(8 years, 1 month ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
Okay. I do not think you understood my question, but I will leave it there.
Q Mr Moorey, let us return to your comments about Which? being hamstrung by a lack of data sharing. Could you give a fuller explanation of that? Will you put on record the views of Which? about the public services delivery power, and the potential benefits that it might bring, particularly to the most vulnerable in society?
Pete Moorey: As I said, we are broadly supportive of the measures in the Bill. We are hamstrung from two perspectives. The first is a service delivery perspective. When we are delivering something such as our Which? elderly care website, we want to have the richest possible data available to help people make decisions. Yet on occasions when we have gone to certain local authority providers or certain care home providers, we have had an inability to gather that data and provide it in a comparable way. There is also the need to get that information in a clear and comparable format so that organisations like us can do that much better. It is something we have worked on a lot over the past few years with regard to universities. We are starting to see some of the data coming through at the kind of level that students want when they are making those choices. Clearly, having such legislation would better allow us to do that.
Q Any comments on, particularly, the public services power, and how that might affect it?
Pete Moorey: No, no specific other comments on the Bill itself.
Q I particularly direct this question at Mr Moorey, because I noticed you mentioned unsolicited calls and the problem of people receiving them despite registering with the Telephone Preference Service. I can declare that I am one of those. I am particularly concerned about the example of a constituent in a neighbouring constituency to mine, Olive Cook, who was one of Britain’s longest-serving poppy sellers, having started in 1938. She fell to her death after being plagued by nuisance callers, particularly from charities. My experience has been that there are also private companies making them. Who is it? Who makes nuisance calls? How are they being dealt with? Does the Bill go far enough to ensure that those companies are held responsible—the directors, if necessary? Should they be made more accountable? Can you tell me some more, please?
Pete Moorey: We have made a lot of progress, I think, on nuisance calls over the last three or four years. That is thanks to an awful lot of people around this table. The Government have made progress with the action plan that we have had, and then in setting up the taskforce, which Which? chaired. We have seen changes to the powers of the Information Commissioner’s Office, and it is now much better able to take action against nuisance callers, and hit them with bigger fines. Caller line identification has been introduced. However, you are right that there is still an awfully long way to go.
Nuisance calls come from a range of places, all over the place. Frequently they come from claims management companies and lead generators. Sometimes they come from reputable businesses. Sadly, too often they also come from scammers and fraudsters. The important measure in the Bill is putting the Information Commissioner’s code into statute, which I think will give it more clout. However, we agree that more could be done about director-level accountability. We recognise that many MPs support that, as do the Scottish Government. Indeed, the Information Commissioner herself, who I believe you are seeing this afternoon, has made supportive noises about it.
We would like director-level accountability to be introduced. It is important, because while in recent years the ICO has used its powers to fine companies, it has collected only four out of the 22 fines it has imposed in the past year. We are concerned that some of the more disreputable firms simply abolish themselves once they are fined—and they are phoenixing. Directors pop up elsewhere and continue the behaviour of making nuisance calls and sending texts. That behaviour needs to be stopped. We need to ensure that those directors are struck off, and that they cannot do the same thing again.
I introduced a ten-minute rule Bill on this in 2003, so it is depressing that it is still a problem.
It is according to the Government that there has been much progress.
I am sorry. I mixed you up with someone else. I withdraw my question.
Q Mr Bracken, you were responsible for launching the Government’s data programme when you were head of the Government Digital Service, so I think that some of the measures in the Bill are very much trying to build on your fantastic work when you were setting a vision for transforming the management and use of data within the Government and driving the use of data as a tool when making decisions in Government. Do you have thoughts about your work in GDS and how the Bill is now building on that work? How do you feel that the powers in the Bill will try to unlock some of the opportunities for better use of data?
Mike Bracken: Obviously, I am here as a member of the Co-op, so I am not going to give a review of my time in Government.
You were closely integrated into this approach.
Mike Bracken: Of course. The first thing is to recognise the positive sentiment in the Bill. There is much in it to admire and applaud and I believe it builds on some of the sentiment for providing better public services that certainly ran through my time in Government, pressed by various Ministers in the Cabinet Office, one of whom is sitting next to you now.
As I said earlier, I think the concern is not the sentiment and support, but in the lack of detail and the operational change that goes with that. Much of the work done previously, to date, has centred around things like single, canonical sets of data, so that there are accurate datasets about individuals, about place, about location, and that they are used within Government. That sentiment too often flies in the face of Whitehall’s demand to own its own data, or what it perceives to be its own data, in every piece of Government. That leads to the current sharing agreements around Whitehall, which are opaque at best and create friction for our members, friction for members of society and friction for business. It is harder to find accurate data, it adds an economic downside to people dealing with Government. The Bill currently seems to move away from the sentiment of sorting that problem out. It seems to reinforce the primacy of Whitehall’s willingness to share more data in ways that it has been sharing data over time. So while the sentiment of the Bill overall is positive, this area of how data are shared does not seem to be looking at the sort of open registers, those single approaches, that we started to look at in the latter part of the previous Parliament.
Q Do you agree that those areas in addition that you are looking for are essentially administrative rather than legal changes? That is to say, the Government need to move in that direction, I would argue that they are moving in the direction that you set out, but you would not put that in a Bill; you need to make it happen.
Mike Bracken: Yes. Absolutely, Minister. Too often, there was an assumption that those things would need regulatory or Bill backing. My experience was pretty much 100% that that was not the case; these are largely about administrative and operational management of data across Whitehall and across Departments. Clearly, there are some areas, security being an obvious one, where you need more legal oversight, but primarily it is not so much about a Bill.
Q Forgive me, but is that not the point? I said let us focus on the opportunities but already we have gone on to the negatives and the concerns. It is often commented that by sharing health records we could cure cancer in 10 years. If I asked my constituents if they would share their health information with a university, 99 out of 100 people would say yes. We have to be more ambitious on the communication of the opportunities as well, have we not?
Mike Bracken: The opportunities are great and we are very supportive of that, but I suspect you did not ask each individual constituent if we should share everybody’s health data. That is the point. When we ask for data sharing it is down to an individual’s point of view. The Government use bulk data too often when what is actually required is only a small amount of data by another Government Department. There are different mechanisms that can do that more safely.
Q The research power for data sharing, as presented, has been welcomed by many academics and civil society groups as a means of unlocking data for research for public benefit. Looking particularly at that data sharing with non-public bodies, do you recognise the benefits of that power? In terms of your point about communicating the value of the Bill, we have the research power and other things. Looking at vulnerable groups, such as troubled families, we have other powers that are there for public benefit. How do you feel we should express that public benefit?
Jeni Tennison: The benefits of each of the individual pieces of the Bill are different kinds of benefits to different kinds of people. I think they need to be separated out in some ways and not be muddled up together. That is one of the challenges with the Bill.
Q Can you set out what some of those might be?
Jeni Tennison: The benefits?
(8 years, 1 month ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
Q Mr Shah, what do you see as the impact of the data sharing clauses?
Hetan Shah: I completely agree with Charlie Bean that we are really in danger of being left behind compared with where other countries are on this agenda. The European statistics peer review, which happened last year, said that this was the key weakness in our statistical system. If you look at bodies like New Zealand, Finland and Canada, they all have this ability to access, so we have got to have it. We are spending £500 million on the census and you have got a lot of that data that you could be using through administrative data.
Similarly, on inflation, which is a critical economic indicator, at the moment we send out people with clipboards to take price points of 100,000 items in 140 locations around the country every month, but there is scanner data that tells you the price that people paid. This could really revolutionise. It is not statistics for statistics’ sake; it is to answer the questions that parliamentarians and policy makers have on issues about social mobility and productivity. For all these questions you are asking yourselves, we need the data. And if we are criticising the ONS about not being quick enough, we need to give them the powers to be quicker.
Q In terms of the provisions in the Bill on sharing data for research purposes, could you shed a bit more light on how that will benefit the wider research community? I was also wondering what the immediate priorities will need to be for the UK Statistics Authority as the accrediting body for the infrastructure provided by the research powers in the Bill.
Hetan Shah: The Bill creates a permissive power and it really streamlines what at the moment is quite a complex legal environment for researchers accessing Government data. This makes it much clearer that if a researcher meets a set of conditions—the research is in the public interest, the researcher is accredited and it will use the research in a safe haven, as it were, and so on—they are able to access that Government data.
We gave some case studies in our evidence of research that is obvious, such as what affects winter mortality and understanding the productivity gap. Those are questions that researchers want to investigate, but they cannot get hold of the data from Government Departments. To be fair to the Government, there is concern from their side about handing over data when the legal framework is not clear enough. I think this process will really streamline that.
One caveat is that it is slightly odd that health data are out of scope. Most of the biggest concerns that researchers have are in trying to build the relationship between survey data and, often, the health outcomes in certain areas. I understand the reasoning behind this: because of care.data there were some concerns. Health is very important. Our view is that the Bill should build in the scope for health data and then allow for future legislation to say how that will be dealt with, in particular once Fiona Caldicott, the national data guardian, has consulted on her framework, which is happening right now.
Professor Sir Charles Bean: I would endorse a lot of that. I should say that in Canada, where I spent some time talking to Statistics Canada in the course of doing my review, they have exactly this model. There are clearly defined criteria under which researchers can get access, with a sort of prescribed laboratory where they can use it. I think there is something like 30 requests a year to use information, so it is quite heavily used.
Certainly when I was talking to people here during the statistics review, the issue was raised during the consultation process by people such as the Institute for Fiscal Studies, who wanted access to the microdata to be able to study the impact of tax structure on decisions and so forth. The difficulty of getting that microdata inhibited good research. I am sure the demand is there.
Q Several witnesses have expressed various degrees of concern about issues of privacy, whether merited or not. In terms of what is taking place in Canada, have you seen any data leaks or anything that would raise concerns about what we are pursuing?
Professor Sir Charles Bean: I am certainly not aware of any leaks or anything. They are clearly very concerned about making sure that personal information is not divulged. It is very important that the information made available is not only anonymised but cannot be reverse engineered to find out who the agent concerned might be.
If you are looking at information on companies, there may well be, if you are not very careful, information that might be reverse engineered to find out that the name of the company is probably such and such. It is very important that you have good processes to make sure that the information that is provided to researchers is sufficiently anonymised but, as I say, the Canadian experience suggests that you can do that quite happily.
Q One of the biggest contributing factors for people moving house is having access to a decent broadband signal. Have you done any statistical or economic modelling of population densities and movement away from cities to rural areas? Is that a piece of work that you would be prepared to do to find out the economic benefits to rural areas as part of the USO?
Professor Sir Charles Bean: That is not really my territory.
Hetan Shah: Ditto. I am here to talk about the stats and research clauses. I do not know about the other bits, I am afraid.
(8 years ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
Q What about other aspects of the Bill? In evidence sessions earlier in the week we focused a lot on switching, the universal service obligation and the ability to cancel contracts if you are not getting a good service. My experience is that for the people who come to my surgeries, who are often the same people who go to the CAB, those elements often come into play. Have you seen any other similar elements of the Bill that would be helpful or beneficial?
Alistair Chisholm: Yes. We are big fans of changing the switching process in the mobile phone industry so that it is aligned with how banks and energy companies do it. The poor consumer will not have to do a kind of “Dear John” telephone call to the organisation they are leaving. Instead, the organisation that they are moving to has to help them through that process. I think that that will be helpful for the way the market operates.
Quite often, you get the best deal only when you ring up and have your leaving phone call. In fact, those deals should be available to everybody. If the switching is moved to the lead company, I think that will help ensure competition and more fairness across the mobile phone market. It will just be easier. It will no longer be the consumer’s responsibility to liaise between two firms; they will be helped. We are very much in favour of that.
On the universal service obligation, we know that there are more than 1 million people who cannot access broadband—particularly in rural areas. Some of our clients have to pay thousands of pounds to access services. That is very difficult, and sometimes impossible, for people, so we are very much in favour of broadband becoming the universal service that it needs to be.
Q I would like to ask Citizens Advice two questions. The first is about clauses 30 to 35, which relate to the warm home discount. There are already data-matching powers for those in receipt of a guaranteed element of pension credit, but obviously we are expanding that out to try to find anyone who is eligible. What difference will that make to your customers and what outcomes will it have? Can I possibly press you on some examples? You have been talking a lot about process, but it is important to get on the record what the outcomes of this expansion of the data-sharing power will be.
Alistair Chisholm: The warm home discount is money provided by energy companies to reduce the bills of people who are in financial difficulty or are on low incomes. When we talk to those firms about how people access those discounts, they say it is difficult for them to establish whether people are entitled to it, so people who should get the help do not get it. Sharing the data should smooth that.
Peter Tutton: Something like 10% of our clients would be within the old definition of fuel poverty: they spend more than 10% of their income on fuel. We have seen the number of people in gas and electricity arrears rise quite sharply from where it was in about 2010. The link with Government debt is interesting. The people we see with fuel debts are also likely to have things like council tax debts, and they are generally more likely to be people with disabilities. There is a group of vulnerabilities. People are struggling to make ends meet in difficult circumstances. They are on low incomes and under pressure from debts.
There are some questions about the warm home discount itself, and there was a recent consultation. Can it be extended to more companies? Can we look at the people who are eligible for it and extend the eligibility? The bits in this Bill about identifying fuel poverty could be helpful. If you think through the bit about the Government debt collection and put some principles in place to help financially vulnerable people, you start to get a policy package that drills down to the problem. We are quite supportive, if we can get back that sense of supporting vulnerable people and helping people to recover control of their finances. That is the key to all of it.
May I ask for snappier questions and concise answers? Otherwise, we will not get everyone in.
Q That leads nicely on to my second question, which is about the debt-collection power and sharing data. You stated in evidence that it
“will create improved opportunities for better treatment of people in vulnerable situations”.
Can we get some examples of how you think that will work?
Peter Tutton: Alistair said that CAB clients tend to have five debts if they come in for debt advice, and it is about the same for us. Certainly, we see people with multiple contacts and creditors. I was looking today at a client who said they get 25 calls a day about debt collection. That is an extreme case, but that sense of constant demands that you do not know what do with is common. The importance of that is that it builds stress.
About half the people we see say they have been treated by a GP or a hospital for debt-related health problems. If we can reduce that stress and simplify the approach so people get less contact from creditors, that will help. It is helpful for us as advisers if, rather than having to deal with different bits of Government, we can deal with one. It saves us money, and we can recycle that money to help more people.
Again, it all depends. If it is one big collection stick, rather than three little collection sticks, it is not going to make things better. If you make it one contact, that contact must be based on some good principles and practices. That is what will make the difference.
Q I want to move us on to talk about nuisance calls and the direct marketing code in clause 77. First, do you think the proposals go far enough? Do you think that the nuisance calls section should be strengthened? Is there a justification for having an aggravated offence for targeting elderly and/or vulnerable people? Any thoughts on any of those from any of the three of you?
Peter Tutton: That is an interesting point about targeting people who are vulnerable; it is something to explore. We are quite keen on more action on nuisance calls. We would like to see a kind of code of practice; it would be a start. At the moment, the Information Commissioner’s Office guidance is not followed. When people give their details to a trader on the internet, and they say you want a loan or they are interested in a loan, that goes out into the ether and it is traded like currency. A third of our clients tell us that they are receiving an average of 10 nuisance calls for credit and other services a week—they are bombarded all the time. These are financially vulnerable people and they are being targeted, as you say.
As for the aggravating offence, this could be strengthened; the code of practice needs to address how that happens. There are a bunch of things you could do on nuisance calls. Some of the worst things are financial services—high-cost credit and things like that—where the Financial Conduct Authority could do something. It could just ban what it calls unsolicited real-time financial promotions.
So, yes, we think anything to look at that and strengthen that up is good. Make sure that if you put your details in as a consumer, you should know where they are going, so you cannot be contacted by anyone; there should be some boundaries to that. And there is the idea of some stronger controls on how and when direct marketing can be used. Currently, you sort of have to opt into not being called; maybe it should be an opt-out. There are some things we could do to strengthen the regime up.
Q At the moment, for a customer to lodge an official complaint, they have to be able to identify the caller through a phone number or a website address. I know, because I have tried. They refuse to give that data. What enforcement steps can we introduce so these rogues and scam artists will reveal such information?
Elizabeth Denham: It is a serious problem. We have had more than 160,000 complaints in the last year from citizens about nuisance calls and nuisance texts. We have stepped up our enforcement. Some of the challenges come from the bad actors being outside our boundaries. Also, we are a member of various enforcement forums with memorandums of understanding that allow us to co-regulate and jointly investigate and enforce; but it is a difficult challenge and there are many tools that we need in our toolbox. I do not know whether my colleague has anything to add to that.
Steve Wood: The other area we have been interested in is to make sure that for all calls that are made for marketing purposes the line identification must be displayed, although as the commissioner says, when the operators are coming from abroad that poses additional challenges in terms of enforcing, and looking at the identity of those individuals.
Q I have three questions. First, the commissioner’s submission mentions the benefits of justified, proportionate data sharing and how it could improve the delivery of public services for the public and improve policy decision making within Government. Will you expand on that point with reference to the Bill? Which data-sharing powers would be particularly useful when it comes to future policy making and helping vulnerable customers?
Steve Wood: We can see the benefits of data sharing across a wide range of areas including some mentioned in the Bill, such as fuel poverty. We recognise the public interest in those areas. Our interest in the public interest definitions of different areas where better data can join up Government is to ensure that data sharing is always proportionate.
As a regulator under the Freedom of Information Act 2000, we understand the concept of public interest because we are constantly balancing that in a number of different areas. It is about ensuring that the data are minimised to the extent that those proper public interest objectives can be delivered.
We very much recognise the range of benefits of joining up digital public services. That range of areas in the Bill includes: public services; fraud, error and debt; and research and statistics. Those are well-recognised areas. Our concern is to ensure that the personal data used in those situations meet the requirements of the Data Protection Act 1998.
Q This has been touched on already; we have heard a lot about technology solutions—having a wide variety of open data—being the answer to the Government’s problems. Do you agree that, when it comes to the mechanism by which the data sharing takes place, it is essential to have legislation in place? That is a really important point, on which I would like to hear the commissioner’s personal views.
Elizabeth Denham: Are you are asking whether the data-sharing provisions in part 5 of the Bill are necessary to authorise data sharing for these kinds of purposes?
Yes.
Elizabeth Denham: I am not convinced that it is a legal requirement. The Data Protection Act contains provisions for data sharing. I think that the intention of the Bill is to clarify for practitioners, and to facilitate and give comfort about the sharing of information to support good public interest purposes. I see this Bill, in terms of data-sharing provisions, sitting alongside the Data Protection Act and giving some clarity. The codes of practice certainly need to give clarity. But right now there is a recipe for confusion because they are not aligned with one another and they do not have regard to the hierarchy that the data-sharing code, under the Data Protection Act, would assist.
Q I have a final question. We have touched, in previous evidence hearings, on the nature of consent and individual knowledge about data sharing. What are the challenges with using consent-based data-sharing models? Do you accept that there is a necessity for data sharing to be used for the benefit of particular vulnerable groups in society without the need for consent?
Elizabeth Denham: The provision in part 5—the kind of data sharing that is envisioned—is not a consent regime. In many cases, citizens do not have a choice. There is one provider and the data need to be shared for good public interest purposes. Consent is not a silver bullet.
If, as is the case here, you are not using consent as a basis for sharing information, the other obligations rise. The need for transparency, safeguards, parliamentary scrutiny and independent oversight are even more important when you are not relying on consent. Those other obligations need to be strengthened.
