything that is out there, so it tries to get the best advice to parents. Then, our role, as a big communication provider which does a lot of marketing, is to try to direct parents to that single portal so that they can get simple advice which they can then act on. We do that in a number of ways. For example, when we were premiering the “Captain America” film on Sky Movies, we had a dedicated advert which featured Internet Matters, on all our bills we will put the logo of Internet Matters and on all our adverts you will see the logo. We can direct a lot of traffic, which means that parents are becoming increasingly aware of the risks and they can deal with them in a measured way.
Paul Morris: For us, we have a long-standing programme we run with Parent Zone, and I think Vicky gave evidence to the Committee. They produce a magazine or a guide for parents and the fifth one has just come out. We print a million copies and then we make an online version available, which goes out pretty quickly. It is evolving, in all honesty, because it used to be about introducing the internet to parents and, when we did a bit of research before we launched this one, unsurprisingly, we found that parents are becoming more digitally sophisticated and more than half of parents now feel quite confident in advising their children, but the challenges are changing. There is a new term we are using, which is slightly ugly, which is “digital resilience”, so we are moving from that early adopter stage to a point where we have to think about how. The computer may have been in the room—a laptop—you probably had one computer in the house and you could control, in a sense, that environment probably easier than you can today because people now have multiple devices connected to the internet and a large proportion of young people will have a smartphone, potentially, so it is as much about control as how we help young people have the skills to deal with being online.
Increasingly, with things such as social media, it is not just about accessing the internet or websites but about how they engage and in fairly large networks over social media. Today, a lot of that is about a skills approach and how we help people make good decisions online and then how they would deal with bad behaviour, which probably will happen in some shape or form—it is unavoidable—so this is where we are moving. We are moving from a poor sort of command-and-control approach to thinking about how we can help young people have the resilience and skills they need to deal with an always connected world as the two worlds, physical and digital, merge. I am 47, so I have gone through all this, but for young people, increasingly, that world has merged.
Baroness Benjamin: How do you get to children and young people at risk, because not all of them have parents who play a responsible role in their child’s well-being? Do you point them to organisations that will be able to help them if they see something they do not like? How do you get to those children and how do you help them, once they do see something or are exposed to something, to get over it?
Paul Morris: You are involved in Barnardo’s, I know, which is a fantastic organisation. From our perspective, you are right: parents are important carers of course, and obviously foster carers and others come into that bucket, but schools have quite a strong role. We have ParentZone, which is the parent magazine we produce and we work with them on that side. We do a lot of work with a charity, The Diana Award, and we run the Be Strong programme which is targeted at schools and has a number of modules which look at building digital resilience through skills, so we think that schools have a role as well. We will probably get on to some other questions about that and the PSHE approach, about which I know you have heard some evidence, but I think there is a role for schools as well. It is probably the best vehicle we can think of today, and you may have other ideas and we are open to that discussion. But the reality is that that might be the best vehicle, looking at how we can up some of the work in schools to help children be resilient and, hopefully, that will pick up most of those children. You are right, we also need to think about those children most at risk as well, where some extra work might need to be done.
Baroness Benjamin: Does Sky do that as well?
Adam Kinsley: I would echo the things Paul was talking about and, clearly, needing to work with those organisations. It is also worth thinking about the internet value chain. In the most part, Sky is acting as an internet access provider, so it is, effectively, a pipe to lots of content and applications. Part of your question was what children can do if they are struggling with something. The chances are that that is going to be on a platform at the end of the pipe, if you like, and industry is doing some interesting thinking about how some of those platforms can be responsive to children who are running into difficulties on them.
Baroness Benjamin: Thank you.
Q63 Baroness Quin: As a Committee, we are looking at the balance between regulation and self-regulation. I would just like to get your thoughts about how effective self-regulation is and what the challenges are.
Adam Kinsley: It is interesting. When I think of all the things that Sky, as an organisation, has done, and it is a long list of which we are very proud, none of it has been done because of legislation, so, in that sense, it has all been done through self-regulation, often in partnership with the Government and policy-makers. I mentioned UKCCIS before and some interesting ideas emanate from a body such as that, and then the general way in which things happen is that companies sign up to the principles and then get on and deliver it, which has worked well in the past. We mentioned the Internet Watch Foundation, which is an incredible scheme built by industry without the backing of legislation, and it is really world-leading in that world. So much has been achieved and, to date, none of it has happened through regulation or legislation; it has all happened through industry endeavour and self-regulation, so there is a lot to be said for self-regulation.
The second part of your question ran into where we find difficulties. Clearly, there probably are some limits to how far we can go. It may be that self-regulation is not happening as quickly as policy-makers would like, but it may be that legislation will not get you there any quicker either. Also, a lot of companies in this space are global in nature, which presents challenges because attitudes differ in each country they operate within, so I have some sympathy there for them.
