The length of the process we have gone through on this Bill is a good thing, because we have ended up with probably the most comprehensive legislation in the world. We have a regulator with more power, and more power to sanction, than anywhere else. It is important to get that right.
A lot of the regulation is principle-based. It is about the regulation of user-to-user services, whereby people share things with each other through an intermediary service. Technology will develop, but those principles will underpin a lot of it. There will be specific cases where we need to think about whether the regulatory oversight works in a metaverse environment in which we are dealing with harms created by speech that has no footprint. How do we monitor and scrutinise that?
One of the hardest challenges could be making sure that companies continue to use appropriate technology to identify and mitigate harms on their platforms. The problem we have had with the regime to date is that we have relied on self-reporting from the technology companies
on what is or is not possible. Indeed, the debate about end-to-end encryption is another example. The companies are saying that, if they share too much data, there is a danger that it will break encryption, but they will not say what data they gather or how they use it. For example, they will not say how they identify illegal use of their platform. Can they see the messages that people have sent after they have sent them? They will not publicly acknowledge it, and they will not say what data they gather and what triggers they could use to intervene, but the regulator will now have the right to see them. That principle of accountability and the power of the regulator to scrutinise are the two things that make me confident that this will work, but we may need to make amendments because of new things that we have not yet thought about.