17
Joint Committee on Human Rights
Oral evidence: The Right to Privacy (Article 8) and the Digital Revolution, HC 1810
Wednesday 17 July 2019
3.15 pm
Members present: Ms Harriet Harman (Chair); Lord Brabazon of Tara; Fiona Bruce; Ms Karen Buck; Joanna Cherry; Jeremy Lefroy; Baroness Ludford; Scott Mann; Baroness Massey of Darwen; Lord Singh of Wimbledon
Questions 34–49
Witnesses
I: Dr Melanie Smallman, University College London; Lanah Kammourieh Donnelly, Public Policy Manager, Google;
II: Jonathan Westley, Chief Data Officer, Experian.
Dr Melanie Smallman and Lanah Kammourieh Donnelly.
Q34 Chair: Welcome to you both. We are very grateful to you for bringing your expertise and coming to give evidence to us today. We are the Joint Committee on Human Rights. As our name suggests, we are half Members of the House of Lords and half Members of the House of Commons, and our concern is human rights.
I know that many other committees are looking at all aspects of the digital revolution, but our particular focus for this inquiry, which we are grateful to you for coming to help us with, is the question of human rights and the digital revolution, particularly privacy—the human right to privacy and the right to personal, private and family life—and the right not to be discriminated against. Those are the two focuses that we have. Let us kick off the questioning.
Q35 Lord Brabazon of Tara: Almost every adult in the UK uses the internet for various things, from applying for jobs to paying for parking fines and renewing their driving licences. Google provides a service that everyone needs. Could you explain at a very high level the different ways in which your business uses data to provide products and services?
Lanah Kammourieh Donnelly: Thank you very much for having me today, and thank you for the question. I can break down the way Google processes data in three main ways. The first is to make a product work and make it useful to users when they are using it. If someone is using Google Maps, for example, we will process data in order to show them the fastest route home.
The second way is that we process data in an aggregated and anonymised form in order over time to make Google products better for everyone who uses them. One of our products, Google Translate, allows you to type in something in one language and get a translation in another. Over the years since we introduced it, as hundreds of millions or billions of queries have been entered into Translate, the machine-learning algorithm that powers it has progressively become better. You may recall that a few years ago, when Translate was launched, the translations provided were sometimes a little clunky, awkward or funny. It is better now, thanks to that type of data processing.
Thirdly, a subset of the data is processed in order to target advertising, in some cases, to personalise advertising to users. This is in order to provide an experience where ads are more relevant, more likely to be useful and, for advertisers, more likely to be effective. It is what allows us to provide many Google flagship products for free.
Lord Brabazon of Tara: Can I ask a supplementary question on the advertising point? It is another pet interest of mine. If you want to get a European health insurance card, they are free of charge if you go through the Department of Health. However, if you Google EHIC, it will come up first of all with a couple of paid providers that are basically ripping you off because they are charging money for something that is actually free. The free one, the Department of Health one, is probably number three or four, so an awful lot of people are going to go to the first one.
Lanah Kammourieh Donnelly: What I can say about the quality of our search results in Google is that that is an absolute top priority for the company, and a lot of effort goes into making sure that our search algorithm is as high-quality as possible. That is fundamental to our business.
The other thing that I can say is that when results that you get in Google Search is an ad, it is clearly marked as an ad. Google does not receive any benefits or compensation unless a user clicks on an ad and it is therefore relevant or useful to them. So advertisements are clearly marked as such.
Jeremy Lefroy: I just want to follow up on my colleague’s question. I use Google Translate a lot and think it is a very good service; as you say, it has improved greatly. Does Google retain both the original and the translation of whatever is input or is it immediately destroyed, deleted or whatever?
Lanah Kammourieh Donnelly: I am not familiar with the exact workings of the Translate product. What I know, and what I can tell you for sure, is that when you are logged into your Google Account you have a transparency tool that allows you to see data associated with that account for the products that you use while logged in. This is called the Google Account; it is one page and one centralised experience that allows users to see data associated with their account, to access all the settings and to exercise choice and control.
Transparency, choice and control are fundamental tenets to us. I cannot speak precisely to the workings of Google Translate, but the controls that we offer include deletion settings, and we recently rolled out a feature called auto-delete that also allows users to set an automatic rolling deletion of data associated with their account. There is huge investment within the company in user choice and control in that sense.
Jeremy Lefroy: But what if you are accessing Google Translate without using an account? That is the way I have always done it. I do not think I have an account; maybe I do, but I do not know about it. If you are inputting a speech, question or letter that may contain some confidential information, I wonder whether or not that is retained. I realise that you may not know the answer, but if you could write to the Committee to let us know, that would be helpful.
As I say, it is an excellent service, but I think people would have even more confidence in it if they knew that what they were putting in was not being retained by the company.
Lanah Kammourieh Donnelly: Absolutely. I would be very happy to write to you with a detailed answer on that product in particular. As you said, a number of our products are available to use without a Google Account and you will get the same results, the same outcomes, when you type in a search or a translation. As for the retention periods and so on, I am very happy to come back to the Committee with that information.
Baroness Ludford: Before I go on to my own question, there is something that I did not quite understand in your answer to Lord Brabazon. Is it only paid-for ads that, in his EHIC example, will display above the free Department of Health service? I had not understood that previously. I had thought it would come ahead in a search result even if it was not a paid-for ad.
Lanah Kammourieh Donnelly: There are two parts to this. First, there is the ranking of results that is done by our search algorithm. That depends on many factors in our algorithm. Obviously, the goal is always to provide the most high-quality and relevant results at the top, so part of the ranking is that. Then, part of what you see on the page will be marked as an ad, but what arrives at the top of the results that are not marked as advertising is simply a factor determined by our search algorithm, and there are many different ways to calibrate it.
Baroness Ludford: But even if it has not been paid for, it is still entirely possible that the commercial service, which you have to pay for, will come higher in the search rankings. This has been talked about for a long time. Have you put quite a lot of effort into this issue? I am sure a number of people are falling for it. This issue had a lot of publicity at one time, but it has less now, maybe because you have improved it.
Lord Brabazon of Tara: It used to be very prevalent in relation to the congestion charge, but Transport for London seems to have cured that and now its own official site is at the top. It used not to be, but it is better now. This also applies to getting a driving test and all sorts of other things.
Lanah Kammourieh Donnelly: I am not familiar with those two specific examples, but there is certainly an enormous amount of investment at all times within the company to ensure the quality of the results in the rankings. I would be happy to look into it further, if that is helpful.
Q36 Baroness Ludford: I want to ask more about advertising services. I noticed that you talked about how a subset of data is available to advertisers. Perhaps you could clarify what that subset is. As I understand it, your sharing of data allows advertisers to target people based on personal characteristics such as age, location and behaviour. How do you ensure that users’ human rights and privacy rights are not violated in that exercise?
Lanah Kammourieh Donnelly: Thank you. That is a very important question.