Baroness Quin: Do you want to add anything?
Paul Morris: I agree with Adam that quite a lot has been achieved. It is quite tricky because you cannot necessarily pass legislation in the UK to cover a company that might be based somewhere else, and we have seen that debate across a number of areas on the internet, so I think self-regulation has achieved quite a lot. If you look at mobile, we have a code that produces a blocking bar which is all self-regulated and is now overseen by BBFC, so we decided to do that. With areas of censorship and other things, there could be issues.
If you start to unpick this and try to make legislation work, it sometimes becomes trickier. I think the principle is that, if it is working okay, let us leave it, but that does not mean that we do not think about new areas potentially. Equally, sometimes, if I am honest, we need to regulate because we need that certainty as well; I think there is a limit to self-regulation in the amount that we can start blocking. Obviously, with some of the horrible things that IWF help deal with—and they have been going for 20 years and have taken down 125,000 terrible images—that is all really good work. I think the blocking bar that we have works really well. If you are moving into new areas, it becomes more difficult for companies such as us to be in charge of what people should be doing on the internet, and then it is a role for the Government to make some of those decisions and, frankly, come to you folks and argue for them, and that becomes much more a position that needs to be sorted out. I think it depends, and it depends on the amount.
Baroness Quin: Given the international nature of some of the companies, is there an emerging international consensus about standards and how people should operate, or is that still fairly chaotic?
Paul Morris: There are attempts to do so. There is the We Protect programme, which we signed up to, which has some countries in it. Across Europe, there are attempts to harmonise. As Adam says, there are cultural differences in some of these areas. Apart from the things that are very illegal, there are differences in different countries, but I think there has been some progress in Europe in looking at this. We certainly have a team that works across Europe, and I think the companies themselves try to work pan-European, at least, so there has been progress; but let us be honest, it is certainly not a global approach.
Adam Kinsley: We are currently involved in an initiative from the European Commission, which Sonia will know because we were at the same meeting a few weeks ago, under Commissioner Oettinger, and there are differences across Europe, let alone the rest of the world. I think that we should be very proud in this country of what we have achieved, but it is challenging to roll it out across the whole world because different attitudes and cultural norms exist in this country; so we would like everybody to go as fast as we are, but it does not always happen.
Baroness Quin: We have seen some figures which seem to indicate that certain types of risks to children are still rising. Is there any kind of monitoring going on which then engages with the companies to try and address some of those issues?
Adam Kinsley: I was looking at the most recent data I could find from Ofcom on this point. This was a set of questions asked of teenagers, comparing one year to the next. It is quite striking that some of the things to do with access to content—such as concerns over seeing things which are too old for them, or things of a sexual nature—had dropped materially in being a high priority for those teenagers, but behaviour, such as cyber-bullying, had gone up. You may conclude that the concern over seeing inappropriate things is because of the attitudes we have had to filtering and it may be that that is coming through, but I do not know.
Certainly, there is an awareness that cyber-bullying, as a behaviour, is a problem and there are initiatives to deal with that. I mentioned UKCCIS and we are involved with the Royal Foundation, which is looking at cyber-bullying as well. Through these mechanisms, you can still use self-regulation to pick up on some of the trends that are emerging.
Baroness Quin: Thank you.
Q64 Lord Sherbourne of Didsbury: Mr Morris, you said a few moments ago that you thought there was a limit to self-regulation and there is a role for the Government. Can you be more specific about that?
Paul Morris: The example we have is age verification on pornography sites in the Digital Economy Bill, which is going through now. I do not have the list of things, but there is an example the Government have chosen to regulate and the idea is that those sites will have age verification on them. I think there will be some challenges for those sites which are not based here, and that is still up for debate, but there is an example where, increasingly, you are saying, and rightly, that there should be some controls on these sites. I think the principle here is right also—and Adam alluded to this—that the internet is a big value chain and we can do a certain amount at the network level, but equally we have to ensure that those delivering the content also have responsibility. I quite like the principle here: that those delivering the content have a responsibility to have an age verification system, which looks as though it will be administered by BBFC, which does our content bar, but we are not quite sure who will be the regulator with the stick, if you like. The reality is that that is an example of moving into an area where it is inappropriate for children but not for an adult, to an extent, so that is where the legislation needs to come in probably.
Lord Sherbourne of Didsbury: Am I right to deduce—and this is a purely neutral question, both in the case of Vodafone and Sky—that there is nothing you would like the Government ever to do, really?
Adam Kinsley: No, that is not true.
Lord Sherbourne of Didsbury: Can you give us some more examples of what they should do other than the age verification question?
