The draft Online Safety Bill is strong enough to force tech companies to change their systems to better protect users, but auditing powers to more closely scrutinise a site’s inner workings should be added, the Information Commissioner has said.

Giving evidence to MPs and peers on the joint committee examining the Bill, Elizabeth Denham said the proposals, which include large fines and site blocks for failing to protect users, were robust enough to force companies to change.

But she warned that Ofcom, the proposed regulator for the sector, would not be able to “fine its way out of online harms” and other mechanisms were needed to change the systems and algorithms helping to spread harmful content.

“I think that the Bill that we’re talking about today, the Bill that has been tabled, has a lot of the right kinds of provisions and structure to be able to change the behaviour of the largest online platforms, search engines and so on,” she said.

“And I think what’s good about the Bill is that it contains both upstream regulatory interventions as well as enforcement interventions to deal with the worst kinds of behaviour when behaviour doesn’t change.

“Upstream interventions such as the transparency reports are really, really important. I think the risk assessments in the Bill are really important, but also, at the end of the day, when the regulator needs to effect change and deter behaviour then you’ve got robust enforcement powers and actions.

“I think we all know that we’re not going to be able to fine our way out of online harms, but it is really important to build in the kind of changes and structures and systems in companies to reflect community values.”

Asked about the Bill’s proposals to empower Ofcom to ask for information about how a platform and its systems operate, in the hope of ending the era of “self-reporting”, Ms Denham said this was a positive step but more far-reaching scrutiny through full audits could be more effective.

“I think that the information-gathering powers that are in the draft Bill for Ofcom are important but I also think that they need to be bolstered by audit powers for the regulator to be able to look under the bonnet,” she said.

“To use an example from our own experience with the Age Appropriate Design Code – and, as you know, this is world-leading code – it is starting to change the systems and the design and the behaviour of some of the world’s largest companies, not just in the UK but internationally, so we’ve seen some very good changes.

“Because we (the ICO) have the power to audit we can actually see what’s going on under the hood, under the bonnet – so I think audit powers are really important.”

When asked by the committee chairman, Damian Collins, Ms Denham said she believed the ICO’s current powers were stronger than those proposed in the Online Safety Bill.

But the Information Commissioner, who is due to leave her role at the end of October, said the push for more regulation of the tech sector through legislation such as the Online Safety Bill, and its increased public discussion, was already having a positive impact.

“I think the tide is starting to turn and the companies are under scrutiny in ways they never have been before and some of them, I think, are making significant changes – not across the board, but they are making changes, I think, not just because the laws are there, but because it’s what users expect,” she said.