Q Apologies for my brief absence from the Committee. Ms Denham, do you believe that the proposals in part 5 comply with the EU’s general data protection regulation?
Elizabeth Denham: There may be some challenges between the provisions and the GDPR. Obviously the GDPR will come into effect in 2018 unless we leave Europe before that date. There are some new controls for individuals that are built into the GDPR. There would be a need to carefully review the provisions of this Bill against the GDPR to ensure that individuals could have the right to be forgotten, for example, so that they could ask for the deletion of certain types of data, as long as that was not integral to a service. That is one example.
Steve Wood: To build on those points, the GDPR will strengthen the rights of individuals, particularly in the area of transparency that the commissioner has mentioned already. Article 12 talks about the importance of clear and accessible information to individuals. This Bill will need to operate alongside the GDPR’s enhanced and strong requirements to make sure that the key concepts in that legislation are upheld. The other key concepts we take from European data protection more generally are the those of necessity and proportionality, which is where there will be some important areas to measure the intention of the Bill against the GDPR.
(8 years ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
(8 years ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
(8 years ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
(8 years ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
Of course. Thank you very much, Mr Streeter.
Our amendments would ensure that the codes of practice, which have been vastly improved over the past week, are statutory. It is important that the principles and safeguards outlined so far are included and are statutory. That is what I have been alluding to so far in my speech. It seems pointless for civil servants to have put all this work into the codes for them merely to be regarded, rather than statutorily complied with. The codes must be improved further, and we hope that Ministers and officials will work with the industry and organisations to do just that, but we want to see them referenced properly in the legislation and properly complied with. Anything less means that the powers enabled in the clause dwarf any safeguards or checks included in the codes.
Amendment 99, in my name and that of my hon. Friend the Member for Cardiff West, would help to build trust in the Government’s data-sharing provisions—trust that has been rocked over a number of years. That trust is absolutely essential if this extension of the Government’s data-sharing powers is to be effective. It is worth noting again that the draft regulations allow a significant extension of data-sharing powers with a significant number of Departments. That extension is rightly set within defined and strict criteria, but some of the definitions contained within those criteria are at best vague.
Subsection (8) of clause 29 allows for the sharing of data if it is of defined “benefit” to the individual or households. Subsection (9) allows for the sharing of data if it
“has as its purpose the improvement of the well-being of individuals or households.”
While the extension is ostensibly for tightly defined reasons, those reasons are in fact so broad that they could refer to anything at all.
We again come back to the point about public trust. The public want to know why their data are being shared and that it is strictly necessary. Amendment 99 would help build that trust by ensuring that, under clauses 29, 30 and 31,
“the sharing of information authorised by the regulations is minimised to what is strictly necessary…the conduct authorised by the regulations to achieve the “specified objective” is proportionate…”
and that
“a Privacy Impact Assessment…has taken place”.
The amendment would require the Minister to establish a review that consults the Information Commissioner and the public on the effectiveness of the measures. The amendment would require the Minister, after a three-year period, to review the operation of these provisions to decide whether they should be amended or repealed.
A similar measure is included in the Bill in the provisions relating to data sharing for the purposes of the collection of public debt, so it is puzzling that it is not included in this part, too, as these provisions are so much broader and just as risky, if not riskier. Individuals are right to be anxious about their sensitive data being shared. The amendment would allow for the public to be reassured that their data are being handled within the strictest confines.
Amendment 96 would give individuals a right to access and correct their own data. Empowering citizens to have access to and control over their own personal data and how they are used would clearly help improve data quality. Citizens could see, correct and maintain their own records. Data need to work for people and society. Citizens need to be actively engaged in how their data are secured, accessed and used. Again, that needs to be put on the face of the Bill.
Part 5 does not make clear how proposals to data share comply with the Government policy of citizens’ data being under their own control, as set out in paragraph 3 of the UK Government’s technology code of practice. Indeed, the proposals appear to weaken citizens’ control over their personal data in order for public bodies and other organisations to share their data. Weakening controls on the protection of their data is likely to undermine trust in the Government and make citizens less willing to share their data, challenging the move towards digital government and eroding the data insights needed to better inform policy making and related statistical analysis. That type of organisation-centred, rather than citizen-centred, approach characterised the failure of the top-down imposition of care.data in the NHS. That is why we tabled these amendments.
It is an honour to serve under your chairmanship, Mr Streeter, and to be standing here making my Committee debut. The hon. Member for Sheffield, Heeley is obviously new to the business as well, and I hope to follow her example. She has been gracious and proportionate in holding the Government to account. I hope we can have a full and frank exchange—hopefully, a rapid one—as we move through part 5.
The Government share information every day. Like every organisation, we rely on information to deliver the support and services that everybody relies on. These proposals will not do anything radical. They are simple measures designed to provide legal clarity in uncontroversial areas. The hon. Lady said that the Bill’s objectives are too broad, but I am afraid I disagree. We have made available draft regulations that set out three clear objectives, which are constrained and meet the criteria. I believe it is possible to strike a balance between the regulations and the evidence to set out specific objectives on identifying individuals and households that have multiple disadvantages, improving fuel poverty schemes and helping citizens retune their televisions when the broadcasting frequency is changed in a couple of years’ time.
The hon. Lady mentioned some specific examples. I want to turn to the fuel poverty schemes. When we look at those several years down the line, I genuinely believe that we will be proud to have sat here and legislated in a Committee that introduced data-sharing measures that enable, for instance, a significant number of vulnerable people to benefit from the warm home discount scheme. At the moment, about 15% of warm home discount scheme recipients are classed as fuel poor, according to the Government’s definition. By utilising Government-held data on property characteristics to benefit the recipients, we estimate that that figure could be at least tripled. That could mean that an additional 750,000 fuel poor households receive a £140 rebate off their electricity bill each year.
We know that some vulnerable households miss out on the warm home discount because they need to apply and they either do not know the scheme exists or, for one reason or another, are unable to complete an application. Our proposed changes could result in the majority of the 2.1 million recipients receiving the rebate automatically. It will come straight off their energy bills without the need to apply. That is simply an extension of the data-sharing measures that already exist in the Pensions Act 2014 for pension credit. It is evolution, not revolution.
That example clearly sets out how we will require data to be shared among Government organisations and for there to be a flag to suppliers of eligible customers. In that instance, we will require the suppliers to use data only to support customers. Each objective will require a business case setting out the purpose and participants, which will be approved by Ministers and subject to parliamentary scrutiny.
I note that we are debating clause 29 stand part as well as the amendments, so after talking generally about part 5, let me move on to the clause. I believe that these powers do not erode citizens’ privacy rights. They will operate within the existing data protection framework. The new powers explicitly provide that information cannot be disclosed if it contravenes the Data Protection Act 1998 or part 1 of the Regulation of Investigatory Powers Act 2000. Further, they are carefully constrained to allow information to be shared only for specified purposes and in accordance with the 1998 Act’s privacy principles.
The new codes of practice, which the hon. Lady mentioned—I have been assured that they are on the parliamentary website—have been developed to provide guidance to officials in sharing information under the new powers in respect to public service delivery, fraud and debt, civil registration, research and statistics. The codes are consistent with the Information Commissioner’s data sharing code of practice. Transparency and fairness are at the heart of the guidance. Privacy impact assessments will need to be published, and privacy notices issued, to ensure that citizens’ data are held transparently. I was delighted that the Information Commissioner wrote to the Committee on 19 October saying:
“Transparency is key to building people’s trust and confidence in the government’s use of their data. I am pleased to see that further safeguards such as references in some of the codes to the mandatory implementation and publication of privacy impact assessments (PIAs), and reference to my privacy notices code of practice, have been highlighted in the Bill’s codes of practice.”
I will come to the second point later. On the Information Commissioner’s desire to include privacy impact assessments, it is clear to me from her letter that she is now content with the situation as it stands:
“I am content that the codes all now reference and better align with the guidance on sharing personal data set out in our statutory code and include effective safeguards to protect people’s information.”
The Information Commissioner was referring to the codes being improved since she gave evidence to the Committee. Later in that letter, which I think the Minister has in his hand, she goes on to say that she stands by the other evidence, both the oral evidence that she gave the Committee and her written evidence, which included her view that privacy impact notices should be in the Bill.
The Information Commissioner also mentions that, on privacy impact assessments and with reference to her privacy notices code of practice:
“This will build in transparency at two levels:—”
in the current situation—
“greater accountability through the publication of PIAs and timely and clear information for individuals so they can understand what is going to happen to their data.”
The Government remain committed to working with the Information Commissioner’s Office. When it came to the evidence sessions, I was aware of the fact that we had a long process discussion around the codes of practice and when their publication dates were due. It was very important for me, as a Minister, to ensure that we had the confidence of the ICO going forward and that we could publish those draft codes. We will continue those conversations.
When looking at putting the codes or privacy impact assessments in the Bill, it comes back to the key point of being able to continue that conversation when it comes to a transformational technology that we may not even know exists at the moment and that may radically change our ability to look at how we data share. At the moment we are looking at specified portals through which we will data share for the benefit of the most vulnerable in society, but there may be a new technology that allows the Government to expand our scope. If that new technology comes into being and we write the codes and privacy impact assessments into the Bill, we will have the chilling effect of ossifying the practice; it will impact on our ability to adapt and to be able to look at new technology, to move fast and to realise the opportunities that we may have to data share for the benefit of the most vulnerable in society.
I completely agree that we should not tie ourselves down in the Bill, particularly to technology. It came through loud and clear from the evidence sessions that part 5 seems to tie us to a very outdated approach to data sharing. It does not talk about data access; we heard that an awful lot in the evidence sessions. The Bill goes against the Minister’s own guidance on that. We should look not at bulk sharing, which takes us back to when we had filing cabinets or were sending across spreadsheets and databases on USB sticks, but at using application programming interfaces and canonical datasets, on which the Cabinet Office is leading the way. I would appreciate it if the Minister commented on that.
The hon. Lady highlights the argument I am trying to make, which is that the data-sharing measures in the Bill are proportionate, constrained and there to ensure that we can bring public confidence with us, which she mentioned. That is why we have highlighted specific portals through which we will be able to share Government information across Departments. In future, there will be secondary legislation powers to review and expand that, but there will be a whole process for which we need scrutiny.
That is why the Bill is so important: by highlighting how we can help those most in need and how, when it comes to data and consent, some people are in circumstances, by virtue of being in deprived communities or particularly vulnerable, of not knowing that they can benefit from their data being shared. It is the Government’s responsibility to act in this particular area to ensure that data are shared for the benefit of the most vulnerable. That is why the Bill is designed as it is. We have the secondary regulations in place, limited as they are at the moment, going through impact assessments and everything that we need to ensure that we have a proportionate response to sharing data.
I fully appreciate what the hon. Lady said but I hope that she will accept that the Government have pulled out all the stops to ensure that we can take public confidence with us. That is why, for instance, under clause 33, new criminal sanctions have been developed to protect information shared under the new powers in respect of public service delivery, fraud, debt and research, so those convicted of offences could face a maximum penalty of up to two years imprisonment for illegal data sharing, a heavy fine or both.
No statutory restrictions that currently exist on sharing of data, such as in the Adoption and Children Act 2002, will be affected by these data measures. When it comes to audits, which the hon. Lady mentioned, data-sharing agreements entered into under the power will set out a governance structure of how audits will take place. This structure will oversee the arrangement and what participating bodies are required to do under data sharing. The Information Commissioner’s Office also has a general power to conduct audits, including compulsory audits of Departments and organisations to check that they are complying with the law in relation to the handling of personal information. All bodies are required to comply with the ICO’s request for assistance so that it can determine whether data have been processed lawfully in data-sharing arrangements. The ICO can pursue criminal proceedings where necessary.
Will the Minister confirm that every Department that undergoes a data-sharing arrangement will complete a full audit of all data-sharing arrangements in that Department? Will that be available under the Freedom of Information Act?
On the individual point of audit, I will have to write to the hon. Lady. I will further consider her amendments and speak about them when we discuss three-year reviews. I want to ensure that bodies sharing information under the public service delivery power, for instance, strictly observe and follow codes of practice. Although I welcome the intention of the amendments, I think they are unnecessary. The Bill sets out the key conditions for disclosing and using information, including what can be shared by whom and for what purposes. We followed the common approach taken by the Government to set out details of how data are shared in the code of practice.
I want to return to the hon. Lady’s question of whether we use “have regard to” or “comply with”. The wording, “have regard to” already follows common practice in legislation, as illustrated in section 25 of the Immigration Act 2016 and section 77 of the Children and Families Act 2014. As the power covers a range of public authorities and devolved territories we want the flexibility that I mentioned about how the powers are to be operated, so that we can learn what works and adapt the code as necessary. To put it into the Bill, as I mentioned, would hamper that ability to adapt for future purposes. If bodies fail to adhere to the code, the Minister will make regulations that remove their ability to share information under that power, as is indicated, indeed, in part 11 of the code of practice, which states:
“Government departments will expect public authorities wishing to participate in a data sharing arrangement to agree to adhere to the code before data is shared. Failure to have regard to the Code may result in your public authority or organisation being removed from the relevant regulations and losing the ability to disclose, receive and use information under the powers”.
Amendment 106 requires the Minister to run a public consultation for a minimum of 12 weeks before issuing or reissuing a code of practice. The code of practice is essentially a technical document that sets out procedures and best practice with guidance produced by the ICO and Her Majesty’s Government. Clause 35 requires the Minister to consult the Information Commissioner and other persons, as the Minister thinks appropriate. I think that that strikes a good balance. Indeed, as I mentioned, we have been working closely with the ICO to ensure that there is confidence in the codes and the Information Commissioner states:
“I am pleased to report that significant progress has been made since my evidence session and I am content that my main concerns about the codes have now been addressed”.
I think it is very important to put that on record.
I welcome the Minister to his place. He comes across, to me, as rather bullish now, despite the damning evidence we heard over a very condensed couple of days. Does he think that he has cracked it now, that these codes of practice are all fit for purpose and that we should be sufficiently reassured?
The codes of practice remain in draft form and obviously we are in Committee having a discussion around the nature of what is in the codes of practice. We had criticisms last week of, “Where are the codes of practice?” We were still in the process of a conversation about the codes of practice with the Information Commissioner’s Office to ensure that the Information Commissioner was content. If she is content with the codes of practice as they currently stand, I am not one to go against the ICO. I am not saying that that is a form of complacency, although maybe the hon. Gentleman is, but I trust the ICO’s decision and am confident in its ability to deliver on the codes as they currently stand.
I thank the Minister for that mildly reassuring answer that the codes of practice are a work in progress. We welcome that, but in the spirit of helping improve them, I hope that he will consider some of the feedback from Big Brother Watch, which I thought gave the Committee excellent advice. Although Big Brother Watch recognises that the draft codes published by the UK Statistics Authority on research and statistics are detailed and comprehensive, it says that the draft codes published by the Cabinet Office and the Home Office are the polar opposite, offering very little detail or clarity.
The codes are quite extensive in terms of being able to provide the material information that is there. They have gone through an extensive process. Although we had evidence from certain critical witnesses drawn by Opposition Members, there was also significant support for data-sharing measures and the ability to have flexibility through the codes.
As for considering how to go forward, the codes are now published—the hon. Gentleman can read them for himself—and the ICO is now content with the codes. That is a great position from which the Government intend to move forward. In terms of whether the codes are comprehensive, it is set out that the Government have a duty to consult the ICO and territorial Ministers. That is important, and we are following a process and a journey over which the Bill has been developed for a number of years. We are content that we are on track.
I welcome the intention of amendment 99 that only the minimum and necessary information is shared under the power to achieve the objective. The principles are set out in the Data Protection Act 1998. The public service delivery power will need to operate in compliance with the 1998 Act. The principle of data minimisation is also strongly embedded in the code of practice, to which specified persons who use the power must have regard.
In addition, the public service delivery power is intended to act as a more conventional gateway to allow public authorities to share information without the need for central oversight by Whitehall. It is important to reflect on that. Rather than having the dead hand of Whitehall overlooking a measure that should allow for local flexibility and local freedom, we expect a large number of local authorities to use the power to deliver their troubled families programmes. A central monitoring power could impose significant resourcing burdens, which we felt were unnecessary given the intended positive outcomes for citizens. On that basis, we feel that the amendment is unnecessary.
Amendment 95 intends to modify the definition of “personal information”. The definition in the Bill is consistent with section 39 of the Statistics and Registration Service Act 2007, which relates to the confidentiality of personal information. It has been drafted with that consistency in mind. The amendment proposes a definition that includes a vague group of persons. We believe it unsuitable because of its vagueness, and it risks causing confusion.
Amendment 96 requires that data subjects be allowed to request and correct as necessary personal information relating to them that is disclosed under the public service delivery powers. The amendment is unnecessary because the data subject already has those rights under the Data Protection Act 1998. In addition, the impact of such an amendment on public authorities would be significant. An assessment would need to be made of how many requests could be made to public authorities, and of the resulting resourcing requirements in terms of staff and any supporting technical infrastructure. Work would also need to be carried out to ensure that we can verify the identity of individuals requesting access to data and assess the risk of corrections and modifications to data held being made for the purposes of committing fraud.
I understand the intention of the amendments, and I hope that the hon. Member for Sheffield, Heeley will understand that the Government believe that progress has been made, as well as provision for ensuring that the sharing of data is proportionate. The regard for individuals’ privacy is central to the Bill and is set out in the code of practice, and the Government have put in place measures to work with the ICO and other civil society groups on that. I urge her to withdraw the amendment.
To respond to the hon. Gentleman on his specific point, we will update the lists of bodies able to share information of the public service delivery power, and the PSD power allows for new objectives to be added by regulations if they meet the conditions specified in primary legislation. So the issue of the pupil premium, which he mentioned, may be one of the many worthy purposes for which new objectives could be created.
I would like also to draw the hon. Gentleman’s attention to the disclosure of information in the draft regulations, which I hope will reassure him. Paragraphs 21 and 22 of schedule 1 to the Bill refer to the organisations that will be sharing data, or that will be permitted to do so once they have applied to do so, including the county councils of England, the district councils in England and even the council of the Isles of Scilly. We recognise that there is that local government fracture that he mentioned and we hope that when it comes to data-sharing measures we will be able to heal that.
It was disappointing not to hear the Minister mention the General Data Protection Regulation and explain why this legislation has not been written in compliance with it, or my points about non-public sector authorities. I hope that he can return to those issues later in his remarks.
On the point about the Information Commissioner, in her evidence she supported statutory codes of practice. She also recommended that Parliament should review all aspects of data-sharing, and not just the clauses relating to fraud, after an appropriate time, which is what informed our amendment.
As our amendment says, we would also like the codes to make it clear that good cyber-security practice should not be about data sharing and that it should be about leaving the data with their original owner. I hope that the Minister will return to those issues when he comments on later stages of the Bill.
With that in mind, I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Clause 29 ordered to stand part of the Bill.
Clause 30
Disclosure of information to gas and electricity suppliers
I beg to move Government amendment 108, in clause 30, page 29, line 21, at end insert “, or
() the making of grants (by any person) under section 15 of the Social Security Act 1990 in accordance with regulations under that section made by the Scottish Ministers or the Welsh Ministers.”
This amendment enables information to be disclosed by a specified person to a licensed gas or electricity supplier for the purposes of a scheme in Scotland or Wales for the payments of grants to improve energy efficiency under section 15 of the Social Security Act 1990.