Adam Kinsley: Just to pick up the discussion about age verification, because it is really important and it is being discussed. We get to a situation whereby you have some overseas content sites, pornographic sites, and they are asked to comply with UK law, but there is a reasonable probability that many of them will not because they are out of jurisdiction. There then is a valid debate among legislators and policy-makers about what happens then, and a number of people have said in the other place that access to those sites should be blocked by providers, such as us. We watch the debate with interest and, to be honest with you, we see merit in that argument and we are relatively agnostic about it. However, without any legislation, we cannot just block access to some sites, unless there is a power given to a regulator who tells us to do so, in which case we are perfectly happy to do it. The Bill is being debated at the moment and now is the time to have that debate in Parliament and, if it is decided that the right thing to do is for UK ISPs to block access to overseas sites, then that needs to be in legislation because, otherwise, it will not happen. That is a good example.
Lord Sherbourne of Didsbury: Are there any other examples of things you would like the Government to do?
Paul Morris: I have one, which is not filtering, but on the point we made about education. We think that probably more resources should be provided to schools so that they can use some of the great programmes run by the voluntary sector to sort out how we can have more digital resilience sessions in schools, so we think that that should be looked at.
Lord Sherbourne of Didsbury: By resources, do you mean money?
Paul Morris: I think yes is the answer.
Lord Sherbourne of Didsbury: Could that be done by the companies voluntarily, as good corporate citizens?
Paul Morris: We already run programmes that do that, but it a question of the scale, because there are 33,000 schools.
Lord Sherbourne of Didsbury: You could not do more?
Paul Morris: We run a programme ourselves that reaches 2,000 schools. Individual companies run a number of programmes which are all quite good. My concern about that is scale, because no one programme will be able to deliver to 33,000 schools. Of course, we have a role to play, and we have talked about technical solutions, but we are moving into a world where everyone will be online and people will be communicating with each other all the time and the ability to benefit from that is very large. But there is also, as I say, an increasing opportunity for people to make some bad mistakes as they are growing up, which is something that people need to think about as an action and not just rely on technical solutions, which comes back to education. Of course, we have a role to play, but my concern is how we get scale on that, so let us have the debate. I know that you have heard of general studies being the approach, with the organisation that runs it, and that is the sort of thing we need to think about.
Q65 Lord Sheikh: A number of people I know use the filtering system. What are the limitations of the filtering system that you utilise, and is there something we can do about it? Also, is there a possibility that all filtering might prevent children carrying out legitimate work they are involved in? Do these filtering systems provide the right environment to make them child-friendly, as against providing overkill?
Adam Kinsley: There are a few questions there. The one on filtering and whether there is a risk that access to important information is over-blocked is a good question. When we launched our network-level filtering in 2013, it was a big debate and a concern. Under UKCCIS, there was a working group on over-blocking and we worked with a number of sexual health charities to make sure that they were absolutely on a white list and would never get blocked, and we have some evidence about the level of over-blocking as we have worked through those groups. I can say pretty confidently that those risks which were at first highlighted and debated, and rightly so, have not come to pass; children can access the right information where they need help, and sexual health advice and things such as that are absolutely accessible, so I am confident on that.
On the question of the limitations of filtering, we would be the first to say that it is not a silver bullet; you cannot rely on the technology to keep your family safe. If any parent thought that, we would be delivering our messages incorrectly. It absolutely needs to be supplemented with some parental responsibility, and we will help educate them on that. The tools and the technical filtering can be extremely good for younger children to prevent them inadvertently seeing content that would upset them and that they are not looking for, but have stumbled across. With older children who are seeking out this material, it becomes harder and there are challenges; you can work your way around any system, including this one. You end up where this idea of digital resilience is critically important because, at some point, you are not going to be able to protect them by preventing them seeing things, and they are going to see things they do not like, but they then need to learn how to deal with the content they are then exposed to, so I think it is important. We think it works very well for certain classes of children. The last Ofcom report suggested that 97% of parents who were using these network blocks were happy with them, and that is quite a high rate of approval, so they are doing a good job in their space, but we cannot rely on them.
Paul Morris: We are in the same boat. The BBFC helps us run our content block, which avoids over-blocking, which is one of your concerns, and I think it works pretty well. None of these technologies is going to be absolutely perfect, but it probably, if anything, errs on the side of caution, which I think is the right approach. Clearly, we are not saying that you can always block because, if a child cannot access a site, there are other avenues through their parents and other ways, so the reality is that it is probably better to err on the side of caution and, as Adam says, we are pretty confident that, on most occasions, it works well. Within the BBFC system, people can appeal if they think they have been over-blocked or they have been blocked for no reason, and there have been a handful of those. The BBFC reports back quarterly, so there is a process by which, if a website thinks it is being blocked, it can appeal.
Lord Sheikh: How do you monitor the adequacy of the filtering systems? Presumably, it is a moving target, so can the filtering system be overcome by a child or do you need participation by an adult? How do you monitor the adequacy of the systems?