I want to clarify that Google uses a subset of data to serve more relevant ads. It never sells user data to advertisers or to anyone else. We share data only in a very limited set of circumstances, usually in response to legal process or law enforcement requests. After that, when Google delivers its advertising services, or when it delivers a personalised ad or serves an ad in its search results, we take a number of steps to protect user rights, in particular their right to privacy.
First, users can opt out of the personalisation of ads altogether. We make it easy to do it. There is a setting that allows you simply to opt out of personalised ads if you do not want them. For users who have agreed to ads personalisation, there are also a number of protections. In the Google Account that I described earlier—that single dashboard where you can access your transparency and control tools—you have your ad settings available. You can revoke any consent to ads personalisation; you can opt out.
You can also review the categories of interests associated with your account and change or delete some that you are not happy with. If, for example, your setting says, “We think you are interested in gardening” and you are not, you can delete that. There are a number of controls. In addition, there is a huge investment in the security of the data of our users, to the tune of $500 million every year, to protect our users from hacking and any number of threats online that are constantly evolving. Those are some of the important ways.
Baroness Ludford: You do not sell the data.
Lanah Kammourieh Donnelly: We do not.
Baroness Ludford: But you share it with the advertisers, who pay you.
Lanah Kammourieh Donnelly: We are the ones who do the advertising. We are the ones who match an advertisement with a page, showing it with a user visit, because we think it will be relevant, more effective for the advertiser and more interesting for the user.
Baroness Ludford: And you get the advertising revenue.
Lanah Kammourieh Donnelly: There are two ways in which we serve advertising. The first is on our own properties—on a page such as google.com, our search homepage. If there are ads that are marked as such on Google Search, for example, we are paid by the advertiser only if the user clicks. Google is paid only if the ad is relevant and of interest to the user.
We also serve advertising on other people’s pages—let us say, on the Guardian or Times website. This allows any number of publishers to monetise their pages and to create revenue. In that case, we keep a portion of what the advertiser pays in case of a click, but most of the money goes to the publisher.
Baroness Ludford: Does Dr Smallman want to comment on targeted ads and whether users’ rights are protected?
Dr Melanie Smallman: I have a number of concerns about privacy and transparency. There seems to be a slight mismatch between the ease attributed to opting out of these things and the user’s experience. It is worth acknowledging now that I do not study Google; I study other instances of data use. The Committee should be concerned about data use more broadly.
Understanding what data is being collected about you as a citizen or a consumer is incredibly difficult. I have spent two days of my life trying to stop Virgin Active collecting health data about me. I have failed to do that, and I am a data ethicist. This is the scale of the problem that we are dealing with; it is incredibly difficult.
On targeting advertising, it is in Google’s interest to get this right, because it is how it makes money. Part of the difficulty that we need to come to terms with is that algorithms are not simply automated; they are created by people and decisions have gone into them. When adverts are served in a sexist or racist way, somebody is, or has been, behind that. That takes us to a much broader question about how technology companies are staffed, what workforces look like and how such decisions are even turned into algorithms in the first place. Deeply tied in with the question of transparency is one of diversity, and of who is making these decisions and why it is looking like this in the first place.
What are people wanting to advertise asking for? We have all heard stories like, “I’m less likely to be served an advert for a high-paid job than my male partner who has equal qualifications to mine”. What are advertisers asking for? I do not want to defend Google—it is not my job—but some responsibility has to be with those asking for such adverts. If they say, “I want to get my job advert to the right people”, questions need to be asked, such as, “How would you decide who the right people are? Are you going to advertise equally to women and men? Is there a risk of our company looking bad as a result of this?” These questions do not seem to be asked.
Q37 Scott Mann: Ms Donnelly, you have placed yourself in an interesting place because you say that you do not share or sell data, but you hold in your archives a huge amount of information. I want an understanding of how advertisers advertise on your search engines. Is it all built on an algorithm that is then basically sold to them—“There is a demographic here of between 25 and 35 who are looking for this information”. How does that process work?
Lanah Kammourieh Donnelly: Sure. I just want to make a clarification. We share data only in very limited circumstances; for example, when there are legal proceedings or a government request, or to satisfy due process and for law enforcement purposes.
On advertising, I described earlier two main ways in which Google serves advertising. The first is on its own properties, so on a Google Search page, and the other is on other properties, other websites, that are not Google websites.
On our own properties, I want to emphasise that search ads are very lightly personalised. They are not heavily targeted. We call them contextual ads rather than properly personalised ads, because when a user enters a query—let us say, “coffee shop in Westminster”—that is a powerful signal of intent and of what they are already looking for. It does not require much personalisation barring something very basic like the broad location of the user to make sure that the result is relevant. The goal is to serve an ad that will be relevant and help advertisers to reach their intended audience, that will help them spend money on ads more effectively and efficiently, and that will interest users as well and be useful.
On other properties, let us say that the process for a newspaper is perhaps slightly more complex. We match what advertisers are looking for, the relevant audience for them, with users and with advertising space available on a page. For example, if the Guardian says, “We’ve got space available on this URL, this address”, we do that matching without sharing the users’ profiles or without selling that data at any point.
I want to add one more thing in response to what Dr Smallman said. We do not target ads, and we do not allow advertisers to target, based on sensitive categories of data such as health status, pregnancy status, political affiliation—that sort of category. We agree that it is—
Chair: What about race?
Lanah Kammourieh Donnelly: No.
Chair: Gender?
Lanah Kammourieh Donnelly: Gender is a very general demographic. However, our policies are very clear in that regard. There is some basic demographic information, such as on age and location, which advertisers can say that they want to target. However, on anything discriminatory, our policies are very clear. Our policies are also clear that we do not allow anything involving a sensitive category of information, as defined by the UK Data Protection Act.
Q38 Scott Mann: You talked earlier about transparency, user choice and user control. In an evidence session on 3 July, one of our witnesses, Dr Binns, said that he had conducted a study looking at nearly 1 million Android phone applications. That study found that most of the applications contained trackers that sent information back; 90% of the apps tested came back to Google. I know that you do not share the data, but why do you need so much information on people?
Lanah Kammourieh Donnelly: I have not examined that study in detail, but I can tell you that we are familiar with it. We had some disagreements with its methodology and findings, particularly because it characterised us tracking a number of operations that were not, in fact, used to build user profiles but were standard practice in the functioning of this ecosystem, such as crash reporting for applications and automatic updates. As far as I am aware, those were important gaps in the methodology.
More broadly, and perhaps more importantly, we have very clear policies and guidelines for developers who develop apps that will be available on Android. We require transparency towards their users and we require them to provide a standard of security to ensure that users’ data is safe and secure. A number of our policies are clear. We check apps before they are available on the Play Store, and even after then as well. If we find a violation, we take action. For example, apps can be, and have been, suspended or banned from the Play Store.