This clause enables the person specified in regulations to disclose information to gas and electricity suppliers. The disclosure must be for the purpose of reducing energy costs, or improving energy efficiency or the health or financial wellbeing of those living in fuel poverty, and it must be disclosed for use in connection with one of the fuel poverty support schemes listed in the clause.
The schemes referenced are the warm home discount scheme and the energy company obligation. Although the territorial extent of both these schemes is GB-wide, fuel poverty itself is a devolved matter. Officials in the devolved Administrations, including Labour-run Wales, have asked for Scottish and Welsh fuel poverty schemes to be included in the provisions of the clause. That is because there are grant schemes that fall under section 15 of the Social Security Act 1990 that address fuel poverty in Scotland and Wales. Those schemes would also benefit from the ability to share information between public authorities, and with gas and electricity suppliers, for the provision of assistance to fuel-poor households. The schemes are Nest and Arbed in Wales, and Scotland’s home energy efficiency programme. They help to reduce energy costs, or to improve energy efficiency or the health and financial wellbeing of people living in fuel poverty. The same safeguards will be in place as for all data disclosed under the clause—that is, data can only be disclosed by persons specified in regulations and for the specific purposes identified in the clause. All persons involved in a data-share must have regard to the code of practice.
The inclusion of these grant schemes will strengthen the ability to deliver better targeted, cost-effective fuel poverty schemes in Wales and Scotland.
Amendment 108 agreed to.
Question proposed, That the clause stand part of the Bill.
May I welcome the Minister to his position? It was remiss of me not to do so earlier; he is the model of a patient Minister and very polite with it, too.
As with clause 29, we very much support the objective behind the proposals in clause 30—to identify the individuals most in need of warm home funding and any other grant or benefit that will alleviate fuel poverty. As we heard from Citizens Advice, energy firms have found it difficult to establish whether people are entitled to funding, so people who should get the help do not get it. Sharing the data should smooth that process. We know that fuel poverty is a significant contributor to debt. StepChange said that about 10% of its clients would be within the old definition of fuel poverty—they spend more than 10% of their income on fuel—and it has seen the number of people in gas and electricity arrears rise sharply from where things were in 2010.
However, there are concerns about disclosing personal data to gas and electricity suppliers, again with no detail on what personal information might be disclosed or how. There is none of the legal or technical detail essential to ensure data security, the ethical use of data and the necessary trust framework essential to protect the rights, privacy and security of citizens. The same problems plague the rest of part 5, not least that the general data protection regulation explicitly bans the use of data to monitor the behaviour of people in a way that could be seen as profiling, so we would appreciate the Minister’s comments on that point.
As we have seen, the warm home discount can work well, but it must be set within strict safeguards. The initial legislation was introduced to allow data sharing to be carried out, and we know that the Department of Energy and Climate Change was extremely careful with the idea, and concerned about public perceptions about trust and private sector companies’ use of data. There was a great deal of anxiety about the public view when the proposal was put as a theoretical proposition. The public are not convinced about the sharing of data with private companies—let alone between Departments—and particularly with private providers such as energy companies who have a potential commercial stake in the data.
That is why the warm home scheme currently works through data from the DWP and energy suppliers going to a third party, which crunches the data to identify the matches. The energy suppliers are then sent onward a list of their eligible customers and the data are deleted from the third party’s computers. The data are not held on any computers; that provides an appropriate safeguard for all individuals concerned. That is critical to alleviating concerns about the sharing of personal information.
At present, therefore, companies with no public accountability learn nothing of any commercial value to their activities, which is a crucial point. The sharing of data cannot be done if there is a company with a potential conflict of interest. However, clause 30 allows for the disclosure of information to gas and electricity suppliers to help people living in fuel poverty and within other tightly defined criteria. Although the clause is clear that data may be used only for the purposes intended, unease will remain about why, in this instance, the Government have allowed personal information to be shared with electricity suppliers rather than with a third-party trusted provider.
There will be a serious concern that electricity and gas suppliers are being passed information whose content could present a potential conflict of interest. Nobody is suggesting that the electricity or gas suppliers would do anything in breach of their obligations, but the risk is certainly there. That was the basis behind the creation of a third-party supplier in relation to the warm home scheme.
We therefore welcome the creation of an offence for passing on any of this information and we welcome the maximum sentence of two years. It provides a clear steer from Government on the sensitivity of the data, yet clearly we would prefer that the disclosure would not happen directly at all.
Clause 31 will enable specified public authorities to share information with gas and electricity suppliers or other persons specified in regulations. The disclosure must be for the purpose of reducing energy costs, or improving energy efficiency or the health or financial well-being of people living in fuel poverty, and it must be disclosed for use in connection with an energy supplier obligation scheme. The energy supplier obligation schemes referenced are the warm home discount scheme and the energy company obligation.
The warm home discount scheme provides a £140 energy bill rebate to certain vulnerable households during the winter months, helping those households to heat their homes. Some pensioner households already receive the rebate automatically, but that is possible only if the Government are able to inform the energy supplier, through a data match, which of their customers should receive it. It is important to recognise that that is not a new process. Rebates have been provided automatically to pensioner households in that way since 2011, and the process is considered to be working well. Not only has it helped to ensure that those entitled to support receive it, but it has significantly lower administrative costs—evidence suggests automatic payments cost under £1 per customer to deliver, compared to costs of up to £30 per customer for the non-automated method.
The hon. Member for Sheffield, Heeley mentioned the issue of trust and whether energy suppliers can be trusted with those data. She asked for an assurance from the Government on the continuity of the current scheme and whether similar security measures would be put in place. I can give her that reassurance. The sharing arrangements with third parties will remain exactly the same. Under current data-sharing arrangements for the warm home discount, suppliers are given a simple “yes”, “no” or “unknown” answer as to whether their customers were in receipt of state pension credit and so eligible for the core group rebate under the scheme. We would simply look to expand those disaggregated data. If wider data-sharing arrangements are put in place for fuel poverty schemes, we would expect only Government data to be shared with suppliers under those arrangements, which would have a similar yes or no answer as to whether the customer was eligible for support. The existing warm home discount core group of pensioners already receive automatic support through data sharing. It is a popular scheme and serves as proof that this model works and is safe.
The warm home discount scheme and the energy company obligation represent around £1 billion of investment per year. Although substantial, that is still a finite resource that needs to be targeted as effectively as possible on those who need it most. The data sharing enabled by this clause will significantly strengthen the ability to deliver better targeted, cost-effective fuel poverty support to households who need it the most.
Question put and agreed to.
Clause 30 accordingly ordered to stand part of the Bill.
Clause 31 ordered to stand part of the Bill.
Clause 32
Further provisions about disclosures under section 29, 30 or 31
I beg to move amendment 109, in clause 32, page 30, line 18, at end insert—
“(ba) for the prevention or detection of crime or the prevention of anti-social behaviour,”
This amendment and amendment 112 create a further exception to the bar on using information disclosed under Chapter 1 of Part 5 of the Bill for a purpose other than that for which it was disclosed. The amendments allow use for the prevention or detection of crime or the prevention of anti-social behaviour.
With this it will be convenient to discuss Government amendments 110 to 117, 120 to 128, 131 to 139 and 154 to 158.
These Government amendments concern sanctions for unlawful disclosure and the disclosure and use of data to prevent and detect crime or prevent antisocial behaviour. A person receiving personal information under the public service delivery, debt, fraud and research powers cannot disclose that personal information unless it is for one of the exceptional reasons listed in the Bill, such as preventing loss of life or for national security. Technical amendments will ensure that it is clear that the list of exceptional reasons includes the prevention or detection of crime, or the prevention of antisocial behaviour.
The Bill provides that any person who contravenes the prohibition on further disclosure is guilty of an offence, which carries a penalty of imprisonment, a fine, or both. The introduction of criminal sanctions shows how seriously we take our responsibility to protect personal information, and we consider that it represents a key safeguard to accompany the new powers. It is imperative that individuals handling personal information under the powers take great care in handling that information.
We do not think that mistakes when handling personal data are acceptable, but we do not want to criminalise honest mistakes. The current drafting is slightly overzealous, so amendments 117, 128, 139 and 158 ensure that criminal liability arises only where there has been intent to disclose information. In circumstances involving disclosures made in error, we consider that other sanctions would be more appropriate, such as those set out in the Data Protection Act 1998 or internal disciplinary action.
The remaining amendments are minor technical amendments to ensure that information received under the powers can be shared to assist legal proceedings or criminal investigations outside the United Kingdom where necessary, while maintaining consistency across our clauses and aligning with other similar provisions in other legislation.
These Government amendments are technical and seem absolutely fine, apart from the provision to prevent antisocial behaviour. It is not clear to me why the disclosure would be necessary for the purposes of antisocial behaviour as defined under Anti-social Behaviour, Crime and Policing Act 2014. Can the Minister provide a clearer explanation of why any data that are ostensibly there to be shared for the purposes of alleviating fuel poverty and managing public sector debts would be used to prevent antisocial behaviour? Does that point to the concern I expressed earlier about the provisions leading to a broader scope for the use of information?
The exemption has been included to ensure that if information received under the powers points to possible antisocial behaviour, it can be shared. That is intended to avoid any risk that by failing to refer explicitly to antisocial behaviour we cause ambiguity about whether certain information on antisocial behaviour can be shared. That ambiguity would have a chilling effect on multi-agency responses to antisocial behaviour, thereby undermining one of the key purposes of the 2014 Act.
Can the Minister give an example of how data relating to fuel poverty shared between a Government agency and a gas and electricity company could possibly relate to antisocial behaviour?
We are talking about public service delivery powers, which do not just cover the warm home discount, attractive though that is. I know that all members of the Committee will be grateful, when this legislation goes through, to go back to their constituents and talk about being on this Bill Committee and how they delivered savings for millions of pensioners, but there are other key aspects of the Bill in relation to the troubled families programme and those living in communities blighted by antisocial behaviour. Data sharing around those programmes could create data matches that point to antisocial behaviour taking place or flag that up. We have a public duty to ensure that we have that power so that we can protect those vulnerable people whose lives are blighted in communities affected by particular types of antisocial behaviour.
Amendment 109 agreed to.
Amendments made: 110, in clause 32, page 30, line 19, leave out
“(whether or not in the United Kingdom)”.
This amendment removes the provision stating that a criminal investigation for the purposes of clause 32(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to a criminal investigation covers an investigation overseas in any event.
Amendment 111, in clause 32, page 30, line 21, leave out
“and whether or not in the United Kingdom”.
This amendment removes the provision stating that legal proceedings for the purposes of clause 32(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to legal proceedings covers proceedings overseas in any event.
Amendment 112, in clause 32, page 30, line 28, at end insert—
“( ) In subsection (2)(ba) “anti-social behaviour” has the same meaning as in Part 1 of the Anti-social Behaviour, Crime and Policing Act 2014 (see section 2 of that Act).”—(Chris Skidmore.)
See the explanatory statement for amendment 109.
Clause 32, as amended, ordered to stand part of the Bill.
Clause 33
Confidentiality of personal information
I beg to move amendment 101, in clause 33, page 31, line 19, leave out “or permitted”.
Amendment 101 looks at tightening the restrictions around the onward disclosure of personal information in clause 33. Its effect would be to restrict the onward disclosure by public authorities to only those purposes required by existing legislation, rather than those permitted by existing legislation. Amendments 102, 103 and 104 would restrict the ability of public authorities to onwardly disclose personal information under this power for matters of great importance to all of us. The Government believe the amendments would have the effect of restricting our ability to share information for matters such as saving lives, investigating criminal activities and safeguarding vulnerable adults and children, unless it can be determined “necessary”.
Unfortunately, amendment 101 would considerably reduce the scope of public authorities to share data under that power. We are looking to provide legal clarity. Many existing legislative gateways for information sharing by public authorities tend to be permissive, rather than mandatory. Given that the purpose of the power is to provide legal clarity around data sharing to better target public services, the Government believe the amendment would, at best, introduce a degree of uncertainty as to whether a proposed data share is legal and, at worst, place a bar on existing permissive information sharing gateways for a range of important purposes.
Amendments 102, 103 and 104 could, in practice, inhibit public authorities from disclosing information, or delay them from disclosing it until they were content it was “necessary” to do so. The consequence of the amendments would therefore be to create an uncertainty where we are trying to provide legal clarity.
I welcome the intention behind the amendments—to ensure that personal information is disclosed—yet we believe they would create uncertainty. Furthermore, they are unnecessary as the powers are to be used in a way that is consistent with the DPA, and tough penalties under the new criminal offence will help ensure public officials handle the information lawfully. I invite the hon. Lady to withdraw the amendment.
I beg to move amendment 118, in clause 35, page 32, line 30, at end insert—
“( ) The code of practice must be consistent with the code of practice issued under section 52B (data-sharing code) of the Data Protection Act 1998 (as altered or replaced from time to time).”
This amendment requires a code of practice issued under clause 35 by the relevant Minister and relating to the disclosure of information under clause 29, 30 or 31 to be consistent with the data-sharing code of practice issued by the Information Commissioner under the Data Protection Act 1998.
With this it will be convenient to discuss Government amendments 119, 129, 140, 161 and 188.
These are minor and technical amendments to clauses on the code of practice and statements of principles that will be issued under part 5 of the Bill. The amendments will require that the code of practice be consistent with the data sharing code of practice issued by the Information Commissioner under the Data Protection Act 1998, ensuring greater clarity for practitioners and increased transparency for citizens about the relationship between the provisions in the Bill and the DPA. The amendments have been tabled with our conversations with the ICO in mind; we have the Information Commissioner’s confidence that the codes are right. I commend the amendments to the Committee.
Amendment 118 agreed to.
I beg to move amendment 106, in clause 35, page 32, line 42, at end insert—
“(ea) the public for a minimum of 12 weeks, and the relevant Minister, must demonstrate that responses have been given conscientious consideration, and”.
The amendment relates simply to the fact that the Opposition would like a full public consultation on the draft codes of practice. A much better version has been put before the Committee, and I understand that it is now on the parliamentary website, but we would like a proper consultation period, not just a consultation with whomever the Government see fit to consult.
Amendment 106 would introduce a requirement for the Minister to publicly consult for a minimum of 12 weeks before issuing or reissuing the code of practice under clause 35.
Many details of the code of practice are drawn from the ICO data sharing code of practice. Others were drawn from two years of open policy making with civil society and other groups. We have just discussed a Government amendment intended to ensure that our codes will be consistent with the ICO’s data sharing code of practice. On that basis, we see no need for a compulsory public consultation before issuing the code, and even less need to make it a requirement in respect of any reissue. Some future changes to the code may be minor. We do not see a need to run a public consultation in those instances—indeed, to do so would be disproportionate in a great number of such cases.
Clause 35 requires that the Minister consult the Information Commissioner and other persons as the Minister thinks appropriate. Those other persons will include civil society groups and experts from the data and technology areas. We will run a full public consultation when a significant revision is expected, such as before the EU data protection regulation comes into effect, which I believe will be in May 2018. The clause as drafted provides the flexibility required. On that basis, the amendment is unnecessary and I invite the hon. Lady to withdraw it.
I am pleased to hear that the Government intend to consult on major revisions, and I hope that the draft codes, although much improved, will improve further in Committee, particularly in the areas outlined earlier relating to non-public authorities. As the Government have not listened to many of the recommendations made in their own consultation earlier this year, perhaps it is a futile amendment. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Question proposed, That the clause stand part of the Bill.
I sense that the Government Whip is trying to catch my eye.
Ordered, That the debate be now adjourned.—(Graham Stuart.)
(8 years ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
It has been a couple of days since we last met, but my hon. Friend the Member for Sheffield, Heeley made a very important point in her speech regarding where we should look for best practice. The UK is one of the Digital 5, and she brought up Estonia as a country that, when we consider big data, we should reflect on. In dealing with the Bill, we are casting our eye around to see how we can manage big data, personal information, between public bodies. She made the valid point that a fundamental question seems to run throughout the Bill and the clause: does the individual own the information or does the state own it? Because the Government have taken the view, unlike what happens in Estonia, that the state owns the information, we have a series of such clauses. We are primarily trying to find a way to balance the rights of the individual, while the state retains ownership of the information in any form, but, particularly as we move forward, in digital form; that is what I am concerned about.
Let me explain what is done in Estonia and why the Bill in years to come will probably need to be usurped by a new Bill. Estonia has transferred the ownership of data from the state to the individual. When the individual owns the data, there is no need for these complex fudges to try to find a way in which people’s privacy and the integrity of data can be respected, while ownership remains with an umbrella organisation.
The criticism that I make to the Government, and my hon. Friend’s point, is that a fundamental rethink or reset will have to occur at some point because of what is missing from the Bill and the clause. It talks about public bodies, but the Government do not address in this or any other clause the fact that private corporations hold enormous amounts of personal data on people and the ownership of that lies with them, not with the individual. That is why the point that she made was so pertinent. The ownership of data should lie with the individual. As a country, as a nation, we should be looking to transfer that ownership. That is why we cannot address what happens in the private sector. Absent from the Bill are any clauses or even subsections tackling data and information in the private sector. It is solely about the public sector and trying to square off those conundrums and contradictions.
The Government have missed an opportunity to empower people and to be on the side of the individual, the ordinary person, who feels disempowered by all this. They are on the side of big government and, by absence, of big corporations, which in my view is a fundamentally flawed position. That question was asked in Estonia, and it is why it reversed the answer: ownership should lie with the individual.
I can see the Parliamentary Secretary, Cabinet Office, chatting to the Minister for Digital and Culture, and he will probably provide an answer that talks about a destination, saying that if someone gets on a bus, they only get off at the end destination. We all know that when someone gets on a bus, there are many stops before the destination on the front of the bus. They do not have to go all the way. I presume the Minister will explain why the clause is correct from the Government’s point of view and why my argument is flawed. He will say, “If you are going to empower the individual with data, you would need a national identification card system, as in Estonia. The empowerment of the individual must correlate with a national ID card scheme.”
The Minister will make that argument, but that is like getting on a bus and only being able to get off at the final destination, with a national ID card scheme. No one is saying that. There are many bus stops we can get off at before the end. The issue is not binary, with the place we get on the bus and the place we get off. The destination is not necessarily ID cards. The principle that these are the individuals’ own data should be at the heart of the Bill, and the clause does not represent that. The absence of any mention of the private sector is alarming.
Moving on, I want to touch briefly on another aspect that is missing from the Bill and should be considered. This is the Digital Economy Bill, but it is all about the public sector. There is an absence of any reference to the private sector per se. This part of the Bill deals with the digital economy and the provision of public services. Returning to the Estonia example and empowering the individual, people in Estonia can set up a business or company in three or four minutes online. Where is the pro-business element of the Bill? It is certainly not this clause, which relates to data and information in relation to the state and public bodies. Why can individuals here not set up businesses in four minutes? Why is it not a pro-business Bill? Why does it not talk about business? Nothing in the Bill talks about being pro-business.
The clause is simply about public bodies holding big data, and in that respect, it lives in the past, not the future. I urge the Government to think about the fundamental principles and to not make the argument that the amendments would lead to an ID card system, although Estonia does have ID cards. I would have ID cards tomorrow—it is well known across the patch that I would not be on the list of soggy, wet liberals—but that does not mean that the principle that the individual owns data would lead to ID cards. It does not. I ask the Minister, with all due respect, not to suggest that I am making that argument, because I am not.