Paul Morris: The approach is in place and you cannot turn it off, unless you are 18, so that is how we report it and yes, we keep an eye on it. We rely on expert advice as well and, effectively, the BBFC will give us that expertise in what we should be doing. But equally, we monitor it, we have data on the numbers and how it is used in other things, and we keep it under review.
Lord Sheikh: Do you get feedback from the parents, for example? Is there communication between you and the parents?
Paul Morris: Yes, we get it, obviously, through our customers. Our customers will ring us about a number of things and there is that feedback. We do not get strong feedback about this. It is on by default and the majority of people leave it on when they could turn it off. Generally speaking, we do not get a lot of negative feedback about it and, if we did, that would be a shame, so we are fairly confident that it is the right thing to do. We are still in the process of looking at what else can be done, so we are looking at other technologies we can bring forward, and I know this guy is going to talk about something they have done as well. We are still looking for innovation in the handset and what more can be done. Clearly, there are other players in that, so the handset manufacturers and others also do things, so there is a dual approach there.
Lord Sheikh: Are there any alternatives to a filtering system to keep a check on what children can view? Could something else be made available, or is it available?
Adam Kinsley: There are a number of ways in which parents can intervene and mediate in their child’s activity online, and they range from quite intrusive to just sitting down and talking about it; it depends on where you are on the scale of parenting styles. There are software providers out there which will allow you to remotely control the access the child has on a different device. The challenge that a company such as Sky has and the reason we have brought in network-level filters is that there are so many connected devices in our customers’ homes now. I am not sure what the latest data is because it must keep moving up, but the chances are that there will be eight, 10, 12 connected devices in the home and, whilst you might be able to set controls on each device, it becomes too much to ask of a parent and what they want is something which is quite simple to apply. Our solution is very simple, it is not terribly sophisticated, it does not have lots of bells and whistles, but you can buy products which have bells and whistles if that is the approach you want to take as a parent; there are the products out there. We like ours.
Lord Sheikh: Could they be varied and could a child interfere with these systems?
Adam Kinsley: Usually, they have checks and balances.
Lord Sheikh: Do they need input from a parent?
Adam Kinsley: Yes, our one does. On our one, the account holder creates the settings, the environment and the categories which are filtered in a very easy way, and it is password-controlled.
Lord Sheikh: So, if it is password-controlled, only the parents should know the password?
Adam Kinsley: Correct and, if the settings do change, so somebody manages to get in, an email is then sent back to the account holder to say that the settings have just changed, which is quite a good belt-and-braces approach.
Lord Sheikh: Are these filtering systems only in the English language or do you make them available in any other language, bearing in mind of course that Polish is the most popular language, apart from English, and the third is my mother tongue, Punjabi? Are they available in other languages?
Adam Kinsley: It is a good question.
Paul Morris: That is a really good question. I do not know if we produce it in other languages, but I will check and come back. I think probably not, but it is worth checking, and it is also a good point.
Lord Sheikh: Thank you.
Q66 The Chairman: With both Vodafone and Sky, your default option is “on” and people have to make a conscious decision to turn it off. We heard earlier today the alternative viewpoint, which is that people should be given a choice as to whether they turn it on or off because this gives them an opportunity to think through the specific things they want to filter out to do the job properly. It is said, in the case of the default being on—your system—that people get irritated and just turn it off, so it is a negative. You have carefully thought this through and decided that it is better to go in with the default button on and make people turn it off rather than say, “It’s up to you and here are the options”, which gives a sort of buy-in, as is the counterargument.
Adam Kinsley: Yes, we have done both, so we have been on a journey. When we started off and introduced our network-level broadband shield control in 2013, the term created was “active choice”. Previously, we had controls, but they were hidden a bit and you had to find them, which was quite hard. We then created this system where, when you became a Sky customer, a screen would appear and you were told, “Please make a choice one way or the other, yes/no”. We did a few things, a bit of nudge theory. We highlighted the “yes” button and we tried to encourage take-up. It is the same back-end system, so it is the same categories and it is rated PG/13/18, which is very simple, as I mentioned before. When we looked at the evidence, the take-up rate was surprisingly low, around the ballpark of 8% to 10%. When we introduced it, it was part of a commitment to David Cameron, the previous Prime Minister, and there was a second part to this, which said, “You also should present an active choice to all your existing customers”, not just the new ones coming on board. When we looked at how best to do that, we determined that the cleanest way to do it was to ask them to make a decision by email and communicate with them and, if they did not come back to us—and most did not—we said, “We will turn it on on a certain day but if you don’t want the controls, you can then turn them off”.