Scott Mann: It is clear to me that you have added a secondary layer, and that many other organisations collect information and then pass it on. It is probably best described as “secondary sharing”.
My question to Melanie is: how do you feel about going on to a particular website and then it sharing information not just with a second party but with third and fourth parties?
Dr Melanie Smallman: This is happening all the time. My case study with my gym ended up with all my health data going to Amazon. We have to get real.
Chair: Tell us about the case study.
Dr Melanie Smallman: This is just a personal experience. When I train in the gym and the machines gather any fitness or weight data, that data goes to an app that I never signed up to and have asked repeatedly to be unsigned from. I spent two days trying to get the bottom of where this data goes and who it can be shared with, which is not clear. It is not clear whether it is owned or stored by Amazon, but what is clear is that there are three or four steps in the chain of where my personal health data, which I have repeatedly asked not to be stored, is going. That is what happens.
We need to understand that it is like the Wild West at the moment. Everyone is saying that data is like oil: people are speculatively gathering everything that they can lay their hands on, because it will be useful one day. It is completely lacking in transparency. I have given up on the Virgin data; I barely want to engage with it because it is so horrifying. Your foot size is recorded and the shoes that you wear are looked at as you walk into shops. Everything is gathered. It is quite terrifying in terms of having any hope of privacy.
Q39 Scott Mann: Can I ask one final question, particularly of Google? Have you taken any steps to ensure that the people who use your services are aware of what they are signing up to? We know about the consent model; I think that the next question will be on consent. Have you taken any specific steps with Google to let the customers and users of your platform know what they are signing up to?
Lanah Kammourieh Donnelly: Yes, absolutely. Transparency is one of our fundamental tenets. When it comes to our privacy approach, we focus on transparency, user choice, user control and the security of user data. The transparency part is absolutely fundamental.
Over the years, we have worked very hard on our privacy policy, and about a year ago, in May 2018, we launched an updated version. There are ways to implement techniques to ensure better user comprehension. We have introduced more texture in our privacy policy. By that, I mean that we have introduced graphics and animated videos with audio, because we realised that some people are visual and some people are auditive in the way that they learn; we want to cater to different learning styles and levels of ability.
We also introduced embedded controls into the privacy policy so that when we describe a type of data collection and say, “You have control over this”, the control is right there. There are a number of ways in which we have made a big investment to make sure that our privacy policy is clear. We have been commended on it by the Center for Plain Language, Time magazine and a number of reporters.
There are other things that you can do besides a privacy policy. You can surface a notice when a user turns a feature on, for example, because it is important that they know what permission they are about to give. You can remind users to take their privacy check-up; that is another feature that we have. It takes a few minutes to run users through the most important settings that are linked to their account. You can sign up for regular reminders to take your check-up. In the EEA, for example, 5.3 million people have signed up for these reminders every six months.
Chair: Out of how many people? What percentage is that?
Lanah Kammourieh Donnelly: It is 5.3 million people out of the number of users that we have in the European Economic Area. I am not sure of the exact amount.
Chair: Presumably, that is a very tiny percentage.
Lanah Kammourieh Donnelly: That is simply for the privacy check-up reminder. I can give you a better number. In the UK, since the beginning of 2019—over the past six and a half months—more than 38 million unique users accessed their Google account, more than 5 million of whom took their privacy check-up. For us, these are quite successful numbers.
The EEA number might seem small, but it is only for the six-month subscription to the reminder. All the other numbers show that our tools are used and that users are aware of them. The Google account was visited by more than 2.5 billion unique visitors in 2018. That is a real success. It shows us that people engage with us.
Again, on transparency and user understanding, as Dr Smallman was saying, people need to know what is happening. That is fundamental; it is the subject of ongoing effort and investment. We have promotional campaigns for our privacy check-up. On Data Privacy Day in late January, for example, we ran a promotion on google.com saying, “Remember to take your privacy check-up”. We do these things regularly so that we can go out and meet users and encourage them to use these things.
Chair: Hearing you describe your commitment to transparency, choice and control, and talking about opting out, I feel that we are all users and yet I suspect that none of us has engaged with any of this or knows how to do so.
To what extent are you on a different level to the ordinary user? I must say that, on the idea of engaging with a privacy check-up, I think most people would say that they do not have time for that sort of thing. Why do we have to do it all? Why can you not do it for us? It seems that your model is based not on your users but on a theory of what might be good practice and good values. If the users are not where they are supposed to be in the sense of knowledge, understanding and agency, it is all slightly for the birds.
That is what it is sounding like. I had no idea that I could have a privacy check-up, opt out of personal ads or anything like that. I just about manage to crack on with life, so most people are probably like that.
Lanah Kammourieh Donnelly: The question that you raise is extremely important. I am absolutely in agreement with what you are getting at, which is that we need to be able to meet users where they are. There are a number of ways in which we strive to do that. We have looked at the number of people who use My Account and see it progressing year on year. We try to go and meet users, even out in the street. In a couple of countries, Norway and the Netherlands, we have had a caravan go out to meet users and show them how to use these tools.
Chair: Suppose that we do not want to meet you in your caravan because we have other things to do. We just want you to protect our data and protect us from discrimination. Why do we have to do anything at all other than receive a service that protects us and does not subject us to discrimination? I think that I want to do less after hearing you speak, rather than more.
Lanah Kammourieh Donnelly: Users absolutely should not have the burden on them. The burden is on us. That is why there is so much investment within the company. That is very important. Yes, part of the effort needs to be to ensure that users know about their controls. The effort in investing in them is real and those controls are important, simply because privacy is very personal. Not all users will want the same things, use the same products, want the same settings, be comfortable with the same things or want the same functionality when they use a Google product. Because privacy is so personal, we focus on user choice. However, I entirely agree with you that it is not all on the user. The burden should not be on the user. We do a lot as well.
Chair: It sounds to me as if you are saying that because everyone has different levels of sensitivity in relation to privacy, there is no basic standard and everyone has to choose. Would it not be better for that to have a high threshold, and if people wanted to opt in to exposure and the sharing of their data they could do so, rather than having a high level of exposure that then requires you to opt out? Why do you not do it the other way round?
Lanah Kammourieh Donnelly: There is absolutely a basic standard of protection of user data. There is constantly enormous investment in securing our users’ data. There are strong principles for all our users that I have described in and that we stand by. For example, we do not wait until you take your privacy check-up; when you turn on a feature where you need to provide consent for a specific type of data collection, we surface that right then and there in the context in which you are about to use it, to explain it better so that it can be done quickly and the choice can be made without friction for the user.
However, not everything can or should be opt-in. For example, using Gmail as a case example, there are certain kinds of data processing in Gmail that are necessary to protect users from spam or to prevent malicious mail from reaching their inbox before it even gets there. This should not be an opt-in feature for users, so it really is very dependent on context. We do a lot of work to ensure that strong protection is available to all our users. After that, yes, preferences vary. From our point of view, it is the right thing to provide user control.