The Bill is not pro-business and is fundamentally flawed. The clause is simply about trying to manage all the conflicts and contradictions from yesterday’s age. It does not deal with the future. The Government have fallen short. I emphasise the word “economy” in the Bill’s title—it is not about public services, but the economy. I put that word up in bright lights. Where does the Bill talk about the economy? We are talking about public bodies and public authorities.
That was an impressive Second Reading speech. I am here to speak to amendment 97 and 107.
Not necessarily; that has not been called yet. The amendments have been tabled in the name of the hon. Member for Sheffield, Heeley. She finished her speech on Tuesday, and I put on record my thanks for her impressive scrutiny of the Bill, which she has done almost single-handedly. I note that she made a weighty speech about Concentrix yesterday, so I do not know how she finds the time to sleep. I am sure that it will be noted in the Lords that we have gone through a full process of scrutiny in Committee.
The Government will ensure that citizens can access future Government digital services effectively and securely, while removing the current reliance on paper certificates. That will provide more flexibility and modernise how services are delivered.
Amendment 97 would require registration officials and public authorities requesting information to specify reasons for requiring disclosure. In considering a request to share information under those powers, a registration official would first need to be satisfied that the recipient requires the information to enable them to exercise one or more of their functions.
In her speech on Tuesday, the hon. Lady raised some issues about the Data Protection Act 1998 and said that the Government should set out clearly that it is being honoured, particularly for registration. The hon. Member for Hyndburn talked about fundamental principles, and I can confirm that the Bill’s fundamental principle is its compliance with the Data Protection Act. Data should not be disclosed if to do so would be incompatible with that Act, the Human Rights Act 1998 or part 1 of the Regulation of Investigatory Powers Act 2000.
The Data Protection Act is Magna Carta of the data world, and we want to ensure that all parts of the Bill comply with it. When disclosing information, only minimal information will be provided, in accordance with the requirements of the data recipient.
I am grateful to the Minister for his kind and polite words. If that is the case, why does the Bill contain the words “clear and compelling”, rather than “necessary and proportionate”, which is the term associated with the Data Protection Act?
I have taken legal advice about that issue, which the hon. Lady raised in her previous speech, and I have been told that those words do not in any way, shape or form challenge or change the interpretation of and compliance with the Data Protection Act. We will be happy to look again at the wording and reflect on it if that gives her confidence that we are absolutely committed to ensuring that the Data Protection Act runs through the core of the Bill. Registration officials are required to be aware of the reasons for the request, so the intention behind the amendment is already achieved by the clause.
Amendment 97 seeks to prevent the onward disclosure of information by the data recipient to any other public or private body beyond the specified public authorities listed in proposed new section 19AB(1) of the Registration Service Act 1953. Disclosures under the power will be restricted to the specified public authorities listed in proposed new section 19AB(1). In addition, personal data will be shared only in accordance with the power and in adherence to the Data Protection Act, by which the recipients will also be bound. As an additional safeguard, under the code of practice, data-sharing agreements can place restrictions on onward disclosures of data, which will be adopted where appropriate.
Amendment 107 would retain the requirement for a civil registration official to be satisfied that the information was required by a recipient to fulfil one of more of their functions before disclosing data. It seeks to add a requirement that an individual must have given valid consent under data protection legislation before any disclosure of their personal data. The data protection legislation referred to is believed to be the Data Protection Act, to which these clauses are already subject. They already state that personal data must be processed fairly. In practice, it will sometimes be necessary to share information in the public interest, where it is impractical or inappropriate to seek or rely on the consent of the individual concerned, but that is already permitted under the Data Protection Act, which we are determined to ensure remains in force.
In the hon. Lady’s speech on Tuesday, she talked about the uses of bulk data and asked me to give examples of where the powers will be used and where they are already used. The powers will allow registration officials to disclose birth data to other local authorities. Currently, a registrar is unable to notify another local authority if a birth takes place in their district but the child’s parents reside in another. Being able to disclose data across district boundaries will assist healthcare, school and wider local authority planning. Being able to share bulk information will ensure that children are known to the local authorities in which they reside and that action can be taken to address any needs of the child or parent.
Another example relates to blue badge fraud. It is estimated that about 2.1% of blue badge fraud relates to use of a blue badge following the death of the individual to whom it belonged. The new powers will allow data to be shared with the local authorities to help reduce that fraud.
The Minister gives an important example—blue badge fraud—in which data are accessed rather than shared. The local authority will have an access point into Department for Work and Pensions data to determine whether someone is disabled, but there is absolutely no need for bulk data sharing across local authorities. That is the kind of example that we should follow in the rest of the public sector.
The hon. Lady mentions legal portals through which data can be shared. The key point is that although we have specific examples of data being accessed or shared, every new data-sharing arrangement has to be established within a very specified remit. A great example of a data-sharing arrangement for registrars that is already happening is the Tell Us Once service, in which birth and death registration information is shared across local and central Government. That system has been developed by Government, is envied by the private sector and clearly demonstrates the benefit of sharing civil registration information for both citizens and Government, but the problem is that it is very limited.
We cannot move forward by having endless tiny data-sharing agreements; we need to be able to create a wider platform. For instance, to share death data, individual local authorities have to forge individual relationships. We need to ensure that that is far broader, so that local authorities and Departments can work together to help to prevent unwarranted and unwanted mail from being sent to the family of a deceased person, which can often cause a great deal of distress.
This is evolution, not revolution. We are following the Data Protection Act 1998 and the codes of practice, which the Committee will discuss, will be reviewed every year. We can now share data effectively on a bulk level but without using personal details apart from for the benefit of those it will serve: children, local authorities, planning numbers. This is absolutely the right thing to be doing.
Disclosure will take place without consent only where that is consistent with Data Protection Act rules on fair disclosure. At all times, data can be shared only with specified public authorities as defined in section 19AB of the Registration Service Act 1953. The code of practice makes it very clear that if there are any data breaches or any of those authorities do not follow the code—we will discuss the code when we consider debt measures—they can be removed from that list. With that explanation, I hope the hon. Member for Sheffield, Heeley will agree that the necessary measures are already included in the clause and will withdraw her amendment.
My hon. Friend the Member for Hyndburn made important points about the absence from the Bill of clauses dealing with the private sector. In the evidence session, we heard from the chief executive of a tech start-up in Canary Wharf who made it very clear that nothing in the Bill would help his business or others operating in the digital economy. We will certainly return to that theme. I draw my hon. Friend’s attention to new clause 31, which the Committee will consider on Tuesday morning and which will require a review of data ownership across the public and private sectors.
I am grateful that the Minister has confirmed that the Government will consider a rewording of “clear and compelling”, because I think it could lead to some confusion regarding the compliance of part 5 with the Data Protection Act. It is great to hear him praise the Tell Us Once scheme, which was set up by the shadow Secretary of State for Culture, Media and Sport, my hon. Friend the Member for West Bromwich East (Mr Watson)—I will pass on the Minister’s congratulations to him.
The Minister referred to a platform; will he confirm whether he is referring to a central database of citizens’ civil registration information? That is a key concern. I am also glad to hear that sharing information without consent will take place only in explicitly defined circumstances, but I am still not clear why chapter 2 of part 5 will not—as our amendment 97 would—require civil registration officials to disclose why they are sharing information, as all the other chapters in part 5 require data-sharing arrangements or specified persons to do. If the Minister can explain that to me in an intervention, I will happily withdraw the amendment.
I used the word “platform” as part of a process argument about being able to look at data in the round, rather than to suggest that there would be any centralised data collection. That is certainly not the case. For public confidence, measures in the codes of practice set out clearly that when it comes to the data-sharing measures, once data have been used for the required purpose, they are then destroyed. They are not kept on any register for any historical purpose.
Turning to the hon. Lady’s second point—
Minister, this is an intervention. I call Louise Haigh—you may intervene again, Minister.
My question stands: why is there not a requirement in this chapter of this part for the reasons for disclosure, as there is in all the other chapters? I would be grateful if the Minister intervened regarding that point.
The registration codes of practice clearly set out that the purposes will need to be defined and that a business case will need to be made. None of that can take place until we ensure that there is a specified public function defined on the face of legislation, particularly when it comes to the code of practice that registrars will have to follow and which will be reviewed yearly. I believe that measures are in place to ensure that any data-sharing is done through a due process that is incredibly tight, restrictive and respectful of the use of individuals’ data.
The clause amends the Registration Service Act 1953 to introduce new flexible data-sharing powers that allow registration officials to share data from birth, death, marriage and civil partnership records with public authorities for the purpose of fulfilling their functions. That will provide more flexibility and modernise how Government services are delivered.
Being able to share registration data will bring many benefits, for example, in combating housing tenancy fraud. The National Fraud Authority estimates that housing tenancy fraud—for example, a tenant dies and someone else continues to live in the property when they have no right to—costs local authorities around £845 million each year. Being able to provide death data to local authorities will assist in reducing that kind of fraud. The sharing of data will provide benefits for the public in a number of different ways, including the removal of barriers when accessing Government services. It will pave the way for citizens to access Government services more conveniently, efficiently and securely, for example by removing the current reliance on paper certificates to access services.
Data will continue to be protected in accordance with data protection principles, and a number of safeguards will be put in place. Registration officials will be able to share data with only specified public authorities, as defined in new section 19AB—which also includes a power for the Minister to make regulations to add, modify or remove a reference to a public body, thereby providing reassurance that the data will only be disclosed in a targeted way to the Departments listed. As set out in paragraph 58 of the code of practice, the Registrar General has a responsibility to review the code annually, which will involve the national panel for registration. As an additional safeguard, such regulations will be made under the affirmative procedure, requiring the approval of both Houses.
All data sharing will be underpinned by a statutory code of practice, as set out in section 19AC. As I have said, when revising the code the Registrar General will have an obligation to consult the Minister, the Information Commissioner and other relevant parties. The code of practice will act as a safeguard by explaining how discretionary data-sharing powers should be used. The code will require data-sharing agreements to be drawn up, which will includes safeguards on things such as how data will be used and stored and for how long they are to be retained, and forbidding data to be cross-linked in any way.
Question put and agreed to.
Clause 38, as amended, accordingly ordered to stand part of the Bill.
Clause 39
Consequential provision
Question proposed, That the clause stand part of the Bill.
Several questions relating to the clause remain unanswered because we were cantering through on Tuesday afternoon. Will the Minister confirm, and give examples of, what the powers in this part of the Bill will exclude? Will he give some guidance on how officials are meant to determine where the line is for what is and is not included? Will there be more guidance issued for non-public sector authorities that will come under the legislation? Will he assure us that the codes, in their next iteration, will provide further guidance on how officials should deal with conflicts of interest when sharing data, how they should identify any unintended risks from disclosing data to organisations, and how sponsoring public authorities should assess whether their systems and procedures are appropriate for the secure handling of data? I would also be grateful if the Minister confirmed what lessons have been learned from the recent National Audit Office report that found more than 9,000 data incidents in the past year alone, and how the Government are improving their data processes to address those issues.
Will the Minister assure us that nothing in the Bill will undermine patient confidentiality? I am aware that the British Medical Association has written to him but has not had a response. The BMA is unclear about whether the scope of the Bill includes the disclosure of personal health and social care information, which would significantly weaken existing protections for confidential data. Will the well established rules that already protect such confidential information continue to apply, and will he assure us that these powers will not override common law in this vital area?
Finally, on a significant area that has not yet been addressed, do the Government intend to implement the EU’s general data protection regulation? If they do, why is the Bill not compliant with it?
On the European directive, which is to be introduced in May 2018, the codes will be revised and will reflect that. That is why the flexibility we have from the codes not being written into the Bill is so important—so that we can deal with instances in which there will be change in the future. They will be updated to reflect that change in May 2018.
Civil registration officers—public servants who want to share data for the benefit of the public—are not trying to do anything that would compromise those whom they serve. In the code of practice, paragraph 47 states that privacy impact assessments will be put in place to ensure that there will be compliance with data protection obligations and that they meet individual expectations of privacy. All Departments entering into data-sharing arrangements under the powers must comply with privacy impact assessments and publish the findings. We want to ensure transparency so that members of the public understand why it is necessary for those data to be shared.
An application to share data is not simply a permissive path by which new data-sharing arrangements can be established without going through due process and regard. In the fairness and transparency section of the data code of practice, there are many questions that must be addressed in order to establish the data-sharing arrangements. They are clearly laid out.
The Minister says that civil registration officials will be required to publish their findings. What exactly will they be required to publish, under either the code or the measures in the clause?
Paragraphs 47 and 49 of the civil registration data-sharing code of practice clearly state:
“All government departments entering into data sharing arrangements under these powers must conduct a Privacy Impact Assessment and to publish its findings. The Information Commissioner’s Conducting Privacy Impact Assessments code of practice provides guidance on a range of issues in respect of these assessments, including the benefits of conducting privacy impact assessments and practical guidance on the process required to carry one out…Registration officials entering into new data sharing arrangements should refer to the following guidance issued by the Information Commissioner on Privacy Impact Assessments which includes screening questions…to determine whether a Privacy Impact Assessment is required.”
On health care data, the Government are considering Dame Fiona Caldicott’s recommendations. The consultation closed on 7 September, and I confirm that the Bill’s powers will not be used in relation to health and care data before we have completed that process.
The Bill explicitly says that health and social care information should be excluded, but there are concerns that it is drafted so widely that it could be used for that, and I think that the Minister has just confirmed it. He is saying that it is wide enough that should the Government decide on the basis of Dame Fiona’s review that they want to share health and social care information, the Bill will enable it. Is that the case?
The Government will respond to the National Data Guardian’s review. It will not have an impact on the Bill at this stage. The Department of Health recently concluded a public consultation and is considering how to implement her recommendations. As it will take time to make the changes and demonstrate that the public have confidence in them, it would be inappropriate for the Government to seek new information sharing powers in respect of health and care data at this time. I note that we will come to health and care data when we debate a later group of amendments on research, and I hope to provide more information when we do.
Question put and agreed to.
Clause 39 accordingly ordered to stand part of the Bill.
Clause 40
Disclosure of information to reduce debt owed to the public sector
I beg to move amendment 190, in clause 40, page 39, line 21, leave out “have regard, in particular, to” and insert “must comply with”.
I thank the hon. Lady for her speech, and I appreciate the caution with which she approaches the subject. We have been determined that our definition of data sharing should be in the ICO’s code of practice, and we have adopted that definition in our own draft code. We will comply with ICO’s best practice, which of course means keeping careful records of all data-sharing agreements. We already keep registers of data sharing by Department, and they are FOI-able. We need to take public confidence with us. We will not allow data to be shared with a public authority that does not have appropriate systems in place.
To reassure those whom the hon. Lady seeks to assure that their data can be shared without any compromise to individual security, I will take a journey through the data sharing code of practice. When we come to establish some of the fraud elements, it will be an incremental process. Debt and fraud data-sharing pilots will be set up, and the UK Government are establishing a review group to oversee UK-wide and England-only data sharing under the fraud and debt powers. The review will be responsible for collating the evidence that will inform the Minister’s review of the operations powers as required under the Bill after three years. Devolved Administrations will establish their own Government structure for the oversight of data-sharing arrangements within their respective devolved territories.
Following that, a request to initiate a pilot under the debt and fraud powers must be sent to the appropriate review groups in the territory, accompanied by a business case. The business case must detail its operational period, the nature of the fraud and debt recovery being addressed, the purpose of the data share and how its effectiveness will be measured. Absolutely rock-solid requirements need to be put in place. For instance, the public service delivery debt and fraud powers require a number of documents to be produced as part of the case for a pilot.
Those documents will be a business case for the data-sharing arrangement, which can be collated by all the organisations involved; data-sharing agreements; and a security plan. Furthermore, as part of any formal data-sharing agreements with public authorities that grant access to information, security plans should include storage arrangements to ensure that information is stored in a robust, proportionate and rigorously tested manner and assurances that only people who have a genuine business need—
The Minister is making an argument to which I would extend my previous comments. He is arguing that there will be security because we will have a data repository—it will inevitably be a single data repository—with secure firewalls around it. However, the architectural principle for which he is arguing is that all data will be kept in one place. From a security perspective, that is the most dangerous way to store data. To return to why Estonia leads the world, there is a distribution—
Order. That is an intervention. I am quite happy if the hon. Gentleman wants to catch my eye, but interventions should be short. I have been very lenient with that one.
To return to the security angle, we must have assurances that only people with a genuine business need to see the personal information involved in a data-sharing arrangement will have access to it; confirmation of who will notify in the event of any security breach; and procedures in place to investigate the cause of any security breach. Paragraph 104 of the code suggests:
“You should ensure that data no longer required is destroyed promptly and rendered irrecoverable. The same will apply to data derived or produced from the original data, except where section 33 of the DPA applies (in relation to data processed for research purposes).”
At all times, we want to ensure that public confidence is taken forward with the pilots. They will be put in place only once all the boxes have been ticked. Paragraph 108 of the code states:
“You should make it easy for citizens to access data sharing arrangements and provide information so that the general public can understand what information is being shared and for what purposes. You should communicate key findings or the benefits to citizens derived from data sharing arrangements to the general public to support a better public dialogue on the use of public data.”
Security is not discretionary. Amendment 190 would not reinforce that requirement. It is not a question of compliance with systems in place. Instead, there must be adequate systems in place and Ministers must have regard to those systems to ensure they meet the essential security specifications that the Government demand.
Amendments 191 to 194 concern the codes of practice and present a similar discussion to the one we had about using “have regard to” or “compliance to”. The powers cover a range of public authorities in devolved areas, and we want to ensure flexibility in how powers will be operated, so that we can learn from what works and adapt the code as necessary. If bodies fail to adhere to the code, the Minister will make regulations to remove their ability to share information under the power as set out in paragraph 11 of the code of practice.
As I mentioned, the requirement to have regard to the code of practice does not mean that officials have discretion to disregard the code at will. They will be expected to follow the code or they will lose their ability to share data. There could be exceptional reasons why it is reasonable to depart from the requirements of the code. To fix a rigid straitjacket creates a system of bureaucracy where officials must follow processes that run contrary to logic. This is standard drafting language adopted for the above reasons in the Immigration Act 2016, the Children and Families Act 2014 and the Protection of Freedoms Act 2012, to name a few recent pieces of legislation.
It is welcome to hear how detailed and extensive these audits will be. If they are subject to the Freedom of Information Act 2000, will the Minister consider proactively publishing them anyway, so that we can be assured that they are all kept in one place and that data sharing happens only in accordance with data-sharing arrangements that are in the public domain?
When we set up new data-sharing arrangements, we must remember that the ICO and the devolved Administrations must be consulted and that the powers must go before Parliament again. We will have further scrutiny when considering the regulations under the affirmative procedure for secondary legislation.
Given that the arrangements have to go through all the obstacles that the Minister has just outlined, I do not understand why not then include them in a central register, so that they are all in one place. We could then be confident that not just those cases in the Bill but all data sharing across the Government is made public and people can have confidence in how and why their data are being used and shared.
The hon. Lady refers to new clause 35, so I would now like to address that and take her points on board. This is about informing the public about what information is being shared by public authorities and for what reason.
The Bill’s provisions already include a number of commitments to transparency and proportionality, which I have already discussed in disclosing information by public authorities. There is a consistent requirement to uphold the Data Protection Act, including its privacy principles that govern the secure, fair and transparent processing of information.
We require the publishing of privacy impact assessments and privacy notices as set out in paragraph 82 of the code of practice. The research power requires the UK Statistics Authority, as the accrediting body, to maintain and publish a register of all persons and organisations it has accredited, and they can be removed under clause 61(5), which mandates that a withdrawal of accreditation will take place if there has been a failure to have regard to the code of practice.