That is what we did and the results were remarkable. Of the number of people who kept it on after a sustained period of time, 70% had some form of control and 62% had kept the parental control piece, so we then had a decision. We said, “Hang on a minute. We’ve deployed this same technology in two different ways: we have asked the question and asked them to think about it; and we have turned it on and, once it was on, they quite liked it”. So we then said, “Okay, we have to change our sign-up policy here” and, rather than asking them, “Do you want it on, yes/no?”, we said, “We have put it on. You can turn it off if you want” and, lo and behold, the take-up rate has gone up to over 60%, so we are pretty convinced it is the right thing to do. We are the only fixed-line broadband company to do that, and we introduced a new broadband service, Now TV broadband, and we launched it completely default-on earlier this year. We have considered both options and we are pretty confident we have got the right outcome, if the objective is high parental engagement and high take-up of controls.
Paul Morris: From our perspective on the mobile side, we have had the content bar in place for a number of years. Historically, a broadband connection would be in the house—not for every child but hopefully the majority of children, there is parental supervision in the house; obviously, with a mobile it could be subtly different—and we have always taken the view that the content bar is best on by default. I think we are still of that view. Clearly, it is only on our network, so you could go to other networks or Starbucks and have a different experience, but then you have the active choice coming in at that point. So we do not control the whole environment because it is only when they are on our network, but I still think, as the industry, that it is the right choice and, as I say, it has been in place for some time.
The Chairman: Thank you.
Q67 Baroness Bonham-Carter of Yarnbury: Going into a slightly different area, we have heard quite a lot of concern about the time that children and young people spend online, on devices and so on. This is specifically for you, Mr Kinsley, for Sky: what prompted you to create a Sky Kids app and how does the app, now you have created it, take account of the age of the people who are using it?
Adam Kinsley: It is an evolution of the idea that there are lots of connected devices in the house and people are using them to watch content. Our research showed us that 80% of children have access to a tablet, so in that environment you have got potentially young children using tablets, so there is probably an enhanced degree of parental anxiety as to exactly what they are doing online. As I said in my introductory comments, the internet is a very positive place giving some excellent and profound changes to the way in which children grow up, but it is not universally acceptable that everything is right for them. If you are giving a child a tablet that you can control by voice activation and you do not even have to be literate to use it, it becomes potentially a dangerous tool, and most children are not looking for bad content.
We thought that, by creating a safe environment for children to enjoy safe and positive content, it would be a welcome initiative, so that is what we did. I am really proud to say that we did that in conjunction with 5Rights and Baroness Kidron—it was great working with her—which meant that we created this for children. In the way we went through the design process, it was almost built by children, going through constant design refreshes with panels of children, which is just great to watch, seeing them trying to break the thing, and giving them something which they can really use and love. In fact, today’s session is very timely because Sky has just released some wonderful new episodes of “Morph” this morning, which I had the pleasure of watching with my young children and saying, “This is the TV that we used to watch”, so that is fantastic and is proving really popular. In some of the stats I have here, we are seeing an 80% year-on-year increase in downloads and streams of up to 10 million per week of children’s content and we have 4,500 hours of children’s content on here, which may bring us to another concern about screen time—how much you want them to see. Sky would like them to watch quite a lot, and it is all good stuff, but we have built into this a bedtime mode, which means that parents can have a setting which says, “Okay, you can watch that for 30 minutes” or whatever and then it turns itself off. There are new releases just this week, so it is constantly evolving.
This is the part of the three-pronged approach whereby the open internet has lots of stuff on it that you would not want children to see, and I think it is up to brands such as us to say, “We can do so much to prevent you seeing the bad stuff, but let’s make this a positive experience and let’s give you an online experience where you are just enjoying curated and safe content that children will feel safe with”.
Baroness Bonham-Carter of Yarnbury: Have you done any research into who is actually going to your app, the demographics of it? Is it very middle-class?
Adam Kinsley: Our customer base tends to be right across the whole spectrum of the country, so I suspect, with that many downloads, it is transcending class and is being used by all sorts of people. I have not got those demographics, but I can certainly look into seeing if we have them. We try to model it so that it is age-appropriate, so depending on whether the child is pre-school or not, to give them a better experience.
Baroness Bonham-Carter of Yarnbury: Thank you.
Q68 Baroness Kidron: My question builds on those of Baroness Bonham-Carter. When we do not have a central record of identity, and there are very good reasons why we do not, and when you have a design that is for ultimate convenience—I am talking more about platforms than the beginning of the food chain, as it were—you then have an issue of not knowing who is online, which means kids can be considered adult. Various people have put to us ideas around design that would help children. The one we felt was most powerful and simple was from a couple of head teachers who said, “Why not have maximum privacy settings by default?”, which is the argument you have just made on filtering. My question is: what would good design look like and what can you see from where you sit that would actually help young people be treated well online? Here, I would urge you to take a behavioural stance, as well as a content one.
Adam Kinsley: I understand where you are coming from and I think it is the right line of questioning—that this has to be built into applications by responsible businesses by design. As I say, we did it with the filtering by turning it on, which was at the time a pretty controversial thing to do, but we thought it was the right thing to do. There is only so much that an internet access provider can do but, if you are talking about the end content applications, I think it is down to those companies—and it is often the big brands which are doing this—to do the right thing and build in the safety by design. If they stuck to the 5Rights principles, they would get there, so everybody should sign up to 5Rights; that is what we say.