Chair: Should not the benefit of the doubt be given the people who want higher protection, and then the people who do not get the exposure of their personal data that they are quite happy with are not really losing anything? Why is the system not weighted the other way around?
Lanah Kammourieh Donnelly: The system is weighted in a way that is protective of users.
Chair: Then why do we have to be opting out all the time and exercising choice? If it were all at a reasonable standard, we would not have to do that. We would not have to have messages appearing before our eyes and having to understand them, because it would be on auto-protect.
Lanah Kammourieh Donnelly: You do not constantly have to go to your user controls or to opt out. The standard that is there is one that we believe is right for users and is an appropriate and protective balance. However, it is also our duty and responsibility to users to provide them with that level of transparency and control so that we can surface the settings at the right time that we think is important. There are many ways to do that and we try to do it thoughtfully and in a way that does not simply ask for consent at one point in time but makes sure that we go back to users regularly and meet them in the moments when it matters.
Q40 Joanna Cherry: That is all very interesting, but it seems that most people do not really understand the way in which companies such as Google are using their data. They do not know what data Google has and whether it is accurate. They do not know what purposes you are using it for, who you are sharing it with—I know you have said that you are cautious about sharing it—or the consequences of that processing. That is a fact. Even many of us in this Room are still grappling with the extent to which our data is being used, and we are studying that issue at the moment for the purposes of this inquiry. In the second evidence session, we were told that the consent model is broken. Do you agree with that?
Dr Melanie Smallman: It is pretty clear to me that the balance of power is in the wrong place. A lot of these ideas were put in place when we had not fully recognised either the value of our personal data or the extent to which it was going to be collected. Fine, you can carry on as a business and function, and many businesses are in that situation at the moment, and people are not yet on the streets complaining, but the citizens who I talk to for my research are not thrilled with what is going on. They feel that it is out of control. They feel extremely unhappy and that they lack any sense of privacy. We need a proper conversation about what a fair contract is and what is a fair price to pay for your data. I would argue that being able to do a keyword search is not sufficient to hand over quite a lot of my personal data. Smart meters are another example that springs to mind where, even more than simply having your data gathered, you are denied services if you do not hand it over.
To me, this situation is like selling someone a car and refusing to let them put petrol in it unless you and your mates sit in the back seat for the rest of the time that they own it. Consumers are not being given a fair deal at the moment. By participating, they are handing over very valuable data without it being straightforward for them to say no, and in some instances it is almost impossible to say no to handing over their data. We need to take back control of that.
My only word of caution here, and the reason we need to get this right in the commercial sphere, is that last week I was talking to a group of data scientists who were working on health apps, and they are really worried that they are going to be unable to develop things that will help people get healthier because people will be withdrawing and demanding so much privacy that data, in places where we want people to be making use of it, will be denied. That is a real worry but it is not an excuse for this free-for-all and everything being captured all the time.
Joanna Cherry: How might we get the balance right? I know that when the GDPR was being considered people talked about a legitimate-interest test for the collection of data. Could you expand on what that might involve?
Dr Melanie Smallman: That is not my area of expertise; I think other people are better placed. In the first instance, it means a cultural change in thinking about business models and how things are conducted.
Joanna Cherry: Could you in fact say that members of the public—my constituents, and the constituents of other people in this Room—do not realise how valuable their data is and are giving it away in exchange for a service, and that the commercial entities that are taking the data are getting the better side of the deal?
Dr Melanie Smallman: Yes, and I do not think that it is just citizens. The NHS has not come to terms with the value of the data that it is handing over at the moment.
Q41 Joanna Cherry: You talked about looking at a fair-contract model. Is there anything else ethically that you would suggest we look at to make it fairer for the public?
Dr Melanie Smallman: The transparency issue is significant. Even now, I am coming across instances where the consent page is 20 pages into a 60-page online document and the box is already ticked so you have to find it and untick it. Even under the law as it stands, it can be made easier for people to withdraw their consent.
Joanna Cherry: Can I ask about Google specifically? Do you have teams within Google working on a fairer, more ethical way of getting your users’ consent? Are people looking at that and, perhaps, looking at alternative models in the company?
Lanah Kammourieh Donnelly: There are about 500 or more people at Google working full-time on privacy, on making sure that we treat users’ data with the appropriate care and on making sure that we are good stewards of that data. Having our users’ trust is fundamental to our business.
Joanna Cherry: Are those 500 people working on the assumption that your model will be the model going forward or are they looking at alternative models that could improve people’s privacy?
Lanah Kammourieh Donnelly: The people who make up the group are very varied. Some people are in the engineering or product teams, working on updating products that already exist and on thinking up new and innovative products. They include lawyers and public policy employees like me.
In general, on the consent model, it is important to go back to what underpins the idea of consent. For us, that is having transparency for users, making them aware of how their data is processed and making sure that they feel in control of that data at all times. Consent is one way to achieve that. Under the GDPR and the Data Protection Act, it is one available legal basis, but it is not the only way. I have described a number of other techniques that can be used so as not to put all the burden on consent and not to put all the weight on that one moment in time when somebody might ask a user for their consent. There are many other tools; the account controls that we provide are just some of them.
Joanna Cherry: When you were talking about the privacy check, you said that 3.5 million people in the EEA use it. The single market has 500 million consumers in it. Presumably, at least half of them use the internet and probably use Google too, so 3.5 million represents a very small percentage. Have I misunderstood that?
Lanah Kammourieh Donnelly: May I just clarify the numbers? To give you a number for the UK market alone, since the beginning of 2019, more than 5 million people have done the privacy check-up. In the UK alone in the same period, more than 38 million unique users accessed the Google account, which is our flagship dashboard, providing transparency and user control.
Joanna Cherry: But they will not all necessarily use the privacy checks. You have to get into the Google account to use Gmail, which a lot of people use—is that right?
Lanah Kammourieh Donnelly: Let me clarify: the Google account is an integrated experience where you can access your activity data. It is not your email inbox; it is a dashboard from which you can access data associated with your account and your settings. You can also access the check-up from there.
Joanna Cherry: Am I not right in saying that, to have a Gmail account, you must have a Google account? For all you know, those users are accessing the Google account simply to access Gmail. The fact that they are using a Google amount does not mean that they are availing themselves of the privacy settings, does it?
Lanah Kammourieh Donnelly: Some users might go in and change a setting and some users might not. Some users might just want to delete some activity.
Joanna Cherry: But you say that 30 million people in the UK use the account. That does not mean that 30 million people are using the privacy settings, does it?
Lanah Kammourieh Donnelly: It means that 38 million people in the past six months have looked at the page for their transparency information and settings. Some of them make changes and others do not.
Joanna Cherry: Can you tell us how many of those 38 million people have made changes to their privacy settings?
