My Lords, the rationale for this amendment is that Clause 46, which deals with consumer compensation for damage to a device or other digital content, fails to appreciate totally the complexities of security software products. Failures and malfunctions in software can occur for a variety of reasons, often without any connection to the design or development of the product itself. Improper use of the product is one common cause, while defects in the consumer's own equipment are another. The incompatibility of different pieces of digital content used simultaneously by the consumer is a third. In all these instances, the liability of the software provider can extend only to what is effectively in the sole control of that provider; that is, to cases where the cause of the damage sustained by the consumer is unambiguously and exclusively the product of that provider.
In the area of internet security products, urgent critical fixes for serious threats may sometimes get released before companies have tested the process extensively as there is generally a greater benefit for a greater number of consumers compared with a small number who may experience minor compatibility issues or false positives. These updates are developed with reasonable skill and care and they are tested against numerous possible known configurations. However, by their very nature the updates are a process that needs to be automated, and that is done under extreme time pressure. As a general rule, the faster an update is released to consumers, the greater the number of people who are protected from a new threat.
However, the current clause might encourage suppliers to slow down, delay or discourage the release of new security solutions or urgent critical fixes, to the ultimate detriment of consumers. Against that backdrop one must add the fact that the Bill does not allow the trader to restrict his liability under any circumstances. It then becomes apparent that the security industry will be confronted with a very real disincentive. Moreover, in the digital environment it is sometimes necessary to sustain minor damages that are unavoidable to protect the consumer from greater or further harm. A few examples may be helpful to illustrate this point because it is so specific to the digital environment.
It is better to delete a malware-infected e-mail from the consumer’s webmail account and to lose the content of that one e-mail than to have the consumer’s entire computer corrupted. It is also preferable as a precaution to temporarily block the consumer’s access to a website that is suspected of distributing malware rather than
giving access and exposing the consumer to the risk of an infection. Similarly, it might be advisable in certain cases to take a service offline in order to address a security threat before making it available again to the consumer. In all these cases, the consumer or the consumer’s property may sustain damage, such as the loss of the content of an important e-mail that was deleted because of the malware that had infected it, the failure to receive a live video transmission while access to the service platform was blocked, or the inability to perform a particular online action at a precise moment because of a service outage. But in certain circumstances it has to be understood that this minor damage is a reasonable price to pay for the avoidance of much bigger harm, and Clause 46 should acknowledge that. I beg to move.