The requirements of the new clause would inevitably create a new set of administrative burdens, which in turn would carry significant cost implications. It is not clear how the uniform resource locator referred to would be agreed upon, or what assessment has been made of the administrative changes that may be required across the public sector. The requirement might have an unintended consequence. For example, it is possible that including information on the specific data to be disclosed would raise difficult questions about whether the public register would interfere with the duty of confidentiality or breach the provisions of the Data Protection Act. Some of the new powers—in particular, the research provisions—would involve the sharing of non-identifying information, so it is not clear how citizens would understand from a register which datasets contain information relating to them or any particular group of reasons.
The key purpose of the new powers is to simplify the legal landscape to enable public authorities to do their job more effectively and deliver better outcomes for the citizen. The new clause, however well intentioned—I respect the hon. Lady’s point—risks working against that purpose and I therefore invite her to withdraw it.
The Opposition drafted the amendments and I accept that they may not be perfect, but the principle behind the idea of a data register is impossible to argue with. If the Minister claims that these audits will be done thoroughly and that they will be subject to the Freedom of Information Act anyway, I see no reason why they should not be proactively published, so that the public and Opposition Members can have full confidence that everything in the codes of practice, which are not statutory, is being properly adhered to.
Good debt management is a key part of achieving the Government’s fiscal policy objectives. Clause 40 provides a permissive power that will enable information to be shared for the purposes of identifying, collecting, or taking administrative or legal action as a result of debt owed to the Government. With more than £24 billion of debt owed to the Government, the problem is clearly significant.
Public authorities need to work together more intelligently to ensure that more efficient management of debt occurs. We believe that the new power will assist in achieving that. By enabling the efficient sharing of information to allow appropriate bodies to draw on a wider source of relevant data, informed decisions can be made about a customer’s circumstances and their ability to pay. Sharing information across organisational boundaries will help the Government to understand the scale of the issues individuals are facing, and where vulnerable customers are identified, they can be given appropriate support and advice.
Citizens Advice stated:
“This new power is an opportunity to advance the fairness and professionalisation agenda in government debt collection…Sharing data between debt collecting departments will create improved opportunities for better treatment of people in vulnerable situations, and must be matched with fairer and more effective dispute resolution processes.”
The Government agree with that and have worked with non-fee paying debt advice agencies to develop fairness principles to accompany the power, which are included in annex A of the code of practice.
It is important to dwell on the principles that organisations will adhere to, which state:
“Pilots operating under the new data sharing power should aim to use relevant data to help to differentiate between: A customer who cannot pay their debt because of vulnerability or hardship…; A customer who is in a position to pay their debts but who may need additional support; and A customer who has the means to pay their debt, but chooses not to pay - so public authorities, and private bodies acting on their behalf, can assess which interventions could best be used to recover the debt”,
and that:
“Pilots must be conscious of the impact debt collection practices have on vulnerable customers and customers in hardship”.
The principles go on to cover:
“Using relevant sources of data and information to make informed decisions about a customer's individual circumstances and their ability to pay.”
That process could include:
“An assessment of income versus expenditure to create a tailored and affordable repayment plan based on in work and out of work considerations, including the ability to take irregular income into account; and consideration of the need for breathing space to seek advice, or forbearance, in cases of vulnerability and hardship…Where a vulnerable customer is identified, they should be given appropriate support and advice, which may include signposting to non-fee paying debt advice agencies.”
I would be grateful if the Minister confirmed that those pilots and the powers enabled in the Bill will apply only to individuals already identified as being in debt, and that they will not seek to profile individuals who may or may not be in debt.
Yes, I can confirm that. Moving forward, I reassure the Committee that we will continue to work closely with Citizens Advice and StepChange to look at fairness in Government debt management processes. Only HMRC and DWP have full reciprocal debt data-sharing gateways in place, under the Welfare Reform Act 2012. This power will help level the playing field for specified public authorities by providing a straightforward power to share data for clearly outlined purposes. Current data-sharing arrangements are time-consuming and complex to set up, and significantly limit the ability of public authorities to share debt data. This power will help facilitate better cross-Government collaboration that will help drive innovation to improve debt management. The clause will provide a clear power for specified public authorities to share data for those purposes, and will remove the existing complications and ambiguities over what can and cannot be shared and by whom.
The Minister may have just clarified the point I was seeking to tease out of him. The problems that my hon. Friend the Member for Sheffield, Heeley described show that, far from helping people with debt, the agencies acting on behalf of the Government have created debt that did not exist previously by misusing Government data. The Minister may have just assured us that that will not be the case. If the Minister is really concerned about reducing Government debt, perhaps the Government should have not chopped in half the number of HMRC tax inspectors and instead gone after the people who owe the Government tax.
Question put and agreed to.
Clause 40 accordingly ordered to stand part of the Bill.
Clause 41
Further provisions about power in section 40
Amendments made: 120, in clause 41, page 40, line 5, at end insert—
“(ba) for the prevention or detection of crime or the prevention of anti-social behaviour,”
This amendment and amendment 123 create a further exception to the bar on using information disclosed under Chapter 3 of Part 5 of the Bill for a purpose other than that for which it was disclosed. The amendments allow use for the prevention or detection of crime or the prevention of anti-social behaviour.
Amendment 121, in clause 41, page 40, line 6, leave out
“(whether or not in the United Kingdom)”.
This amendment removes the provision stating that a criminal investigation for the purposes of clause 41(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to a criminal investigation covers an investigation overseas in any event.
Amendment 122, in clause 41, page 40, line 8, leave out
“and whether or not in the United Kingdom”.
This amendment removes the provision stating that legal proceedings for the purposes of clause 41 may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to legal proceedings covers proceedings overseas in any event.
Amendment 123, in clause 41, page 40, line 11, at end insert—
‘( ) In subsection (2)(ba) “anti-social behaviour” has the same meaning as in Part 1 of the Anti-social Behaviour, Crime and Policing Act 2014 (see section 2 of that Act).”—(Chris Skidmore.)
See the explanatory statement for amendment 120.
Clause 41, as amended, ordered to stand part of the Bill.
Clause 42
Confidentiality of personal information
Amendments made: 124, in clause 42, page 41, line 4, at end insert—
“(da) for the prevention or detection of crime or the prevention of anti-social behaviour,”
This amendment and amendment 127 create a further exception to the bar on the further disclosure of information disclosed under Chapter 3 of Part 5 of the Bill, allowing disclosure for the prevention or detection of crime or the prevention of anti-social behaviour.
Amendment 125, in clause 42, page 41, line 5, leave out
“(whether or not in the United Kingdom)”.
This amendment removes the provision stating that a criminal investigation for the purposes of clause 42(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to a criminal investigation covers an investigation overseas in any event.
Amendment 126, in clause 42, page 41, line 8, leave out
“and whether or not in the United Kingdom”.
This amendment removes the provision stating that legal proceedings for the purposes of clause 42(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to legal proceedings covers proceedings overseas in any event.
Amendment 127, in clause 42, page 41, line 12, at end insert—
‘( ) In subsection (2)(da) “anti-social behaviour” has the same meaning as in Part 1 of the Anti-social Behaviour, Crime and Policing Act 2014 (see section 2 of that Act).”
See the explanatory statement for amendment 124.
Amendment 128, in clause 42, page 41, line 13, leave out subsections (3) and (4) insert—
‘( ) A person commits an offence if—
(a) the person discloses personal information in contravention of subsection (1), and
(b) at the time that the person makes the disclosure, the person knows that the disclosure contravenes that subsection or is reckless as to whether the disclosure does so.” —(Chris Skidmore.)
This amendment applies to the disclosure of personal information in contravention of subsection (1) of clause 42. It has the effect that it is an offence to do so only if the person knows that the disclosure contravenes that subsection or is reckless as to whether it does so.
Clause 42, as amended, ordered to stand part of the Bill.
Clause 43 ordered to stand part of the Bill.
Clause 44
Code of practice
Amendment made: 129, in clause 44, page 42, line 7, at end insert—
‘( ) The code of practice must be consistent with the code of practice issued under section 52B (data-sharing code) of the Data Protection Act 1998 (as altered or replaced from time to time).”—(Chris Skidmore.)
This amendment requires a code of practice issued under clause 44 by the relevant Minister and relating to the disclosure of information under clause 40 to be consistent with the data-sharing code of practice issued by the Information Commissioner under the Data Protection Act 1998.
Question proposed, That the clause stand part of the Bill.
The Government have started work to look into the common financial statement and standard financial statement alongside non-fee-paying debt advice agencies. That work is in its infancy, but the evidence will help us to decide whether the CFS/SFS could have benefits for Government. Until that work is completed, the Government cannot commit fully to adopt the CFS/SFS.
Will the Minister give a timeframe for when that work will be completed and when we will have a statement from the Government?
It is not possible for me to give a timeframe in a Bill Committee discussing clause stand part. I suggest that I write to the hon. Lady, setting out those details in due course.
Government debt is clearly different from private sector debt. It is not contractual. The Government provide a wide range of services to citizens, such as the NHS and education system, and targeted support for those who meet the eligibility requirements to receive benefits. In return, citizens are required to pay taxes and repay any benefit in tax credit overpayments or fines that have been imposed for criminal activity. That revenue helps to fund vital services. The Government aim to ensure that customers are treated fairly. We encourage customers to engage early, so that they can agree on an affordable and sustainable repayment plan that takes individual circumstances into account. We understand that if poor debt collection practice occurs, that can cause distress.
The clause requires in particular that the code of practice must be issued by the Minister. It sets out more detail about how the power will operate and the disclosure and use of data. All specified public authorities and other bodies disclosing or using information under the power must have regard to the code of practice, which sets out in detail best practice of how the data-sharing power should be used. That includes what data should be shared, how data will be protected, issues around privacy and confidentiality and, significantly, the set of fairness principles that I talked about, which must be considered when exercising the power in clause 40. With that in mind, and the fact I have discussed extensively how the codes of practice will help protect the most vulnerable in society, I hope the clause will stand part of the Bill.
I am grateful to the Minister for the commitment to write to me. It would be welcome if he could write to all members of the Committee. That shows how committed he is to improving the detail of the clause.
Question put and agreed to.
Clause 44, as amended, accordingly ordered to stand part of the Bill.
Clause 45
Duty to review operation of Chapter
I rise to speak to amendment 130, in clause 45, page 43, line 10, at end insert—
‘( ) The relevant Minister may only make regulations under subsection (5)—
(a) in a case where the regulations include provision relating to Scotland, with the consent of the Scottish Ministers;
(b) in a case where the regulations include provision relating to Wales, with the consent of the Welsh Ministers;
(c) in a case where the regulations include provision relating to Northern Ireland, with the consent of the Department of Finance in Northern Ireland.”
This amendment requires the relevant Minister to obtain the consent of the Scottish Minsters, Welsh Ministers or Department of Finance before making regulations which, following a review under clause 45, amend or repeal Chapter 3 of Part 5 and make provision relating to Scotland, Wales or Northern Ireland respectively.
It is envisaged that information-sharing powers will enable sharing arrangements to be set, but they may take place solely within a devolved territory or involving data relating to devolved matters. The amendments intend to require the consent of Scottish Ministers, Welsh Ministers and the Department of Finance in Northern Ireland before making any regulations to amend or repeal the provisions that relate to those territories. Regrettably, we have found technical flaws with the amendments, so we will reconsider this issue and return to it at a later stage.
I would be grateful if the Minister confirmed what technical issues there are with the amendments.
There are a number of technical issues in these amendments, and we are determined to consult thoroughly with the devolved Administrations and the relevant offices. We will do so in due course. We will return to that later in the Bill.
It is unusual for the Government to introduce amendments and then find technical problems with them. That is obviously what has happened and it is very unfortunate. Given that we were expecting to debate the amendments at this point, can the Minister give us an indication of when he will bring back non-defective amendments—or whether, indeed, he intends to bring any further amendments in this area?
When it comes to the point of process that the hon. Gentleman mentions, we intend to return to this further into the Bill. The particular issue that arose with the amendments as currently drafted is that the need for consent needs to apply correctly only to devolved matters. We found that the amendments do not reflect that, which is why we wish to withdraw them today.
It would be helpful if that were to happen during the Commons stage of the Bill, rather than in the Lords, so that this House has an opportunity, at least on Report, to consider this aspect.
I note the hon. Gentleman’s concerns and will reflect on them. I cannot give any further information at this moment. We hope to ensure that the amendments, when later drafted, will reflect the Government’s desire to listen carefully to all devolved nations and ensure that this applies across the UK.
The amendment is not moved.
Clause 45 ordered to stand part of the Bill.
Clauses 46 to 48 ordered to stand part of the Bill.
Clause 49
Further provisions about power in section 48
Amendments made: 131, in clause 49, page 46, line 43, at end insert—
“(ba) for the prevention or detection of crime or the prevention of anti-social behaviour,”
This amendment and amendment 134 create a further exception to the bar on using information disclosed under Chapter 4 of Part 5 of the Bill for a purpose other than that for which it was disclosed. The amendments allows use for the prevention or detection of crime or the prevention of anti-social behaviour.
Amendment 132, in clause 49, page 46, line 44, leave out “(whether or not in the United Kingdom)”
This amendment removes the provision stating that a criminal investigation for the purposes of clause 49(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to a criminal investigation covers an investigation overseas in any event.
Amendment 133, in clause 49, page 46, line 46, leave out “and whether or not in the United Kingdom”
This amendment removes the provision stating that legal proceedings for the purposes of clause 49(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to legal proceedings covers proceedings overseas in any event.
Amendment 134, in clause 49, page 47, line 6, at end insert—
‘( ) In subsection (2)(ba) “anti-social behaviour” has the same meaning as in Part 1 of the Anti-social Behaviour, Crime and Policing Act 2014 (see section 2 of that Act).”—(Chris Skidmore.)
See the explanatory statement for amendment 131.
Clause 49, as amended, ordered to stand part of the Bill.
Clause 50
Confidentiality of personal information
Amendments made: 135, in clause 50, page 47, line 44, at end insert—
“(da) for the prevention or detection of crime or the prevention of anti-social behaviour,”
This amendment and amendment 138 create a further exception to the bar on the further disclosure of information disclosed under Chapter 4 of Part 5 of the Bill, allowing disclosure for the prevention or detection of crime or the prevention of anti-social behaviour.
Amendment 136, in clause 50, page 48, line 1, leave out “(whether or not in the United Kingdom)”
This amendment removes the provision stating that a criminal investigation for the purposes of clause 50(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to a criminal investigation covers an investigation overseas in any event.
Amendment 137, in clause 50, page 48, line 4, leave out “and whether or not in the United Kingdom”
This amendment removes the provision stating that legal proceedings for the purposes of clause 50(2) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to legal proceedings covers proceedings overseas in any event.
Amendment 138, in clause 50, page 48, line 11, at end insert—
‘( ) In subsection (2)(da) “anti-social behaviour” has the same meaning as in Part 1 of the Anti-social Behaviour, Crime and Policing Act 2014 (see section 2 of that Act).”
See the explanatory statement for amendment 135.
Amendment 139, in clause 50, page 48, line 12, leave out subsections (3) and (4) insert—
‘( ) A person commits an offence if—
(a) the person discloses personal information in contravention of subsection (1), and
(b) at the time that the person makes the disclosure, the person knows that the disclosure contravenes that subsection or is reckless as to whether the disclosure does so.”—(Chris Skidmore.)
This amendment applies to the disclosure of personal information in contravention of subsection (1) of clause 50. It has the effect that it is an offence to do so only if the person knows that the disclosure contravenes that subsection or is reckless as to whether it does so.—
Clause 50, as amended, ordered to stand part of the Bill.
Clause 51 ordered to stand part of the Bill.
Clause 52
Information disclosed by the Revenue and Customs
Amendment made: 140, in clause 52, page 49, line 7, at end insert—
‘( ) The code of practice must be consistent with the code of practice issued under section 52B (data-sharing code) of the Data Protection Act 1998 (as altered or replaced from time to time).”—(Chris Skidmore.)
This amendment requires a code of practice issued under clause 52 by the relevant Minister and relating to the disclosure of information under clause 48 to be consistent with the data-sharing code of practice issued by the Information Commissioner under the Data Protection Act 1998.
Clause 52, as amended, ordered to stand part of the Bill.
Clauses 53 to 55 ordered to stand part of the Bill.
Clause 56
Disclosure of information for research purposes
I beg to move amendment 142, in clause 56, page 52, line 23, at end insert—
‘(3A) For the purposes of the first condition the information may be processed by—
(a) the public authority,
(b) a person other than the public authority, or
(c) both the public authority and a person other than the public authority,
(subject to the following provisions of this Part).
(3B) Personal information may be disclosed for the purpose of processing it for disclosure under subsection (1)—
(a) by a public authority to a person involved in processing the information for that purpose;
(b) by one such person to another such person.”
This amendment and amendments 143, 144, 146 to 149, 151 to 153, 159, 160 and 162 to 166 relate to the processing of information for disclosure under clause 56 so as to remove identifying features. They make it clear that a person other than the public authority which is the source of the information may be involved in processing that information.
With this it will be convenient to discuss Government amendments 143 to 153, 159, 160 and 162 to 170.
The amendments apply to the research power. Together they provide clarity on the conditions that must be met when information provided by public authorities for research purposes is processed, as set out in clause 56. They also require public authorities to obtain accreditation to process personal information with that power, and they provide further clarity on the exclusion of health and adult social care information in clauses 56 and 63.
Personal information must not be disclosed to researchers under the power unless it is first processed in a way that protects the privacy of all data subjects. Those involved in the processing of information must be accredited as part of the conditions under this power. Processing may be carried out by the public authority that holds the data concerned, a different public authority, or specialist persons or organisations outside the public sector, including those providing secure access facilities and other functions, those commonly referred to as trusted third parties, or a combination of the two.
These amendments have been tabled to ensure that the position is reflected accurately in clause 56 and to ensure that it is clear that each accredited processor can disclose information to other accredited processors as required. In addition, they clarify that a person involved in the processing of information other than the public authority holding the information can disclose the de-identified information to researchers.
As drafted, the Bill does not require public authorities to be accredited or to process data for disclosure to researchers. On reflection, the Government recognise the importance of ensuring that all bodies involved in processing information are subject to the same level of accountability and scrutiny. The amendments will enable the UK Statistics Authority, as the accrediting body, to enforce a consistent approach to best practice for handling information.
Finally, it is important that the exclusion of health and adult social care data is defined in a way that is accurate and transparent. As drafted, the research clauses could be interpreted as excluding from the power public authorities that are primarily health and adult social care providers, but which provide some health-related services. That could mean that, contrary to the intention of the Bill, public authorities, including local authorities that provide a range of services, are at risk of being barred from sharing data relating to their functions because they provide some health and social care-related services.
The amendments will clarify that public authorities whose sole function is to provide health and/or adult social care services will be excluded from the power. They also clarify that public authorities that provide health and/or adult social care services as part of a range of services can share information, including health and adult social care data.
I very much welcome the amendments. Has the Minister considered the Information Commissioner’s recommendation to have an additional offence for re-identifying anonymised personal information, as in the Australian model? I otherwise support the amendments.
We are obviously working closely with the Information Commissioner. We will consider all her recommendations in due course, but I cannot comment on that at this moment in time.
Amendment 142 agreed to.