Lanah Kammourieh Donnelly: I do not have that figure with me but I would be happy to come back with it.
Joanna Cherry: It would be interesting for us to have that in writing. Could you follow up on it afterwards, perhaps with a letter?
Lanah Kammourieh Donnelly: Yes, absolutely.
Q42 Joanna Cherry: That would be great. Can I ask about discrimination? We have heard evidence from other panels about job adverts being targeted at particular age groups, with some major companies—I think that Facebook was one of them but I am not sure whether Google was—targeting a particular youth market, such as 25 to 35 year-olds, in their job adverts.
Of course, that would breach the Equality Act in terms of age discrimination. If an advert like that appeared in a newspaper, the regulator could take action and people could take legal action. What concerns me is, what steps is Google taking to prevent that happening? We have heard evidence from other people that this comes to light only if a whistleblower or an investigative journalist realises that it is happening. What steps do you take within Google to make sure that people are not using your platform to break age discrimination law or, indeed, sex discrimination law?
Lanah Kammourieh Donnelly: First, we are bound by all the laws in place in this country, including legislation on equality and non-discrimination. That is simply our baseline. In addition to that, we do not allow the targeting of users based on sensitive data categories. Our policies, which we review regularly, make it clear that we do not allow discrimination; when we find a violation, we take action. As for the users themselves, again, they can opt out of personalised ads altogether if they do not want the ads shown to them to be at all personalised.
Chair: Opting out of a job ad because you do not want to be discriminated against—that is, not applying for any jobs to protect yourself from discrimination—is a bit self-defeating.
Lanah Kammourieh Donnelly: Apologies. I am talking about opting out of advertisements served by Google, not a specific category of ads. If a person wants to be served ads that are not personalised according to information in their Google account, they can.
Joanna Cherry: I am worried about what we heard from an investigative journalist from the FT in a previous panel, which was that another investigative journalist had uncovered major companies—I will not name them because I am not sure who they are but they are named in the evidence—using Google to target their advertising at a particular youth market, thus discriminating against people over 35 or 40 and preventing them seeing that certain jobs were available. We have passed legislation against that in this country.
Equally, if that can be done, it is technically possible for certain jobs to be targeted only at men, as Dr Smallman said, and certain employers might not want to employ non-Caucasian people. What steps does Google take to ensure that its platform is not being abused to breach discrimination law in the way that I have just described? Is there internal policing? Do regulators come in and police your platforms externally?
Lanah Kammourieh Donnelly: We have clear policies against targeting based on such categories. When we find a violation of those policies, we take action. In addition, we have a number of protections in place. When we match an ad to a website, a number of protections are in place to limit the data shared about the specific user. I can list some of them in detail. For example, we truncate the URL—the address of the website that the user might be looking at—and we fuzzify the user’s location within a much broader area; we do not share latitude and longitude. We take a number of steps in that way to protect our users.
Joanna Cherry: If I were looking for a job and I looked at a newspaper advert that said, specifically, “We are looking only for people aged 25 to 35”, I would know that I was being discriminated against because I am over 35. How do individuals on the internet know that they are being discriminated against? There is a concern there. In fairness to you, maybe you cannot answer that question; perhaps I should direct it at Dr Smallman. Is the fact that people cannot know that in the same way as they might know from looking at a magazine or a newspaper advert a real issue?
Dr Melanie Smallman: Yes. The point is that the algorithms do not act in a discriminatory way by saying, “We’re going to exclude all women”, for example. It is much subtler than that. If you want to identify a young person, you can find somebody who likes a particular band or people who holiday in a particular place. You can advertise jobs to people who like golf. We know what these things mean. They mean something that is hidden in there. That is how all this works: through euphemisms that are not at all helpful.
That is the troubling thing: people do not know. We can think about these technologies—not just Google’s but all the digital technologies that we are interacting with—as pieces of technology or gadgets, but they are fundamentally shaping the world we live in, how we think about it and how we relate to one another. It is a bit like saying that a car is a vehicle for getting you from A to B, when in reality most cities in the 20th century were built to accommodate cars and where we live is based on where we can drive and how we get to work.
These technologies are not just important because individuals are being discriminated against; they are shaping how we think about the world and how the world will come to be in the future. It is something that we should be worried about.
Lanah Kammourieh Donnelly: May I add something on bias and discrimination? Again, I can speak only for Google’s practices. The advertising industry is vast; people’s business models and practices vary, so I can speak only for what Google does.
More generally, fighting discrimination in the development of machine learning and algorithms is important. I want to make it clear that it is an active area of research and development that is extremely close to our hearts at Google.
There are a number of initiatives that we have taken in that regard. We released AI principles less than a year ago, emphasising the need to combat discrimination. In addition to simply principles, we have identified best practices to share with the research community, such as setting goals for fairness and inclusion, testing models before and after they come to market, and testing one’s datasets for quality—because dataset input into an algorithm will frequently reflect human biases or things that already exist in society.
We have released many tools that allow others to look at how bias can affect the outcome of an algorithm and help them to check their dataset quality. We have put forward and highlighted the works of other academics. We agree that it is an extremely important area.
Chair: It seems there are two things here. One is how high your standards are, and the other how much control you have. If your standards are high, that is one thing, but if you are not in control of what is going on in the way Joanna described, do you sometimes worry that you have these 500 people and all these great principles, but actually you are presiding over a dark area of discrimination that you do not have control over?
Lanah Kammourieh Donnelly: Google can control only what Google does. However, we work hard to lead the way and set the standard.
Chair: You are a gateway and a facilitator. Therefore, you are part of the process that leads ultimately to discrimination, because it is on Google that it is happening.
Does it worry you that you might be completely ineffectual, with all your ethics and your 500 people, because, out there, something is going on that you are not doing but is being done through you? Does that worry you, or are you serene?
Lanah Kammourieh Donnelly: This is why we have strict and clear policies in place. It is why we review them and, when we find a violation, we enforce against them. This is why it is extremely important to us.
Q43 Scott Mann: Just a small question to Dr Smallman. We talked about the consent model being broken. It seems to me that the member of the public, the individual, gets access to platforms for free on the basis that their information is shared. That information is a valuable resource to different organisations. At the moment, the power for that sits with corporations rather than with the individual. How would you like to see that model change so that the individual is empowered through that process rather than having things done to them through search engines?
Dr Melanie Smallman: In the first instance, it is about simply being transparent about what is collected and making it straightforward to make a choice. Secondly, on the problem of denial of service, you cannot opt out; you do not get to use the service if you do. Perhaps that is fair when it is a free app. I have a colleague who always says to our students, “If the product is free, you are the product”. That is a good lesson, except that when the product is not free, you are often still the product. That is something else worth worrying about.