Baroness Kidron: Beautifully put.
Paul Morris: There is a lot that can be done at the network level, but, equally and increasingly, we need to look at the broader value chain and continually ask those questions, because the risk to young people is subtly changing, as we have highlighted. There is probably more risk of being cyber-bullied or upset by a network that they might know or have some connection with than of potentially seeing certain content through a website. I am not saying there is not both, but that is the new reality and there might be processes that need to be put in place to deal with that.
Equally—and you can ask these companies—to be fair to them, they all do a reasonable amount, they all engage in all the bodies and other things, so I would not say they are doing nothing and ignoring this. But you are right: we should continue to look at it and understand how we can include the whole value chain because that is the only way we will get there, I think.
Baroness Kidron: The thing I would like to press you on is that a lot of sites are built on constant interaction and are promoting sharing. The bedtime function is a key thing. We hear a lot about compulsive use and kids not sleeping, which in fact was the evidence we got from teachers. One of the things that the Children’s Media Foundation raised was the Google login, where you are always on and your data is, therefore, being gathered. Are there specific issues that worry you in any of those areas, or perhaps another that I have not thought of?
Paul Morris: You are right: the challenge here is it is an always-on world that our young folks, certainly teenagers, live in and, as a parent, you go through processes where you can use control and then hopefully teach your children. I remember as a child being told how much television I should watch. The idea when I was a child that you would have so much screen time would never have happened, but that is the reality of today. The point is that there are controls there today and you can turn off the broadband connection through apps, but the challenge does come back to how we, as parents, deal with that scenario. There is only so far that technology will get you because, ultimately, you will always be able to turn these things off, which is the truth of it. If your child knows the password, for example, which they should not, they will be able to turn it off. Do you see my point? Although there is more, I think we should continue to look at how technology and the wider chain can help. Clearly, it comes back to how we ensure that we, as parents, think about these things. The increasing evidence that we see is that parents are becoming more digitally savvy, but the challenge is expanding, which is the reality of being a parent, I guess. But it is a question of dual approach here.
Adam Kinsley: The always-on culture and the amount of screen time is a fascinating area, and I have changed my mind on it—from thinking that it was a problem to recognising that screen time means all sorts of different things. Sometimes it will be educational, sometimes it will be relaxation, sometimes it will be interactive and social and it is not necessarily a bad thing, and certainly restricting it could be quite dangerous. Therefore, we come back to this idea of digital resilience over everything because trying to starve children of the oxygen of the screen, I think, is a dangerous road to go down.
I have in the back of my mind a letter I read yesterday from the parent of a child who, unfortunately, committed suicide as a result of online activity. She said that at one point, she tried to take away the phone because it was causing so much grief, which made it much worse for him. That is really quite striking and it is on top of some academic research. We have to make sure that our young people are more resilient to the risks that exist. That means not just education, but that responsibility is taken for the platforms where they are interacting and where they will come into difficulties. The ability to get an answer from the platform if they report something they do not like, and to know they have been heard—those sorts of things are critically important and would go a long way to helping a lot of young people when they do encounter difficulty.
Q69 Baroness McIntosh of Hudnall: Moving on to a slightly different area, there are the risks you have been describing of people getting into difficulties, but then there is the amount of data that is collected or is just circulating generally as a result of all this interactivity. First, what sort of data do you collect generally on your customers; secondly, when it is children, how do you mitigate the risk of data being collected inappropriately and it then being used or disseminated inappropriately, and all the associated risks of it being hacked and accessed?
Adam Kinsley: Clearly, data is the lifeblood of a large part of the internet value chain.
Baroness McIntosh of Hudnall: Precisely.
Adam Kinsley: The point I would make is that, generally speaking, most of our activity is as an access provider, so I go back to this idea of a connecting pipe to the internet. Therefore, other than some data to manage our network and make sure it is not going to break, fall over or go too slow, we are trying not to collect any personal data—we do not want it—and particularly children’s data. We are designing systems to avoid it, so our interaction where we might collect, specifically, children’s data is very limited. Clearly, with the Kids app, we were in that space, but we were very careful not to collect that personal data, other than a name so that the child can create an icon and they are not interacting with anyone else. I think it is less a question for an internet access provider than for social platforms with the vast amounts of data that they are likely to collect.
Baroness McIntosh of Hudnall: But social platforms cannot operate without you. You made the point very precisely that it is part of the value chain, and you are all part of the value chain. I suppose my pushback to you on that would be: okay, so you, as a business, are not in the business of collecting data, but you are in the business of making it possible for other people to collect data, and in what sense does that confer—or perhaps it does not—any responsibility on you?