(8 years ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
It is a pleasure to serve under your chairmanship, Mr Streeter. There is little need to dwell on this chapter of the Bill because of the safeguards that, as we have heard, are already in place and are well tried and tested. I was greatly encouraged that the Royal Statistical Society said in our evidence session that there needs to be a clear and well understood framework for the sharing of such information, as proposed in this part of the Bill. As we have said at length, we support that.
Most importantly for this debate, the Office for National Statistics operates transparently and publishes guidance on what data it uses and when, and on the public value that is derived from the data and information supplied to it for the purposes of producing official statistics and statistical research. The ONS’s information charter sets out how it carries out its responsibility for handling personal information, and the ONS’s respondent charters for business surveys and household and individual surveys set out the standards that respondents can expect.
The code of practice for official statistics has statutory underpinning in the Statistics and Registration Service Act 2007. Statisticians are obliged to adhere to its ethical requirements, including its principles of integrity, confidentiality and the use of administrative sources for statistical purposes. The Royal Statistical Society said that consideration could usefully be given to whether a new framework for the national statistician to access identifiable data held across the Government and beyond should require a supplementary code of conduct, to extend further public confidence. I would be grateful to the Minister if he confirmed whether he has responded to that and what steps he intends to take on that point.
Finally, the national statistician recently established the national statistician’s data ethics advisory committee, which provides ethical consideration of proposals to access, share and use data. The majority of the committee are independent and lay members from outside the Government, and it operates transparently with all papers and minutes published. It provides independent scrutiny of data shares and reports to the national statistician, who then reports to the UK Statistics Authority board. That model could easily be transposed to better protect data across the Government, as described in other chapters in the Bill.
We are happy to support the measures given the excellent and long-standing safeguards that are already in place, and we hope that, in time, the codes and other requirements in other parts of the Bill follow suit.
The clause will create a clear, permissive power for public authorities to disclose information that they hold for the purpose of research in the public interest. It will ensure that any personal information is processed before it is disclosed and that a person’s identity is not specified in the information, so that a person’s identity cannot be deduced from that information. It will establish a set of conditions to ensure that any processing of personal information is undertaken in a way that protects the privacy of individuals.
To maintain a truly innovative and competitive economy and to ensure that decisions taken on a range of economic and social issues are informed by the best possible evidence base, it is essential that we maximise the use of rich and varied sources of administrative information that is held across public data.
I am not sure whether the Minister is aware, but Scottish universities share all their research on the internet for the public to read, ensuring world-class Scottish research can help the world. Do the Government agree that such rules should apply to all publications resulting from the research and statistics chapters of the Bill?
I think that it is up to each university to have a policy on what research should be published and when. There is a particular situation in Scotland, but other universities may decide that their research may be used for purposes that remain confidential. Publication is up to the universities and academic bodies to decide.
The Minister is absolutely right—perhaps I rushed my question. I was trying to emphasise the point that, when data are shared, will he match that transparency, so that citizens can see what public benefit has been drawn from the use of their data?
I shall come in a moment to the UK Statistics Authority’s position on the use of national statistics; it would benefit enormously from these measures. The potential benefits from increased access to information extend far beyond the research community. It is generally accepted that increased research and development leads to improved productivity and therefore increased economic growth. Information is increasingly a key raw material.
The research community has for some time been prevented from making better use of information held by the public sector, due to a complex legal landscape that has evolved over time. As a result, public authorities are often uncertain about their powers to share information, leading to delays, in some cases lasting years. In the meantime, projects become obsolete or are abandoned.
The Administrative Data Taskforce warned in its 2012 report that the UK was lagging behind other countries in its approach to this issue. It called for a generic legal power to allow public authorities to provide information for research purposes. As well as providing that power, which will remove the uncertainty that has frustrated the research community, the clause will provide a set of conditions that must be complied with if personal information is to be shared.
The conditions can be summarised as the sharing and use only of information that has been de-identified to industry standards to remove information that would identify, or is reasonably likely to identify, an individual, and the requirements that those who process information that identifies a person take reasonable steps to minimise accidental disclosure and prevent deliberate disclosure of such information, that all those who process personal information or receive or use processed personal information are subject to an accreditation process overseen by the UKSA, whether they are researchers, technicians or those who provide secure environments for linking and accessing data, that research for the purposes of which the information is disclosed is accredited and that all those involved in the exercise of the power adhere to a code of practice that is produced and maintained by the UKSA.
The UKSA is the designated accredited body with a duty to maintain and publish registers of all those accredited for any purpose under the power. That includes all those who may be involved in preparing personal information for disclosure to researchers and the research project itself. The results or outcomes of the research project must be publicly available, to demonstrate that the research is for the public good. The UKSA has a duty to maintain and publish the criteria for accreditation, and all activity under the power will be subject to a code of practice issued by the UKSA. I hope that answers the hon. Gentleman’s concerns.
Turning to the willingness for this to happen, the clause represents an important step forward for research in the UK. It will allow greater opportunities to produce high-quality research, which, in the words of the Economic and Social Research Council, can place
“the UK at the forefront of the international scientific landscape.”
It will allow greater opportunities to improve our understanding of our economy and society.
I would like to put on record the comments of Sir Andrew Dilnot, the chair of the UKSA:
“The Digital Economy Bill, currently before the House of Commons Public Bill Committee, represents a unique opportunity to deliver the transformation of UK statistics. The existing legal framework governing access to data for official statistics is complex and time-consuming. The proposals in the Bill, by making use of data already held across Government and beyond, would deliver better access to administrative data and for the purposes of statistics and research, delivering significant efficiencies and savings for individuals, households and businesses. Decision-makers need accurate and timely data to make informed decisions, in particular about the allocation of public resource. This Bill will deliver better statistics and statistical research that help Britain make better decisions.”
Question put and agreed to.
Clause 56, as amended, accordingly ordered to stand part of the Bill.
Clause 57
Provisions supplementary to section 56
Amendments made: 150, in clause 57, page 53, line 24, at end insert—
‘( ) In its application to a public authority with functions relating to the provision of health services or adult social care, section 56 does not authorise the disclosure of information held by the authority in connection with such functions.”
This amendment and amendments 168 to 170 ensure that Chapter 5 of Part 5 applies to a public authority with functions relating to the provision of health services or adult social care and other functions, but that in such a case the powers to disclose in the Chapter only apply to information held in connection with the other functions.
Amendment 151, in clause 57, page 53, line 28, leave out “56” and insert “56(1)”.—(Chris Skidmore.)
See the explanatory statement for amendment 142.
Clause 57, as amended, ordered to stand part of the Bill.
Clause 58
Bar on further disclosure of personal information
Amendments made: 152, in clause 58, page 53, line 38, leave out “56(9)” and insert “56(3B)”.
See the explanatory statement for amendment 142.
Amendment 153, in clause 58, page 54, line 2, at end insert “(including section56(3B))”.
See the explanatory statement for amendment 142.
Amendment 154, in clause 58, page 54, line 6, at end insert—
“(da) which is made for the prevention or detection of crime or the prevention of anti-social behaviour,”.
This amendment and amendment 157 create a further exception to the bar on the further disclosure of information which is disclosed under clause 56 (so that it can be processed for disclosure under that section), allowing disclosure for the prevention or detection of crime or the prevention of anti-social behaviour.
Amendment 155, in clause 58, page 54, line 7, leave out
“(whether or not in the United Kingdom)”.
This amendment removes the provision stating that a criminal investigation for the purposes of clause 58(3) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to a criminal investigation covers an investigation overseas in any event.
Amendment 156, in clause 58, page 54, line 10, leave out
“and whether or not in the United Kingdom”.
This amendment removes the provision stating that legal proceedings for the purposes of clause 58(3) may be within or outside the United Kingdom. This is for consistency and on the basis that a reference to legal proceedings covers proceedings overseas in any event.
Amendment 157, in clause 58, page 54, line 11, at end insert—
‘( ) In subsection (3)(da) “anti-social behaviour” has the same meaning as in Part 1 of the Anti-social Behaviour, Crime and Policing Act 2014 (see section 2 of that Act).”
See the explanatory statement for amendment 154.
Amendment 158, in clause 58, page 54, line 21, leave out subsections (5) and (6) insert—
‘( ) A person commits an offence if—
(a) the person discloses personal information in contravention of subsection (2), and
(b) at the time that the person makes the disclosure, the person knows that the disclosure contravenes that subsection or is reckless as to whether the disclosure does so.
This amendment applies to the disclosure of personal information in contravention of subsection (2) of clause 58. It has the effect that it is an offence to do so only if the person knows that the disclosure contravenes that subsection or is reckless as to whether it does so.
Amendment 159, in clause 58, page 54, line 39, leave out “56(9)” and insert “56(3B)”. —(Chris Skidmore.)
See the explanatory statement for amendment 142.
Clause 58, as amended, ordered to stand part of the Bill.
Clause 59
Information disclosed by the Revenue and Customs
Amendment made: 160, in clause 59, page 54, line 43, leave out “56(9)” and insert “56(3B)”.—(Chris Skidmore.)
See the explanatory statement for amendment 142.
Clause 59, as amended, ordered to stand part of the Bill.
Clause 60
Code of practice
Amendments made: 161, in clause 60, page 55, line 19, at end insert—
‘( ) The code of practice must be consistent with the code of practice issued under section 52B (data-sharing code) of the Data Protection Act 1998 (as altered or replaced from time to time).”.
This amendment requires a code of practice issued under clause 60 by the relevant Minister and relating to the disclosure of information under clause 56 to be consistent with the data-sharing code of practice issued by the Information Commissioner under the Data Protection Act 1998.
Amendment 162, in clause 60, page 55, line 24, leave out “56” and insert “56(1)” —(Chris Skidmore.)
See the explanatory statement for amendment 142.
Clause 60, as amended, ordered to stand part of the Bill.
Clause 61
Accreditation for the purposes of this Chapter
Amendments made: 163, in clause 61, page 56, line 7, leave out “56” and insert
“subsection (1) of section 56”.
See the explanatory statement for amendment 142.
Amendment 164, in clause 61, page 56, line 9, leave out “section” and insert “subsection”.
See the explanatory statement for amendment 142.
Amendment 165, in clause 61, page 56, line 11, leave out “section” and insert “subsection”.
See the explanatory statement for amendment 142.
Amendment 166, in clause 61, page 56, line 23, leave out “56” and insert “56(1)”.
See the explanatory statement for amendment 142.
Amendment 167, in clause 61, page 56, line 38, at end insert—
‘(6A) The Statistics Board—
(a) may from time to time revise conditions or grounds published under this section, and
(b) if it does so, must publish the conditions or grounds as revised.
(6B) Subsection (6) applies in relation to the publication of conditions or grounds under subsection (6A) as it applies in relation to the publication of conditions or grounds under subsection (2).”—(Chris Skidmore.)
This amendment enables the Statistics Board to revise the conditions and grounds it establishes for the accreditation and withdrawal of accreditation of people and research for the purposes of information sharing under Chapter 5 of Part 5 of the Bill.
Clause 61, as amended, ordered to stand part of the Bill.
Clause 62 ordered to stand part of the Bill.
Clause 63
Interpretation of this Chapter
Amendments made: 168, in clause 63, page 57, line 18, leave out subsection (2) and insert—
‘(2) A person is not a public authority for the purposes of this Chapter if the person—
(a) only has functions relating to the provision of health services,
(b) only has functions relating to the provision of adult social care, or
(c) only has functions within paragraph (a) and paragraph (b).
(2A) The following are to be disregarded in determining whether subsection (2) applies to a person—
(a) any power (however expressed) to do things which are incidental to the carrying out of another function of that person;
(b) any function which the person exercises or may exercise on behalf of another person.”.
See the explanatory statement for amendment 150.
Amendment 169, in clause 63, page 57, line 21, leave out “subsection (2)(a)” and insert “this Chapter”.
See the explanatory statement for amendment 150.
Amendment 170, in clause 63, page 57, line 30, leave out “subsection (2)(b)” and insert “this Chapter”.—(Chris Skidmore.)
See the explanatory statement for amendment 150.
Clause 63, as amended, ordered to stand part of the Bill.
Clause 64
Disclosure of non-identifying information by HMRC
Question proposed, That the clause stand part of the Bill.
Very briefly, I would be grateful to the Minister if he confirmed why a separate, further clause is necessary on disclosure of non-identifying information by HMRC. The safeguards in the rest of the Bill are sufficient.
As the holder of some of the most useful datasets in the public sector, HMRC has an interest in sharing data more extensively where it does not compromise taxpayer confidentiality. The clause relates to the current legal constraints for HMRC on the disclosure of non-identifying information, allowing the UK tax authority to share information for purposes in the public interest. It deals with information that does not reveal a person’s identity: either general information that is never related to a taxpayer or information aggregated to such a degree that it does not reveal anything particular to a person.
I beg to move amendment 171, in clause 67, page 60, line 37, at end insert—
“() a subsidiary undertaking of the Bank of England within the meaning of the Companies Acts (see sections 1161 and 1162 of the Companies Act 2006),”
This amendment means that the provisions in new section 45B of the Statistics and Registration Service Act 2007 about access to information by the Statistics Board will apply to subsidiaries of the Bank of England as well as to the Bank itself.
These are minor and technical amendments to various definitions in proposed new sections 45B and 45C of the Statistics and Registration Service Act 2007. Sections 45B and 45C give the UK Statistics Authority a right of access to information required for its functions held by Crown bodies and public authorities respectively. Under section 45B, if a Crown body declines to provide information requested by the UK Statistics Authority, the authority may decide to lay the related correspondence before the relevant legislature, including the relevant devolved legislature for the devolved Crown bodies. Under section 45C, before issuing a notice to a devolved public authority that is not a Crown body, the UK Statistics Authority must seek consent from the relevant devolved Administrations.
Amendments 173 and 176 amend the definition of the phrase “Wales public authority” in sections 45B and 45C to refer to a new definition of “Wales public authority” being created by the Wales Bill, which is currently going through the House of Lords. They ensure that sections 45B and 45C are updated with a new definition of “Wales public authority” and will operate consistently with other definitions.
Amendments 172 and 175 amend the definition of “Scottish public authority” in sections 45B and 45C to capture public authorities with mixed functions or no reserve functions within the meaning of the Scotland Act 1998. Amendment 172, which amends section 45B, also refers expressly to a public authority that is part of the Scottish Administration, clarifying that these are Crown bodies to be dealt with under section 45B.
Section 45B states that Crown bodies include
“the Bank of England (including…the Prudential Regulation Authority)…the Financial Conduct Authority…and…the Payment Systems Regulator”.
Amendment 171 clarifies that the reference in section 45B to the Bank of England also includes any of its subsidiaries. That means that section 45B can also cover bodies such as the asset purchase facility fund, which the Bank of England set up in 2009. Amendment 171 also means that any subsidiaries that the Bank sets up in future will be treated in the same way under section 45B as the Bank itself.
Amendment 174 reflects the fact that the Prudential Regulation Authority is currently a subsidiary of the Bank of England formed under section 2A of the Financial Services and Markets Act 2000. This position will change when section 12 of the Bank of England and Financial Services Act 2016 comes into force. Section 12 changes how the PRA is formed and gives the Bank of England functions as the PRA. Amendment 174 therefore ensures section 45B applies during the transitional period before section 12 of the 2016 Act comes into force. It treats the wording in brackets in the relevant part of section 45B as not applying until section 12 comes into force. Until then, the PRA, as a subsidiary of the Bank, will be covered by amendment 171.
Amendment 171 agreed to.
Amendments made: 172, in clause 67, page 61, leave out lines 39 to 43 and insert “the public authority—
() is a part of the Scottish Administration, or
() is a Scottish public authority with mixed functions or no reserved functions (within the meaning of the Scotland Act 1998).”
This amendment modifies the requirement for a request for information under new section 45B of the Statistics and Registration Service Act 2007 and any response to be laid before the Scottish Parliament so that it applies to a request to public authority which is a part of the Scottish Administration or a Scottish public authority with mixed or no reserved functions.
Amendment 173, in clause 67, page 61, line 45, leave out from beginning to end of line 3 on page 62 and insert
“the public authority is a Wales public authority as defined by section 157A of the Government of Wales Act 2006.”
This amendment modifies the requirement for a request for information under new section 45B of the Statistics and Registration Service Act 2007 and any response to be laid before the National Assembly for Wales so that it applies to a request to a Wales public authority.
Amendment 174, in clause 67, page 62, line 13, at end insert—
‘( ) Until the coming into force of section 12 of the Bank of England and Financial Services Act 2016 subsection (1)(b) has effect as if the words in brackets were omitted.”
This amendment makes provision about the reference in new section 45B(1)(b) to the Bank of England in the exercise of its functions as the Prudential Regulation Authority in the period before the coming into force of section 12 of the Bank of England and Financial Services Act 2016. Until that section comes into force the Authority will remain a subsidiary of the Bank and so will be covered by the reference in amendment 171.
Amendment 175, in clause 67, page 62, line 41, leave out from “authority” to end of line 3 on page 63 and insert
“which is a Scottish public authority with mixed functions or no reserved functions (within the meaning of the Scotland Act 1998).”
This amendment modifies the requirement to obtain the consent of the Scottish Ministers before giving a notice under new section 45C of the Statistics and Registration Service Act 2007 so that it applies to a notice given to a Scottish public authority with mixed or no reserved functions.
Amendment 176, in clause 67, page 63, line 5, leave out from “authority” to end of line 10 and insert
“which is a Wales public authority as defined by section 157A of the Government of Wales Act 2006.”
This amendment modifies the requirement to obtain the consent of the Welsh Ministers before giving a notice under new section 45C of the Statistics and Registration Service Act 2007 so that it applies to a notice given to a Wales public authority.
Amendment 188, in clause 67, page 65, line 3, at end insert—
‘( ) The statement must be consistent with the code of practice issued under section 52B (data-sharing code) of the Data Protection Act 1998 (as altered or replaced from time to time).” —(Chris Skidmore.)
This amendment requires a statement issued under section 45E of the Statistics and Registration Service Act 2007 by the Statistics Board and relating to the exercise of its functions under sections 45B, 45C and 45D of that Act to be consistent with the data-sharing code of practice issued by the Information Commissioner under the Data Protection Act 1998.
Question proposed, That the clause, as amended, stand part of the Bill.
As the Minister has just outlined, clause 67 differentiates access to information held by Crown bodies and a power to require disclosures by other public authorities. In essence, it enables the statistical authorities to request information from Crown bodies and to demand it from other public authorities. I would be grateful if the Minister confirmed why there is that distinction. He may well be aware that the Royal Statistical Society and the ONS would like the Bill to be amended to include the power to require disclosure from Crown bodies in exactly the same way as from public authorities. What consideration has been given to that? Why are the same requirements not on both types of public authorities?
The clause gives certainty and teeth to data supplied to the UK Statistics Authority. Official statistics are not an optional extra. If they are incomplete, decisions made by the Government and Parliament that rely on those statistics could be misinformed, late and lose impact. UKSA must have the data equipment necessary to produce the numbers that decision makers need to make the best decisions in the interests of the country.
Existing legislation provides precedents for requiring businesses and households to provide information for producing aggregate statistics about the economy and society. For instance, the Statistics of Trade Act 1947 requires businesses to report the data required for the production of UK economic statistics. For the past 100 years, the Census Act 1920 has required every household to provide information once every 10 years so that we can understand our population and society. To put that in context, censuses are long established but expensive. The 2011 census cost us almost £500 million. Census data are the statistical spine of decision making, including the allocation of public funds.