Another issue that complicates things is that it is not just commercial organisations doing the collecting. Public sector bodies also collect information about people. We do not know much about it in the UK—there has not been much research—but there has been some research in the US which shows that levels of privacy greatly depend on your income. In the US, the poorest people have the least access to privacy. To access basic support services, they need to give personal data—for example, who they have slept with in the past year and whether they have felt suicidal—to the extent that an academic in the US has described a “digital poorhouse” and said that the lowest-income households in the US are subject to a level of surveillance and lack of privacy that would be utterly intolerable to any other social class.
We do not know whether that is going on the UK, but as benefit systems become automated it is likely that low-income households will experience similar things, which I would be very concerned about.
Chair: We have just one more area of questions.
Q44 Ms Karen Buck: Lanah, how does Google know when it is dealing with a child?
Lanah Kammourieh Donnelly: When a user comes to create a Google account, we ask them to enter their age. If that age is under the applicable age of consent in their country, we ask them to get a parent or a legal guardian to provide consent and create the account on their behalf.
In the UK, we have rolled out a product called Family Link, which allows parents to create an account for their children. Once a child has a Family Link account with Google, it is a supervised account that provides parents with a lot of tools to manage what their child is doing with their Google account and on their device.
Ms Karen Buck: What age is that in the UK?
Lanah Kammourieh Donnelly: Thirteen.
Ms Karen Buck: So at 14 years old, you can set up an account on your own.
Lanah Kammourieh Donnelly: Yes, under UK law and under the GDPR as it has been implemented in the UK, the age of consent for data processing is 13.
If your child is 12 and you create a Family Link account for them, with all the supervision that comes with it, and the child turns 13, they are then able to have a Google account like an adult. However, parents can also choose to maintain some controls for children after that within Family Link.
Chair: But most people are not using a Google account when they use Google, are they? Therefore, they have never been asked whether they are a child. I use Google all the time and do not remember being asked whether I was a child. Am I just missing something here?
Lanah Kammourieh Donnelly: A lot of Google products are available without an account and you can use them while signed out. However, to create a Google account it is necessary to provide your age.
Ms Karen Buck: Do you sell to advertisers who advertise services to children?
Lanah Kammourieh Donnelly: We do not target advertising to anyone under 16 in Europe and never sell anyone’s data to advertisers.
Ms Karen Buck: So no advertising through Google is ever directed at children under 16.
Lanah Kammourieh Donnelly: There is no personalised advertising, there is no targeting, there is no personalisation of ads for children under 16 in the UK.
Ms Karen Buck: If a child uses an account that is not an account that they have set up under parental supervision, would that child’s activity on Google enable targeted children’s advertising to be directed to them?
Lanah Kammourieh Donnelly: If we find that a user is under the age of consent and does not have a Family Link account, we disable that account.
Ms Karen Buck: I am not talking about under-13s. I am talking about all children, who we would regard as being under 16—a 14 or 15 year-old, for example.
Lanah Kammourieh Donnelly: A 14 or 15 year-old who has not, with his parent, retained certain features of adult supervision under Family Link will have a regular Google account.
Ms Karen Buck: So there would be advertising directed at them as a child that a parent would not necessarily know about because it was personalised advertising?
Lanah Kammourieh Donnelly: It will include personalised advertising unless the user has opted out, which they can do at absolutely any time.
Ms Karen Buck: So the child in those circumstances would have to opt out?
Lanah Kammourieh Donnelly: Yes, like any Google user with a full Google account.
Ms Karen Buck: If there is a service in the home that is part of the internet of things that includes information being picked up about a parent or adult who has given consent, how would you separate from that any information that you picked up about a child?
Lanah Kammourieh Donnelly: I want to start by correcting a common misconception about Google Home, our flagship home device, which is that it would always be recording. That is not the case. The microphone is under the control of the user. It has to be triggered by what we call a hot word or a trigger word, so you have to say “Hey Google” or “Okay Google”. That is when we know that the query is directed at Google, and only then is any data sent to the server. We have been very thoughtful about protecting all users’ privacy on these devices.
Chair: That starts it, but what finishes it?
Lanah Kammourieh Donnelly: I am not totally sure about the technical way that it ends, but it is a general snippet the size of your sentence.
Ms Karen Buck: Is that voice recognition-activated?
Lanah Kammourieh Donnelly: Voice recognition software is available on Google Home. We have a feature called Voice Match, which is optional. Users who want to distinguish between various members of a household can set up Voice Match to distinguish between different users.
Ms Karen Buck: But they do not have to. If I had Google Home and a child in my home activated it using keywords such as “Hey Google”, unless I had set it up to do so, there would be no way for you to distinguish whether a child had activated it.
Lanah Kammourieh Donnelly: Voice Match needs to be set up so that it is able to recognise voices. When a child has a Family Link account and they set up that account through Voice Match, the device will recognise the user. Children are, for example, unable to make purchases using Google Home in that context. In general, there are other protections that we have put in place in Google Home in general because they are shared devices. We have a feature called Safe Search, which is on by default in Google Home. Whether or not you have voice recognition on, it is on by default, and it takes out any graphic or violent content when you run a Google Search.
Ms Karen Buck: That is helpful but, with respect, it is a totally different point. The point about data is what we are concerned about. It sounds to me as if you do not really have a mechanism for distinguishing between data that you might be collecting from a child and data that you might be collecting from an adult.
Lanah Kammourieh Donnelly: Again, we do, but Voice Match is a feature that carries out voice recognition.
Ms Karen Buck: But the burden it is on the family to set it up.
Lanah Kammourieh Donnelly: It is important that it be actively set up.
Ms Karen Buck: Melanie, do you feel that the systems are such that they can robustly distinguish between and then protect a child’s interest in this?
Dr Melanie Smallman: I do not know the answer to that question but we have identified a concern here. Someone on my team has been looking at these home devices and the impact on them of multiple users. She has found that one of the qualities of such devices is that they are a bit uncertain, and that you get to love them, learn about them and discover them as you interact with them and get to know their capabilities. They get updated and they have new features. As a result, they do not come with instructions or detailed explanations of what is happening when. That is part of their charm.
However, there have been some unpleasant instances where that uncertainty and lack of transparency about what is being collected and stored is leading to situations in coercive relationships where these devices are being used as a tool of abuse. My colleague has been speaking to survivors of domestic violence in various places across London and finding that the coercive partner is saying to the victim, “Whatever you do, the home device is listening to you and watching you. I will know if you’ve phoned anyone or spoken to anyone, or if anyone has come into this house”. They are using it to turn the thermostat down remotely and to lock doors.
This is not necessarily about data but about confusion over what data is being gathered. We even had an instance where a woman believed that the vacuum cleaner was gathering data about her. The lack of transparency about what data is and is not being gathered, stored and shared about you is putting vulnerable people in extremely vulnerable situations.
Baroness Massey of Darwen: Thank you. I have a few questions. We may not have time for you to answer all of them adequately, but I will ask them anyway.
Chair: Sorry, if I can cut in, we are expecting a vote in the Lords shortly, so if you could be quite succinct with your answers, that would be great.