Paul Morris: First, we are much the same as Sky and we collect enough data to, hopefully, provide you with a reasonable customer service, but not much more than that. We have been through this debate with the Investigatory Powers Bill, frankly, as it is part of the same debate. The point here is that, with encryption—and lots of quite well-known apps, such as WhatsApp, use encryption—we increasingly do not really know what is in the packet that is going across our network. Secondly—this is a debate we put forward on the Investigatory Powers Bill as well—it is important that, when you are a user of an app, a piece of technology or a platform, you know what the rules are and what is going on with that platform. It becomes increasingly difficult if, behind the scenes, a network provider such as ourselves, with data crossing the network, gets involved. In this area, of course, we do choose to be, but, as we have discussed, there is a limit to that. There is a technical limit, but equally I think there is also, in some instances, another limit, which is about people feeling as though their data has been grabbed at a point where they have not agreed to it. In this area, clearly, it is different because it is about online safety for children, but there is a principle here that, if we start moving into another area, it seeps into it.
Baroness McIntosh of Hudnall: Just on the issue of the right to be forgotten, is that technically possible, desirable and achievable?
Paul Morris: To an extent. This is European legislation, and we are going through the process of how we will introduce it, so let us not go down that route, but it will come in in May 2018. I think most people are going through the process now of thinking how that will happen and, as I understand it, the right to be forgotten is fine, but you will be allowed to continue to keep data that can help you service the customer. For example, someone would not be able to say, “I don’t want you to keep the data of my billing” and we will see how that plays out, but I think there is going to be a balance on how it will work and, of course, we will come up with systems that work. We are ISO-accredited on data, which is absolutely vital for our business. We have seen some high-profile data attacks, and we invest a lot of time to make sure that we keep people’s data safe, even fairly mundane data, so it is very important for us and is becoming increasingly important for any network to have that security around it.
Baroness McIntosh of Hudnall: Given that children are all over the internet with and without their consent, and given that who you are when you are 14 is not who you are when you are 24, is it particularly more difficult, more important or more anything, technically or morally, to get to grips with that?
Adam Kinsley: Absolutely I agree with you that it is an issue, but the point I was trying to make earlier is that, as an access provider, we will have a relationship with our subscriber who will be paying the bills, who will be an adult. Everything that goes on in that house is coming through our pipe. We are not looking into who it is or anything like that, and we are not allowed to do it even if we could, but, clearly, within that pipe is traffic which is going from individual users, some of whom may be children, who are interacting on applications at the other end which may need logins and things such as that, and we have no visibility of what that content is. In any event, all we would see, if we could, which we cannot, would be a subscriber and that that computer has interacted with that platform, so we do not hold and we could not interrogate, pull out and strip out data for children if they wished to be forgotten. That needs to happen at the application end because they will have the databases of all the photos, messages or whatever it might be. Hopefully, that distinction helps.
Baroness Kidron: I absolutely understand that you are at the easy end of the data debate because you do not look at it, but you also mentioned self-regulation and that you have a seat at the table in all these places. We hear that applications that kids regularly use, when they update, automatically turn on their GPS, so you have kids posting photographs from all over the place. You have a seat at the table and I understand that you cannot look at that or prevent that, but what is your attitude towards that sort of data problem, even if you are not technically responsible for that?
Adam Kinsley: There are a lot of issues about keeping children safe online, some of which we can do something directly about and we do, and others which are more tangential but we still care about because we are part of the value chain. We actively engage in this, and we have mentioned UKCCIS, but we are also trotting over to Brussels to sit through meetings at the European Commission because we think it is the right thing to do. A lot of the issues being discussed are not our bit of the value chain, but we are looking to engage and create a healthy environment and, to be honest with you, to push best practice from the UK into other jurisdictions, which is true in a lot of areas. This is another area where we do not have direct control, but we would want to encourage a safer place for children.
Baroness Benjamin: Young children who sex-text and send messages and images do not quite realise this, but at the NSPCC, we find that a lot of children, young boys especially, have then got a criminal record, so they cannot be forgotten. What do you do to inform those young people about sending those kinds of messages and that there is no way back?
Paul Morris: This is the educational programmes we spoke about. We try to do our best to work with organisations to try and teach young people how not to do those things. It is very difficult, and that is a good example, but you will never be able to turn off the ability to post a photograph. That is just not going to happen, so it has to be education. In a magazine this year, there was a page on it, and it is a big issue, the criminalisation, which I think they have been looking at and there has been some review of it, so clearly there is a debate to be had with law enforcement as well, and it is probably a combination of that and education. If you have a mobile, we will not be blocking people from being able to send photographs—and that is a photograph to another person, it is not on a website—so, with the best will in the world, it has to be how we help people think about their actions and not do it in the first place, and then obviously the law enforcement is separate.