Allowing UKSA access to administrative data the Government already hold is more efficient. We should not be asking people in business questions when we already know the answers from other sources. Under the Statistics and Registration Service Act 2007, UKSA must seek legislation every time it needs access to Government datasets where there is no existing data-sharing gateway. That mechanism is limited and only removes barriers that existed before the 2007 Act, and will become increasingly redundant over time.
The clause realises the expectation that, where UKSA needs access to datasets to produce statistics, it should be given that access. Section 45B requires Crown bodies, in particular central Government Departments, to provide data when UKSA asks for them, or, where necessary, have their refusal put before Parliament. Why treat Crown bodies differently from public authorities? That way of working, set out in sections 45B and 45C, ensures consistency between how a Crown body interacts with another on the one hand, and how a Crown body interacts with a non-Crown body on the other.
Sections 45C and 45D allow UKSA to require data from public authorities and large businesses. In practice, UKSA will focus on businesses that hold data likely to support to UKSA’s data needs, reducing the existing burden of surveys on businesses and individuals. UKSA must be sure that the data it relies on will continue to be provided, to ensure the integrity of the statistics it produces and the integrity of decisions based on those statistics.
Section 45F makes it clear that public authorities and businesses must comply with the notice they receive from UKSA under sections 45C or 45D, which draws on existing precedents for enforcement seen for the census and business surveys. Section 45E also requires UKSA to publicly consult on a statement of principles and procedures it will apply when operating these new powers. UKSA will lay that before Parliament and the devolved legislatures.
Section 45B lays out that UKSA must
“specify the date by which or the period within which the public authority must respond to the request.”
What kind of period are we are talking about? What kind of period does the Minister consider reasonable in which a public authority must respond to a request from UKSA?
I will write to the hon. Lady on that particular point with further information. I am more than happy to do that. She correctly noted that timeframes are set out, which highlights the transparency arrangements already set down in the Bill. That has been well thought through, and we are determined to ensure that we work closely with UKSA going forward. UKSA will publicly consult on a new code of practice to support public authorities in consulting it on planned changes to data systems to protect the accuracy and integrity of its statistical outputs. Again, that will be laid before Parliament and the devolved legislatures.
We have spoken previously about codes of practice. Illustrative first drafts of the statement and the code have been made publicly available, including to members of the Committee, and they continue to be developed ahead of a full public consultation in a few months’ time. We are determined to ensure that the research and statistics communities are given the tools to enable them to do their jobs efficiently and effectively going into the 21st century. We want to ensure that the UK is a leader in developing statistics and research.
Question put and agreed to.
Clause 67, as amended, accordingly ordered to stand part of the Bill.
Clause 68 ordered to stand part of the Bill.
Clause 69
OFCOM reports on infrastructure etc
Question proposed, That the clause stand part of the Bill.
(8 years ago)
Public Bill CommitteesThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
I beg to move, That the clause be read a Second time.
A great deal of our lengthy debate on part 5 has focused on data ownership and control. The Government have stated elsewhere that their policy is that citizens should own and control their own data, but sadly the Bill takes us backwards in that regard by adopting a completely paternalistic approach to data sharing, with a “Government knows best” attitude. We are blindly to assume that our data are being kept, shared and used appropriately while we are kept in the dark about how they are being used and for what purpose.
As the former Prime Minister famously said, “Sunlight is the best disinfectant,” and as I have previously argued, a register for all data-sharing arrangements is necessary—in fact, essential—to ensure trust in the Government’s data sharing. Quite simply, we cannot have trust when there is no transparency, and that is true for Governments of any colour. The new clause would require the Government to commission an independent review of information and data ownership under chapter 1 of part 5, which would seek to establish the direction in which the Government’s stated policy intent for individuals to have control over their data is heading.
The Minister has given us all kinds of assurances that the codes of practice will sufficiently embed the principles, which have been debated at length, but as they are not statutory, there must be some form of mechanism to ensure that the spirit of the codes and the intention he stated in our debates are adhered to. Following the announcement that the Government will implement the general data protection regulation, the codes and the legislation are already out of date. I understand the role of Select Committees in this House, but the proposals made in the Bill are about incredibly detailed practices relating to the day-to-day operation of the civil service that are unlikely to be unearthed through a Select Committee report without a whistleblower or any kind of proactive publication, as suggested in our new clause on the new register.
The use of administrative data has been discussed at length, but it is not to be confused with the use of big data—a wholly different beast that has not been tackled in the Bill. That is another missed opportunity. A committee has been established in the Cabinet Office to consider the ethics of big data. That is absolutely necessary, but, again, it should have been conducted as an independent review, rather than something led by Government. My fear is that we are lagging well behind other Administrations with respect to how we treat data, and in the embedding of consent and control into our data regimes. We run a serious risk of sleepwalking into a major scandal.
Before I was elected I worked in the City of London, for Aviva. There I was put on a project looking at the type of things that we could do with big data. Aviva is a gold star insurer so it certainly was not indulging in unethical behaviour, but the kind of data that, if allowed, actuaries would like to test is simply not known—it would horrify the average consumer. There are many providers in the market for data, and many ways beyond our imagination in which our data could be commodified. It would take only a “Dispatches” exposé, or a scandal in The Mail on Sunday, and the Government would be forced to react; then, as all Governments do, they would over-react.
The Bill provides an excellent opportunity to look at the issues in the cold light of day, rather than the heat of reaction. I strongly urge the Ministers to take that opportunity and accept the new clause.
There are several problems with the new clause. First, it would delay the delivery of significant public benefits; secondly, it seeks more consultation on measures where there has already been a long and broad-ranging consultation effort over many years; thirdly, it is asking for even more Parliamentary time, when the scheme, future pilots and data-sharing measures are already subject to significant and continued Parliamentary scrutiny.
We believe that the proposed review and subsequent delay would prevent us from delivering significant public benefits, such as extending the warm home discount, which had the support of the Committee last week. If implementation of warm home discount reform were delayed by one year because of the time needed to carry out the review and then to establish the necessary data-sharing arrangements, the Government would potentially help about 750,000 fewer fuel-poor homes in 2018-19. Further, there would be a delay to our ability to implement the benefits of more effectively targeting the £640 million-a-year energy company obligation.
The measure is not short on consultation. That process started in April 2014 and has involved civil society groups, experts and practitioners. There was a public consultation. The draft clauses were published in February 2016. There has been lots of discussion and the Government have listened. That is why information can be shared only for specific objectives, which can be added to only if they satisfy the public benefit test. It is why we have new unlawful disclosure offences, and a code of practice that has been welcomed by the Information Commissioner. The proposed review would require the Government to consult the very people we have already consulted in developing the public service delivery power.
The Bill is also not short on parliamentary oversight. There must be agreement by Parliament to new objectives for sharing data, new public authorities—a list will be drawn up—and the code of practice. The code of practice clearly sets out the process for public bodies to maintain public confidence, with privacy and impact assessments and by ensuring that all data-sharing arrangements are public. That is clearly set out in paragraphs 74 to 78 in part 5. The further scrutiny sought in the new clause is unnecessary duplication. The purpose of scrutiny by Parliament is to decide whether the powers should be taken, so no purpose would be served by having another review before the powers are commenced. For that reason I ask the hon. Lady to withdraw the amendment.
The Minister is dead right. We would like some more consultation on the review, not least because nearly all of the Government’s consultees are unhappy with the proposals in the Bill.
I hope that we have thrashed out many of the part 5 issues and that the Government will act and amend the provisions in the other place. If that does not happen, we shall return to the matter on Report. I beg to ask leave with withdraw the motion.
Clause, by leave, withdrawn.
New Clause 32
OFCOM power to enforce structural separation of BT Openreach
‘After section 49C of the Communications Act 2003 insert—
“(49D) OFCOM has the power to enforce the structural separation of BT Openreach, should OFCOM consider this necessary.”’—(Calum Kerr.)
Brought up, and read the First time.
(7 years, 11 months ago)
Commons ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
(7 years, 9 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
My Lords, I come rather late to the table with the Bill, but fresh, if that is the term, from the Investigatory Powers Act, as does the noble and learned Lord. Like me, he may have reflected on the fact that one of our basic documents in debating the Investigatory Powers Act was called by David Anderson A Question of Trust; the issue of trust is equally relevant to the provisions in the Bill. Like other noble Lords, I see the value of sharing information but—and for me it is a big “but”—with constraints, limits, conditions, checks. I would say balances but I do not think they always do the job. It would be too easy in this area to let convenience obscure other considerations. I have concerns about fundamental issues and I have difficulty, as I suspect do other noble Lords, knowing quite what to raise where, but my most fundamental concern is about respect for privacy. The use of bulk data, which we will come to, is bound to raise this.
I share concerns which have been raised about providers—not the public authorities and public services themselves, but the providers. Maybe we have to be realistic, as our public services are now provided so much through commissioning and procurement but, as I read the Bill, the regulations will not be required to list specific providers. I may be wrong about that. If providers have to be included, it would be appropriate for the public to be reassured, for instance, that the public authority in question maintains a register of its providers and publishes it. Maybe, also, all records of information held under these provisions should be destroyed at the termination of the provider’s contract.
The purposes set out here include well-being, which includes the contribution to society. I am not going to let this pass without saying that that risks being read, and I read it, as very paternalistic. I cannot see how it properly covers anything that is not covered by the other well-being provisions. Others have suggested that Clause 30 might lead to profiling. There is certainly a concern over health information, which we will come to separately. I also find it quite hard to think: if you are not contributing to society, are you not deserving of or entitled to public services? I think it is a very unfortunate term to use in legislation.
I share the concerns about Clause 33. At the very least, to share personal information to prevent anti-social behaviour which is not a crime—we know it is not a crime; you do not even need to go to the legislation about anti-social behaviour to know that, because it is referred to separately from crime—is going several steps too far. I start—I am not suggesting that others do not—from the premise that personal information should be kept confidential unless there is good reason not to do so, and if it is not confidential it needs to be treated with the greatest care and sensitivity. Respect for private life is one of our basic values. The Minister would be able to quote Article 8 of the European Convention on Human Rights—as I will do—without reading it. It says that there are “necessary”—I stress that word—exceptions in the interests of national security, public safety, the economic well-being of the country, the prevention of disorder or crime, the protection of health or morals or the protection of the rights and freedoms of others. I support the amendments—I think they are in this group—that would import the term “necessary”.
Article 8 refers to disorder and crime, but—I will not be surprised if the Minister quotes some case law at me on the definition of “disorder”—I would have thought that in this context it must refer to something a good deal more serious than what may fall within “anti-social behaviour”.
The Investigatory Powers Act includes the much-welcomed and much-discussed “privacy” clause; during the debate on that we considered the requirements of both necessity and proportionality. The Act also refers specifically to the Human Rights Act and to crime as a consideration when it is a serious crime, and it refers to using “less intrusive means”. These points are all relevant to this debate.
For my part, this amounts to support for all the amendments in the group and a concern to persuade the Government to look at the issues through the lens of rights to privacy as well as efficiency. Most citizens accept—indeed, expect—that in a digital age government departments will share information, but with narrower purposes and stricter checks than the Bill offers.
My Lords, I am obliged to noble Lords for their observations on this group.
The powers in Chapter 1 of Part 5 will support the delivery of better services to achieve specified objectives, such as providing assistance to those suffering, for example, from fuel poverty. Your Lordships would all appear to be agreed on the need for effective data-sharing, but when we talk about that we must mean data-sharing that is secure and commands the trust of the general public—that is sufficiently ring-fenced to give confidence in the whole process. No one would take issue with that.
In that context I make this observation at the outset. It applies not only to this group of amendments but to further groups that we will come to this afternoon and perhaps much later this evening. We have to look at the provisions in this Bill in the context, first, of the Data Protection Act 1998, because the provisions of that Act apply in the context of this Bill. Therefore, as we look at the Bill, we must remember the protections that already exist in law with regard to data in this context. First, processing of personal data must always be fair and lawful. Secondly, data cannot be processed in a way that is incompatible with the purpose for which they were gathered. Thirdly, personal data must be,
“adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed”.
The personal data should be “accurate”, so a subject may be in a position to demand that they should be corrected.
Furthermore, on the point made by the noble Baroness, Lady Hamwee, personal data can be kept no longer than is necessary for a particular objective. Where, therefore, they have been employed for a particular objective—or a party has received them for a particular purpose—and a need to keep the data for that purpose can no longer be displayed, they cannot be retained.
My Lords, will the noble and learned Lord address—in a later group, if not this one—why the terminology in the Bill is “personal information” rather than “personal data”, which might have made the marrying-up of the legislation a bit easier?
Indeed I can. The reason is that in the present context, personal information extends to bodies corporate and other personalities that are not otherwise covered by the first definition. I will elaborate upon that later but that is why there is a distinction between the two terms. We can see that the two terms substantially overlap but it is only because of that technical distinction that they are employed in this way. I hope that that satisfies the inquiry from the noble Baroness, Lady Hamwee.
The Data Protection Act not only circumscribes the use of data in very particular ways—for example, personal data must be processed in accordance with the data subject’s rights under the Act and be held securely to guard against unlawful or unauthorised processing, which addresses a point that many of your Lordships referred—but provides remedies in the event that those obligations are not adhered to. Generally speaking, that involves a complaint to the Information Commissioner.
Of course there have been lapses in data control. We are well aware of many of them. The noble Lord, Lord Collins, alluded to Concentrix, where there clearly appeared to have been lapses such that the Revenue terminated its contract without further notice in November of last year. We recognise that there are risks associated with data and data-sharing. That is why we emphasise the need to look at the provisions in the Bill not only alone but in the context of the Data Protection Act.
There were obviously risks associated with the contract for Concentrix and the fall-out from that contract is certainly ongoing, because of the people who have suffered hardship. The Government will undoubtedly have to investigate even more because at the moment, we are dealing only with the people who have appealed. Can the Minister tell us exactly why the existing provisions for a risk assessment did not stop this contract from going sour?
As the noble Lord is aware, Concentrix was not the only incident in which there were data breaches. They have happened not only in the context of parties operating with government but also entirely in the private sector. So far as I am aware, no one has made a claim for infallibility where data protection is concerned. Albeit that we aspire to the highest standards in data protection, we are not making claims of infallibility.
The noble Lord, Lord Collins, also referred in the present context to the GDPR, which will come into effect as a European regulation in May 2018. I reiterate that the provisions in Part 5 of the Bill are compatible with the GDPR. The noble Lord appeared to take some issue with that term, but let me be clear: the provisions of Part 5 are drafted in such a way as to be compatible with the regulation. When the regulation comes into direct force, we will look at the provisions of the Act and the codes of practice to ensure that they are consistent with it. That is the way in which these things are done. The regulation is not yet in force and will be applied to the existing statutory structure from May 2018. I reassure him that it has always been intended that Part 5 of the Bill should be compatible with the regulation, for very obvious reasons.
Then there is the matter of the draft codes of practice. At this stage they are, of course, a draft. Those drafts have incorporated comments and advice from practitioners right across the public sector, from the Information Commissioner and from the devolved Administrations, so they have brought in that body of knowledge at this stage.
I specifically asked why the responsibility has been placed on gas and electricity suppliers to have regard to some of the things stated in the Bill, and I would be grateful for an answer. I do not mind if the answer is not given now, but if that could be clarified I would be grateful.
I am perfectly prepared to write to my noble friend to clarify that point, and I will place a copy of any letter in the Library.
I thank the Minister for his response. One of the things that we will encounter as we go through this section is the fact that the 1998 Act has some fundamental principles but that we have the Bill before us because there is a need for greater clarity. The world has changed in the past 20 years, certainly in the way that we handle and interrogate data. We no longer simply say that this set of data will go to that person and so on. We do not necessarily even have to share the whole dataset. The point is about how one might interrogate data. It is a very different world. I am not suggesting for one moment that errors do not occur, accidents do not happen and mistakes cannot happen, but in the modern world we conduct risk assessments to understand how we can minimise those things. That is what I want properly addressed when we come back to some of these issues.
The Minister says that the Government will consider the report of your Lordships’ committee. If there are to be further amendments, I hope that we will have time to consider them and even to put down our own amendments to ensure that the principles about which we are concerned will be able to be addressed. With those comments and, if you like, fair warnings, I beg leave to withdraw the amendment.
(7 years, 9 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
My Lords, I, too, support the various amendments in this group. “Having regard to” a matter always seems to leave some wriggle room. If there should be exceptions to compliance—because I think we are talking about compliance here, not about consistency—then those should be spelled out. I accept that having codes of practice outside primary legislation allows for flexibility, which might be useful, for a response to experience of the operation of the code and, perhaps, for changing circumstances. However, there is so much reliance on codes of practice here that an inclusive process for constructing and finalising them is very important, as well as transparency in operation.
The noble and learned Lord will probably have a better recollection than I have of the discussion during the passage of the Investigatory Powers Bill about providing transparency by way of ensuring that people who were affected by the transmission of information knew about it. This was rejected for security reasons, but that would not be the case here. The overall objective has to be transparency and inclusiveness.
My Lords, Amendment 81 and the other amendments in this group are intended, of course—and I understand this—to strengthen enforcement of the codes of practice in relation to the public service delivery, debt and fraud, and research powers by requiring authorities who use the powers to “comply with” rather than “have regard to” these codes. The noble Lord, Lord Collins, has sight of a loophole, and the noble Baroness, Lady Hamwee, has encountered wriggle room, but I would take issue with those descriptions.
There is common ground here. We, too, believe that the codes are an important part of the data-sharing powers. However, the Government believe that “have regard to” is the right level of obligation for a code of practice. This is a legal obligation. Such persons when disclosing or using information will be expected as a matter of law to take the codes seriously and follow their requirements in all cases unless there are cogent reasons why they should not do so. It is, of course, common practice for legislation to set out the critical limitations on a power while codes of practice—which are more adaptable, as the noble Baroness, Lady Hamwee, acknowledged—are advisory tools that supplement with regard to best practice, principles and guidance.
The noble Lord, Lord Collins, alluded to a situation in which an authority exceeds its powers for the public good. In such a situation—without going into the detail of it—the authority would be exceeding its powers and it would have to answer for that, whatever the public good might justify in other circumstances.
Key conditions for the disclosure and use of information are set out in the Bill, including what can be shared, by whom and for what purpose. We have followed a common approach taken by government and others, including the Information Commissioner, to provide more detail on how data are to be shared in a code of practice. That does not mean that the code is to be treated lightly. Legal consequences may follow if the code is disregarded, as the Delegated Powers and Regulatory Reform Committee pointed out in its report on the Bill. The relevant Minister can make regulations to remove a body’s ability to share information under the power if it fails to adhere to the code. The noble Lord, Lord Collins, raised the question as to whether that is considered sufficient in the circumstances. We do consider that that is a sufficient safeguard in the circumstances. I also remind noble Lords—in particular, the noble Baroness, Lady Janke—that the first requirement of the Data Protection Act is that processing of data should be fair and reasonable. That underpins in existing legislation the whole approach that should be taken to this Bill.
The noble Baroness, Lady Hamwee, sought to draw a distinction between the provisions here and those in the Investigatory Powers Act about knowledge of data transfers. Of course, although we are not necessarily dealing here with national security, we are dealing with issues such as fraud, where it would be wholly inappropriate to give people advance notice of data sharing, particularly if one were going to address issues of criminal conduct.
Amendment 107B would require breaches of the code of practice on the public service delivery power to be reported to the Investigatory Powers Commissioner. It also places a duty on the Investigatory Powers Commissioner to investigate serious breaches and, where necessary, to inform the relevant individual of the breach. In doing so, the commissioner would have to ask the person in breach to make submissions before making a decision. With respect, the amendment would impose a considerable additional function on the Investigatory Powers Commissioner, where he or she would be bound to deal with breaches of a code of practice on information sharing which in no way relates to the commissioner’s remit of investigatory powers.