Q45 Baroness Massey of Darwen: I will have to go and vote, so I will try to be succinct too.
I am really worried about confidentiality in respect of children. The definition of a child is up to the age of 18, not 14 or 12. How do you protect their confidentiality? Children get everywhere. They go into coffee bars and all over the place and can access instruments and applications from those places. There used to be prosecutions of people supplying machines for children, although that may have stopped now. I am worried about children going elsewhere other than the home to use these things.
Some children are very vulnerable. I do not know how you detect that; possibly you cannot. Are you working with organisations that are active in child protection on the internet? Do you have advice lines for parents? Do you offer help to parents? Parents probably do not understand the internet as well as their children do; I certainly would not. What do you think is the greatest challenge to you in dealing with risks for children?
I know that that is a lot to answer, and I am prepared to accept a response in writing, but those are issues that we have to be able to get at.
Lanah Kammourieh Donnelly: I am happy to start, and I will try to ensure that I answer all parts of your question. First, we absolutely work with child safety groups. The protection of children online is an area where it is essential to have dialogue between various industries, regulators, lawmakers and child safety groups, because they are aware of what is at stake and the nuances of this debate.
I am sorry, I am trying to remember the second part of your question.
Baroness Massey of Darwen: Was it about parental advice?
Lanah Kammourieh Donnelly: Yes. For Family Link we provide a clear disclosure to parents. We explain very clearly what they can do to ensure that their child is as safe as possible online and that they are accessing the internet in a way that their parents consider healthy.
We explain to parents that they can lock a child’s device after a certain time that they set as a bedtime. They can set an allowed amount of screen time for their child. They can review any uploads or downloads on their child’s Android device. They can check the permissions given to any app. There are any number of features like that, and we provide a clear explanation to the parents of how to do them, along with help centre articles. In addition to that, in Family Link we have a privacy notice designed especially for children that is succinct and written in simple language.
What we really need to be thoughtful about is ensuring the protection of children online while at the same time heeding some other concerns that child safety groups have flagged: enabling children’s access to information; making sure that they grow up understanding how to use the internet in a safe way while feeling empowered and safe online; and balancing all these things together, making sure that we do not block teenagers from accessing content that can be useful to them.
Baroness Massey of Darwen: What about the issue of confidentiality and children? What about children who are particularly vulnerable who will not necessarily be using all these lovely things that you have put on, nor will their parents?
Lanah Kammourieh Donnelly: Again, in order to use a Google Account when you are under a certain age, we make a Family Link account necessary. We take a lot of steps. In addition, we have a number of campaigns that we go out and bring directly to children. It is not the area that I specifically work on, but we have educational campaigns such as Be Internet Awesome, where we teach children how to be online in a healthy way. There are a number of other initiatives, which are not in my area of specialty, involving child safety experts in the company. I would be happy to come back and list them in a more complete way.
Chair: Melanie, do you have anything to add to that line of questioning?
Dr Melanie Smallman: I would just flag up that the Children’s Commissioner did a report on this last year that seemed to be pretty comprehensive in the issues that it raised.
Added to that, I have started thinking about educational data. As well as data being collected at home, it is also being collected in schools, and something that I read recently suggested that there was a lack of clarity on what is happening when young people’s essays get marked on an automated system—something that I dream of as a teacher—which means that children’s freedom to express their thoughts might perhaps come under limitations if that can be held against them in future. We need to understand that data is now gathered about children in the classroom as well as at home, which is a matter of concern.
Baroness Massey of Darwen: That is why I am worried about confidentiality.
Chair: Thank you very much indeed. We got in just ahead of the vote in the Lords, so that rounds up the session. We look forward to hearing from you with the other questions that you have agreed to come back to us on.
Examination of Witness
Jonathan Westley.
Chair: Thank you for joining us. You know what this is all about because you heard the earlier session. We will start off with Lord Singh’s question.
Q46 Lord Singh of Wimbledon: Could you explain at a very high level the different ways in which your business uses data to provide products and services?
Jonathan Westley: Experian has been on the market and operated as what we call a credit reference agency since 1974, and it came into fruition through the Consumer Credit Act 1974. We are currently regulated through the ICO and the FCA, which control exactly what we do. Essentially, we gather data from lenders that are offering credit products in the market, whether that be a mortgage, a credit card, a loan or a personal loan.
We also offer our services to telecommunications companies if they are offering to finance a device, and that type of thing. Wherever there is a credit arrangement being made, we collect data under legitimate interest, which is a principle under GDPR. We have ongoing relationships with lenders but also with consumers. We get monthly updates from the lender while the product that they have purchased is active. If they carry on taking that service, we get a monthly update to demonstrate that they have carried on paying the bill or indeed have not paid it. That is lodged on the database as a record of their payment.
Lord Singh of Wimbledon: When selling personal data to other businesses, can you ensure that you are not violating people’s rights to privacy and non-discrimination?
Jonathan Westley: As I said at the beginning, we are regulated by the FCA, so the majority of the customers that we work with are also FCA-regulated. We go through a long due diligence of each customer as we onboard them to ensure that they have a consumer credit licence and are registered under the FCA. We also do a background check on the business; we have some business information that we carry out about the companies that we look at. As we onboard new customers, or as they renew, we validate who they are and what they do.
Lord Singh of Wimbledon: What about the customer? To what extent do they know what is going on? There are all sorts of agreements that are pretty indecipherable and hard to understand.
Jonathan Westley: When you apply for a credit facility, you have to sign the agreement, which contains the privacy policy. That takes you through to what we call CRAIN, the credit reference agency notification. That talks about the type of data that is collected, the types of organisations that the data is shared with and our privacy policy.
The consumer also has the ability to look at who has accessed their credit file, which can happen on a daily basis. They can see what companies have accessed it for what purpose. They can do that online or send a request to us and we will send them a document that will give them that information.
Q47 Lord Singh of Wimbledon: To what extent can a customer express concern about anything that they see?
Jonathan Westley: We have about 13,000 queries a month coming in from consumers, so a lot of consumers look at their credit file. They will be looking for something like, “I paid off my credit balance here, but my balance is still saying that it’s active”. There is a delay in the data, just because of the mechanism that we operate in, but we have educated our consumers to explain that a balance change will take a few days to correct itself.
Other things that they will look for include a change of address. The record that they have with, say, a lender may not have been updated so it is still showing as that address on our record as well.
Lord Singh of Wimbledon: So the customer can query and correct, but meanwhile that data has been sold on to someone else and they can get an incorrect picture of things.
Jonathan Westley: The information that is there is their name and address, whether they have a credit card or a loan, that type of thing, and whether they have paid. You talk about it being incorrect; the consumer has the ability to go and correct it and raise a query with it, and we have to deal with that within a period of 28 days.