Earl of Caithness: Can I follow up on Baroness McIntosh’s question, which also goes back to your answers to the fourth question? Do we have any data on your customers who should be using but are not using controls, and is there a hole out there of which we are not aware?
Adam Kinsley: The short answer is no, we have not got that data. We know that we turned on the controls for everybody on day one and then people decided if they did not want them. We have not gone to the next stage, which would be the internet police and knocking on doors, saying, “Why haven’t you got your controls on?” and we do not have the data. We have not looked at it by demographics or anything else and we have not mapped it across in any way and, whilst it would be quite interesting, I think that is probably a good thing.
Q70 Earl of Caithness: My second question is probably the most important and has been on the minds of all of us for a long time: the General Data Protection Regulation. I am sure you think about it daily. Have you made an evaluation of it and, given that it is likely to come into force before we exit from the EU, is it going to make any difference and should parts of it be incorporated into UK law when we do go?
Paul Morris: To answer your first question, we have data on the amount of people who turn on and off their content control, but not everyone is a parent, not everyone has children, so that is what you have to deal with, and we do not always know that. Frankly, I am not sure, if you were a customer, that I would say, “Are you a parent? How many children do you have?”; that becomes very difficult.
On the General Data Protection Regulation, and I want to thank the Committee for giving me the opportunity to mug up on that over the last few days, it comes in in May 2018, so we will be in the EU at that point. There are a number of proposals in it which will involve change across our businesses, because it is a change. We have already had EU legislation in place for a number of years, but this is a change. Effectively, we put together teams to ensure product by product that we comply, which we are doing at the moment. We are still thinking about our exact approach on a number of issues on Brexit, but we can clearly see that data crosses borders and data will still cross borders, so we will need to find a way to ensure that we can mirror a number of regimes around the world, including the EU way, in my view.
Adam Kinsley: I can be brief on this because we are in a similar position, in that we are currently going through our analysis. This is one of a number of directives or regulations, which have been passed or are in the process of being implemented, where we are having to think, “How do we deal with this over the next two or three years?”
Paul Morris: It will be working and in place before we leave the EU, which is the important thing.
Q71 The Chairman: The other EU one is net neutrality, which has been around the course a few times. The fear is that these new EU rules will make it illegal for you to put your filters and blockers on in the way that you do at the moment. Are you reacting already to this? Are you thinking that maybe it will never happen? Where have we got to?
Adam Kinsley: Net neutrality has happened. It came into force in April of this year, I believe, and it is a regulation, so it has direct effect. It does not really get into the detail of filtering. We have been in discussion with the Government and the regulator, who feel fairly confident that it will it not have a significant impact in this area.
The Chairman: Would it have done already if it were going to?
Adam Kinsley: It has been slightly strange, and here we get into the complexity of European legislation, but BEREC produced its final recommendations on how regulators should interpret the regulation and that was passed at the end of August, I believe, so there has been a bit of a holding pattern. Ofcom is the regulator and it is engaging at the moment with industry on how to enforce the regulation across a number of areas.
The Chairman: But your view is that it is not going to have a big impact?
Adam Kinsley: At the end of the day, the filters which we have, parents can have them on or off, and it would be a somewhat bizarre outcome if we were not able to protect children in this way. It feels like one where, hopefully, common sense will prevail.
The Chairman: Bizarre and unlikely.
Adam Kinsley: It is an interesting one. Earlier on, we were talking about the new legislation that is being passed on age verification and, in that world where there might be an expectation that an ISP blocks access to some content but without being told to do it by a court or by legislation, that feels more problematic under net neutrality, which is why I gave that as an example where legislation may be helpful.
The Chairman: The legislation we are currently looking at, though, would only cover paid-for sites that were unsuitable.
Adam Kinsley: What you are talking about is our blocking access to a website. We cannot unilaterally block it with no ability to turn that off, under the net neutrality rules.
Baroness Benjamin: Is that because you think that you would be challenged if you did?
Adam Kinsley: Yes; I think 10% of relevant turnover is the fine, which tends to focus the mind somewhat.
Baroness Benjamin: Do you think we should really be pushing for legislation where age verification is concerned?
Adam Kinsley: If there is a desire for ISPs to be blocking access to those sites, then legislation is required. It is basically down to the will of Parliament. If you want ISPs to block, I think they will struggle to do so, unless they are compelled to, and not because they do not want to but because they would probably be breaking the law.
Baroness Benjamin: When you have put this argument, what has been the answer?
Adam Kinsley: On the Bill which was only introduced recently, we have made the point and it has been quite actively debated in the Scrutiny Committee so far, so we are watching with interest.
The Chairman: We are too. We have worked you very hard indeed. If there is anything we have not covered, perhaps you could think about that and send us any further evidence that you have. For all that you did share with us, we are very grateful and thank you both very much indeed. It has been a very useful session.