You are right: someone could say that some information is not correct one day and it is still not correct the next. There is also a mechanism for setting a particular record as private so that it does not go out; if a consumer wants to set that as private, they can do that.
Lord Singh of Wimbledon: I am particularly concerned that, if it goes to a third party when it is incorrect in the first place, they can then use it.
Jonathan Westley: We go to a lot of time and effort to make sure that the data is not incorrect. We have queries coming in that challenge that but, given the speed with which data moves and changes, there will be circumstances in which things are out of date. I have not changed the address on one of my bank accounts and I have lived in my new house for three years. I have only just realised that I had not done that, but as soon as I change that it will be up-to-date. You are right that that information could go out, but that information was not wrong—it is just wrong at a point in time.
Lord Singh of Wimbledon: But it could do damage.
Jonathan Westley: This was a change of address. There is limited damage that it can do with the data that we have.
Lord Singh of Wimbledon: What other steps do you take to ensure that you are complying with the law?
Jonathan Westley: We are constantly looking at the quality of the data and its recency, and making sure that all aspects of the law are complied with. We have a large team dealing with the queries and looking at data quality. We are also governed to look at that; we are regulated. We have an obligation not only because we want to offer the best data in the business but because we are legally bound to do that.
Q48 Baroness Ludford: Do you base your processing on legitimate interests?
Jonathan Westley: We do.
Baroness Ludford: Has the GDPR made any difference to that and, if so, what? I should say that I was involved in the GDPR in the European Parliament. As regards the UK, it was generally felt that the use of legitimate interests was too much of a catch-all and too lax.
Jonathan Westley: Introduced under GDPR in May was an obligation to evidence legitimate interest. Before, we used to collect it as legitimate interest, but I do not think that we ever had to evidence it. Now we have to prove to compliance teams, audit teams and regulators that we are collecting that data under a legitimate purpose, explain that purpose and get it authorised and signed off.
Baroness Ludford: There was a caveat that—I cannot remember the exact wording—it must not override the fundamental rights and freedoms of the data subject. How has that caveat constrained you?
Jonathan Westley: I do not think the types of data that we collect would override the freedoms that you are alluding to. The data that we collect and work with industry, banks and lenders is about a product that they have while they have it, rather than being personal data that they happen to be browsing somewhere. I do not know whether I have answered the question.
Baroness Ludford: I believe it.
Chair: I am a bit unclear. You said that customers can set data to private, but how can they get credit if they have done that?
Jonathan Westley: Typically, we do not have a very large number of consumers who have set their data to private.
Chair: If they set their data to private, they would get nothing at all.
Jonathan Westley: Parts of their data would be set to private; it would not their whole data. For example—I will use lenders’ names—if Barclays has sent some data that happens to be incorrect or out of date, the consumer can say, “Right, I want to set that line or that Barclays account to private”. It does not set the whole record to private, so they can carry on getting lending and credit on that.
Chair: Why would they set it to private if it was wrong? Why would they not just correct it?
Jonathan Westley: They can correct it. It takes 28 days to be corrected and go through a process of making sure that it is correct.
Q49 Lord Brabazon of Tara: Credit ratings can determine a number of things, but they can also affect a person’s entire standing. How can you be sure that people are not victims of biased or inaccurate data? How do people know whether the information on which their rating is based is accurate and unbiased? How do they challenge you if the information is wrong or being used unfairly?
Jonathan Westley: We make a lot of effort to ensure that bias does not creep into scores, but we are also regulated. Our scores and algorithms are checked both internally and externally. Lenders validate that as well, so we have an independent external looking at the things that we do and why the results are the way they are.
We are also trying to create explainable artificial intelligence, because you can arrive at a decision; it has gone through a black box, but how was the decision arrived at and is it the right one? We are spending a huge amount of time, effort and money trying to ensure that, even though the data has been passed through a scoring mechanism, bias is not introduced and the decision that has come out is based on fact rather than on anyone’s views.
Lord Brabazon of Tara: Thank you. I have to confess that I have had a bad experience with your company. I wanted to get a new mobile phone from Sky Mobile 15 months or so ago and was turned down because I had not passed Experian’s credit check. The reason was very hard to find out. When you come to the point of challenging the information, you find yourself going to a telephone operator many continents away whose first language is not English.
The reason was that I was apparently not on the electoral register. I checked with the local council and I was. I told your person many miles away of this, but it was apparently not possible to put it right for some considerable time. Eventually, I gave up. I would be very interested to know, by the way, whether my credit rating is okay now. Perhaps you could look into that for me.
Jonathan Westley: I would need some personal data to do that and your consent.
Lord Brabazon of Tara: I will give you my name and address.
It was very hard to get through to anybody to talk about this. It took me a long time to find out why I had been turned down.
Chair: How did you know that it was Experian?
Lord Brabazon of Tara: Sky Mobile told me. When they said that they could not let me have a phone, they told me that it was Experian.
Jonathan Westley: The issue of the electoral roll is interesting. We have to go through a lot of cleansing of data as it comes in through the electoral roll. We purchase data as well as collecting it. We purchase publicly available data. In the UK, matching individuals to data items is an interesting art. We do not necessarily choose to follow the path address, or postal address, file.
Chair: Sorry to cut in, but is not Lord Brabazon’s question about how you deal with it when there is a mistake? Obviously, you will want to apologise to him for his having had a horrible time trying to get something basic and your company caused him a problem.
Jonathan Westley: Absolutely. We hope that that is not the norm and we put a lot of effort into making sure that it is not. We are very clear on how you contact us and how you raise a query. I am glad that they found out what the problem was. The issue is how we prevent that happening in the first place.
Chair: No. How you prevent it happening in the first place is an issue, but Lord Brabazon’s question was how you deal with it once it has happened so that it is easy for the consumer to sort it out. You are just saying that he is not the norm. You are abnormal, Lord Brabazon. It is not their fault, it is yours.
Jonathan Westley: I would not say that. I would say that the data that has come in to us has been difficult to match, for whatever reason. We have matching algorithms that try to match millions of addresses.
On your point, we try to make it easy for people and consumers. They can email, telephone, or log online and raise a query. It takes a little time to work through that. We have to work with the organisations that send us the data to ensure that it is accurate. We have a number of cases where it is not, but we try to solve the issue within that 28-day period.
Lord Brabazon of Tara: The electoral roll is surely pretty straightforward. It gives your name and address.
Jonathan Westley: Yes, you would think that name and address is fairly straightforward, but we have father/son issues where they have named the son the same as the father. Thankfully, the electoral roll now has dates of birth on it, so we are able to use that
Chair: Mr Westley, I think you are saved by the bell. That is the Division Bell, which is calling the Lords to vote. We will thank you very much for your evidence and ask you to give us Lord Brabazon’s credit reference information—or at least give it to him. Thank you very much for your evidence today.
Jonathan Westley: No problem. Thank you.
Oral evidence: The Right to Privacy (Article 8) and the Digital Revolution