Indeed, placing such duties on the Information Commissioner would effectively be broadening the Information Commissioner’s remit without appropriate consultation. It would, as with Amendment 81B, cut right across the functions of the Information Commissioner, as distinct from the Investigatory Powers Commissioner; the Information Commissioner being responsible for upholding the Data Protection Act 1998, and also the safeguards and procedures for dealing with breaches of the code, which are already set out in various provisions. Such an amendment would blur the lines between the responsibilities of the Information Commissioner and the Investigatory Powers Commissioner and potentially lead to confusion and unnecessary duplication. If, in making those observations, I referred to the Investigatory Powers Commissioner when I meant the Information Commissioner and referred to the Information Commissioner when I meant the Investigatory Powers Commissioner, that simply underlines how easy it is to cause confusion in this area.
Amendments 108, 115, 134 and 151 call for the codes to be subject to approval by Parliament. A similar requirement was also raised by the Delegated Powers Committee in its recent report. We are carefully considering that proposal and I assure noble Lords that we will be responding to it shortly. Amendments 109 and 135 would introduce a requirement for the Minister to consult publicly on the code for a minimum of 12 weeks before issuing or reissuing it. Amendments 110, 152 and 190 would require that the Minister demonstrate that responses to the public consultation,
“have been given conscientious consideration”.
The policy in respect of these powers, and much of the content of the codes of practice, have been developed over two years of open policy development with a range of public authority and civil society organisations. The code sets out procedures and best practice drawn from guidance produced by the ICO and Her Majesty’s Government. We amended Clauses 36, 45, 53 and 61 in the other place to ensure our code will be consistent with the Information Commissioner’s data-sharing code of practice. The clauses contain a requirement that the Minister consults the devolved Administrations, the Information Commissioner and any other person the Minister considers appropriate prior to the issue or reissue of the code. I assure noble Lords that these other persons will include civil society groups and experts from the data and technology areas. It is, indeed, our intention to run a public consultation before laying the code before Parliament. I need hardly add that all consultations are taken seriously by the Government and all responses considered with appropriate conscientiousness.
I understand the interest in the codes and the desire to make sure they are effective. The codes will provide a strong safeguard for the use of the power, backed up by real consequences if they are not adhered to. With that, and while we consider the recommendations of the Delegated Powers Committee further—as I have indicated, we intend to do that in the very near future—I invite the noble Lord to withdraw his amendment.
The noble and learned Lord warned us against giving advance notice to potential fraudsters, but I think we are talking in these amendments about notice which may be in retrospect. I am looking at the noble Lord who has tabled the amendments. There are different issues, I think, about giving notice in advance and telling people that you have transferred information. Maybe we need to come back to the distinction between the two at the next stage. On the requirement to have regard but not necessarily to comply, does that not point up the real weakness of a code that is not approved by Parliament? These two bits of fragility seem to me to go hand in hand and undermine the security, as it were, of the regime.
I am content that we return to the noble Baroness’s first point if she feels that there is a point of distinction to be made. On her second point, I do not accept that there is fragility in this context. We are well aware, by virtue of past practice, that this formulation is appropriate to the application of codes of practice. Indeed, the noble Baroness herself observed that when applying one’s mind to a code of practice, a degree of flexibility is necessary. One cannot freeze them. That is why we consider that the wording here is appropriate.
I thank the Minister for his response. Obviously, the codes of practice are key to giving a sense of security and to building public confidence. They are critical, which is why noble Lords want to see exactly how they will end up. I am very happy with the reassurance that the Minister gave regarding parliamentary involvement and consideration of the report of your Lordships’ committee. That is very welcome and we will return, obviously, to some of the issues, particularly on medical information and other information set out in other groups. We will return to the subject of the Investigatory Powers Commissioner in the next group and I will explain in that discussion why we see, perhaps, a distinct role, arising from the debate this House had on the Investigatory Powers Act. In the meantime, I beg leave to withdraw the amendment.
My Lords, Amendment 81B seeks to place a duty on the Investigatory Powers Commissioner to ensure that the data-protection rights of citizens are considered and protected under the public service delivery power. The effect of this amendment would be to impose similar duties on the Investigatory Powers Commissioner as are already carried out by the Information Commissioner. It is for that reason that we do not consider that this amendment is necessary. I understand the points that the noble Lord, Lord Collins, has made in this context. We are all concerned to ensure that these powers are ring-fenced as far as is reasonably practicable and that any breach should be policed to the extent required. However, in our view, the Investigatory Powers Commissioner is not the appropriate party to deal with this matter. The Bill is not about investigatory powers, and accepting this amendment would result in a substantial and, as I sought to indicate earlier, confusing addition to the portfolio of the Investigatory Powers Commissioner.
We are of course concerned that there should be public confidence in the provisions of the Bill and in the whole body of data-sharing powers. I understand the observation of the noble Lord, Lord Collins, that the Investigatory Powers Act does everything possible to ensure security is there, so that only the given powers are exercised and that the rights of the individual are put at the head of any agenda, but that is clearly the intention of this Bill as well. That can be achieved by having regard to the position of the Information Commissioner in the context of the present provisions.
I understand and indeed admire the noble Lord’s suggestion that we should in some sense be seeking to future-proof the Bill. There are limits to our ability to do that, but I will return to that point in the context of the regulations that come into force in May 2018. We have already had regard to that in order to try to ensure that the provisions of the Bill will comply with imminent regulations, such as those I have just referred to.
The noble Lord also raised the question of confidentiality and the concerns that have been expressed by the medical profession in that context. Let us be clear that, as noble Lords will recollect, common-law obligations of confidentiality are rarely if ever absolute. We know that various common-law issues of confidentiality tend to be subject to one qualification or another. Concerns have been expressed over the interaction between the provisions of the Bill and medical confidentiality, primarily in respect of the statutory override within the Bill. The provisions of the Bill are clear that sharing data under the powers in the Bill does not breach any existing duty of confidentiality. That includes the common-law duty of confidentiality to the extent that it applies to patient information.
The use and processing of medical information is governed by common law, but also by the Data Protection Act 1998, by the provisions of the Human Rights Act 1998 and indeed by specific legislation which allows, requires or prohibits certain uses of such data. There is no blanket ban on the use of medical information outside the patient-doctor context, and it is not the case that every instance of sharing such information will constitute a breach of confidentiality. Indeed, the General Medical Council’s 2017 guidance expressly states personal information can be disclosed,
“without breaching duties of confidentiality”,
in particular circumstances, one of which is where the disclosure is,
“approved through a statutory process that sets aside the common law duty of confidentiality”.
So it is acknowledged by the General Medical Council itself that this may occur from time to time, and the provisions of the Bill are structured to reflect this. They override duties of confidentiality only in order to ensure that public authorities have clarity in terms of what they can and cannot share under the powers of the Bill. I hope that goes some way to meeting his concerns about confidentiality in that context.
Amendments 84, 87, 119, 138 and 213, which are also in this group and were referred to by the noble Baroness, Lady Janke, cover a broad range of suggested additional safeguards and restrictions on the use of the powers. They seek to introduce, among other things, an express data minimisation rule, a requirement to conduct and publish a privacy impact assessment and provisions extending the Information Commissioner’s powers in respect of enforcement notices. They also introduce a provision enabling data subjects to request that inaccurate personal data disclosed under the powers be amended. We are firmly of the view that while all of these requirements represent important safeguards on the use of our powers, they are already provided for in different ways under the Bill, the codes of practice or existing legislation, including in particular the Data Protection Act 1998. Indeed, under the DPA only the minimum personal data necessary may be shared to achieve the particular objective, and all personal data that is held must be accurate. I hope that that goes some way to meeting one of the points made by my noble friend Lady Byford about excess data being given to public authorities. That is simply not permitted in the existing legislation, particularly the requirements of the Data Protection Act 1998. Over and above that, the Information Commissioner already has a range of mechanisms to enforce compliance with the DPA. Amendment 213, which would insert a new clause on enforcement notices, would not add to those powers in any material way.
Further, Amendment 213 requires certain information to be gathered in respect of the benefits of data-sharing arrangements. Again, that is not necessary: bodies wishing to exercise the powers in these provisions must consider benefits as part of their privacy impact assessment. We acknowledge the importance of privacy impact assessments and, following discussions with the Information Commissioner’s Office, will look to return to this matter on Report to address concerns about public authorities’ adherence to the Information Commissioner’s specific guidance on privacy impact assessments, as well as privacy notices. I hope noble Lords will accept our willingness to return to that matter in due course.
Amendment 213 would bar the processing of personal information under the powers for particular purposes. With respect and understanding of what lies behind the amendment, our approach is simpler and more complete. There are specific limited purposes for which personal information can be disclosed under Part 5 of the Bill. Other than a few limited exemptions, the disclosure or use of personal information for other purposes is not permitted. Tough new criminal sanctions will apply to all unlawful disclosures.
Amendment 87 seeks to introduce a duty to review in the public service delivery power, akin to the existing duty in the debt and fraud powers. All data-sharing arrangements under the debt and fraud powers have to be piloted and reviewed after three years to ensure that the powers deliver demonstrable benefits. The public service delivery powers are different in kind, being more conventional data-sharing powers, constructed specifically to improve the delivery of services to citizens in cases of acknowledged need, such as assisting those suffering from fuel poverty.
On that point, my noble friend Lady Byford essentially raised the question of definitions—what do we mean by “fuel poverty”, “well-being” and “warm home discount”, as mentioned in Clause 31? All this is dealt with in Part 2 of the Energy Act 2010, which contains the schemes referred to in Clause 31(3)(a). I hope further consideration of those provisions of the Bill may go some way to meeting her concerns about those definitions.
On the question of private fraud, of course we are alert to the idea that where there is data sharing there may be data intrusion, and we are determined to guard against that. That is why we seek to ring-fence these powers in the way that we do in the Bill. We have not claimed that any system we introduce will inevitably be infallible; history tells us that where we ring-fence, people will seek to go under, over or through such a fence. However, we shall try to ensure that all data that are shared in this context are kept as secure as we reasonably and practicably can keep them.
Amendment 88 would change the definition of “personal information”, a point raised by the noble Baroness, Lady Hamwee. The point here is that in the current draft “personal information” includes “a body corporate”. The existing definition is intended to capture all persons, including all corporate bodies, to ensure that taxpayer information, including that of bodies corporate, is protected irrespective of the size of the organisation. Narrowing the definition would limit the protections for HMRC data under these powers, which would be likely to affect significantly HMRC’s willingness to make use of the powers. I am sure the noble Baroness is aware that the disclosure of data by HMRC is subject to additional statutory controls quite distinct from the provisions of the Bill, and these have to be factored in. This is where the term “official” comes into use because the existing statutory legislation uses that term in the context of data and disclosure. Therefore, for the purposes of consistency, that term is used in this context. It is not an attempt to suggest that the janitor, or anyone else, should be responsible for disclosing relevant information—certainly not the commissioners of revenue in isolation.
Amendments 87 and 93 are also in this group. Clause 33(7) provides that a disclosure under the public service delivery power does not breach any obligation of confidence or any other restriction on the disclosure of the information. This provision ensures that public authorities can be confident that their disclosure is lawful, provided that they comply with the strict requirements of this legislation. To remove that subsection would undermine a primary objective of providing authorities with the legal certainty required to ensure efficient and effective data sharing under these powers. In other words, where they satisfy the requirements of this legislation, they do not have to go back and worry about any aspect of the common law of confidentiality on individual occasions, which would effectively make the provision unworkable.
Amendment 93 seeks to expressly exclude health data from the public service delivery clauses. I have already touched upon this. The Government believe that this amendment, while well intentioned, is unnecessary and would lead to the kind of legislative barriers that the Bill is designed to overcome. As I have indicated before, the Government recognise the particular sensitivities around identifiable health information, and indeed this was highlighted in the National Data Guardian’s recent review of data security, consent and opt-outs. For this reason, health bodies in England are not included in the draft list of bodies that will be permitted to use the powers in the Bill. Health and adult social care information, however, could potentially be of considerable assistance in bringing benefit to individuals, as this power aims to do. I acknowledge that we may wish to bring such bodies within the scope of these powers in future, but we will form a view on this after the implementation of the National Data Guardian’s recommendations and public consultation on the issue. We believe it would be wrong to rule out that possibility until that debate has been concluded. However, I underline the point that at present health bodies in England are not included in the draft list of bodies that will be permitted to use these powers.
I turn to Amendment 100. Clause 34(8) provides that the prohibition on onward disclosure, and its associated provisions, do not apply to personal information disclosed by HMRC. The amendment seeks to remove that provision. There was a suggestion that someone was seeking consistency here. Throughout Part 5 of the Bill, in order to take account of HMRC’s statutory duty of confidentiality and maintain consistency with the existing statutory framework in respect of HMRC information, the Bill contains separate provisions for the disclosure of information by HMRC. Criminal sanctions apply to the disclosure of HMRC information, but it is all framed slightly differently in order to be consistent with earlier statutory provision. I refer in particular to the Commissioners for Revenue and Customs Act 2005, which already covers these areas. The effect of the noble Baroness’s amendment would be to create two regimes for disclosing HMRC information under this power. We suggest that that would undermine consistency between Part 5 of the Bill and the provisions that already exist under the Commissioners for Revenue and Customs Act 2005. I hope that that goes some way to explaining why HMRC, though not a special case, is dealt with slightly differently within Part 5.
The noble Baroness, Lady Byford, then referred to Amendment 196. Again, in the context of accountability for public interest disclosures of non-identifying HMRC information, the aim of Clause 65 is to enable Her Majesty’s Revenue and Customs to meet requests from external organisations to provide aggregate statistics or general information, which is what other government departments do. Safeguards for disclosure of personal information will continue to apply for the reasons I have already alluded to. This amendment, again, would be inconsistent with HMRC’s existing statutory framework which authorises officials to act on behalf of the commissioners of revenue. It would not be practicable for the commissioners of revenue to have to deal with each of these requests. Indeed, it would be an unnecessary use of public resources if that was the case.
The noble Lord, Lord Clement-Jones, raised a point that appears to have prompted a note from the Box which I have not yet read. I shall scan it now. And I will undertake to write to the noble Lord. On that occasion, I will use typescript.
In those circumstances, I invite noble Lords not to press these amendments.
I am obliged to the noble Baroness, Lady Hamwee. Although the definition of personal information differs from the definition of personal data in the DPA, all personal data shared and used under the public service delivery provisions must be handled in accordance with the framework of rules set out in the DPA, and in particular with the data protection principles, because the DPA is not overridden by this chapter. To the extent that the class of personal information is wider than personal data, although the DPA does not directly govern such information, we still expect that information will be handled in accordance with that framework because of the requirements of the codes of practice under Part 5. I hope that answers the noble Baroness’s question.
My Lords, the noble Lord, Lord Collins, should make no apology for revisiting the issues of transparency and public confidence because they lie at the heart of what this Bill is attempting to achieve and are contained in Part 5. It may be déjà vu again but that is perfectly justified by the circumstances. We are all concerned to ensure that there is such transparency within these provisions as to maintain, and perhaps even restore, public confidence in the use and sharing of data.
Amendment 82ZA proposes that, within six months of the Act coming into force, an independent review of the collection and use of data by the Government and commercial organisations is conducted. With respect, the scope of the review appears extremely broad and goes much further than the provisions of Part 5. The Royal Society and the British Academy are undertaking a review to consider the ethical and legal frameworks needed in the United Kingdom as data technologies advance. We intend to consider the findings of that review when it is published. In addition, I mentioned that the general data protection regulation will come into effect in the United Kingdom in May 2018. The implementation of that regulation will represent a significant change to the data protection legal framework for both the public and private sectors, including strengthening rights for individuals so that they have more control over their personal data. We intend to work with the Information Commissioner to explore how we can best meet these requirements, as well as to improve transparency in this space. As such, we do not see the value in commissioning a further major review of data ahead of preparing to implement the new data protection framework when the regulation comes into force in May 2018.
Amendment 103 also seeks to improve the transparency of data sharing under the powers in Part 5. As I have indicated, we support this intention as transparency, along with the protection of personal data, is clearly at the heart of all these proposals. There are, however, a number of real problems with the proposed new clause. Setting the requirement and contents in primary legislation would significantly restrict our ability to explore and consider the benefits and consequences of publishing a register. For example, there may be a need to exempt the inclusion of certain types of data sharing for reasons such as national security or commercial confidentiality.
Ahead of the 2018 regulation coming into force, we will work with the Information Commissioner’s Office and other interested parties to explore how we can best meet its requirements and improve transparency. In our view, the statutory codes of practice in the Bill are a more appropriate vehicle for setting out requirements to support greater transparency. We will run a public consultation on the codes of practice as well as the required statutory consultations and we propose, as part of that, to gather views on the type of information about data sharing that should be captured and made public, as well as the risks and benefits. In addition, the draft codes already contain requirements for privacy impact assessments to be prepared and published. Further, we are continuing to explore with the Information Commissioner whether more can be done in this Bill to ensure that his codes of practices on privacy impact assessments and privacy are fully considered when data are shared under Part 5. I hope to return to this point later in the proceedings.
Amendment 104 proposes an obligation for organisations to report data breaches and submit associated audit returns to the Information Commissioner’s Office. As I have indicated, the EU general data protection regulation will apply in the United Kingdom from May 2018. The new regime will introduce tough measures on breach notification, making it a requirement for all data controllers and data processors to report breaches to the Information Commissioner’s Office if they are likely to result in a risk to the rights and freedoms of individuals, and the individuals affected must also be notified where there is a high risk. The new regime will also allow tougher penalties to be imposed on organisations in breach of the rules. I believe these will be penalties of up to 4% of the organisations’ total global annual turnover, or €20 million.
Under current arrangements, the Information Commissioner’s civil monetary penalties guidance says that he can take into account what steps, if any, the person or organisation had taken once they became aware of the contravention, when determining the amount of the monetary penalty to be issued, so there is provision for those who delay or defer the reporting of data breaches. At this stage, we are confident that the Information Commissioner has the necessary powers to take action against those organisations that are in breach of the rules so, while I accept the spirit of the amendment and understand the need for transparency, I do not believe it is necessary as the new tougher rules under the EU regulations will apply from May 2018. As I stated, under the current regime, the commissioner can and does take into account what steps, if any, an organisation has taken in addressing breaches and in deciding penalties under the Data Protection Act.
Amendment 111 would require a secure audit record to be compiled specifying the personal information shared under the public service delivery power. This well-intentioned amendment is also considered unnecessary. The code of practice that has been drafted in support of the public service delivery provisions already requires an audit to be kept by data controllers of information shared under this power, and the Information Commissioner’s data-sharing code of practice similarly requires organisations to keep records of information shared. In addition, the EU general data protection regulation will apply to Part 5 and place further specific legal obligations on organisations to maintain records of personal data shared and of processing activities. Organisations will now make the necessary preparations to comply with that regulation.
For the benefit of the noble Baroness, Lady Finlay, I emphasise that the processing of personal data under the public service delivery power must already be in accordance with the Data Protection Act. The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act. The commissioner undertakes a programme of consensual audits across the public and private sector to assess their processing of personal information. The commissioner also has the power to conduct compulsory audits of public sector entities to evaluate compliance with the data protection principles. The commissioner has powers to obtain access to the information she may need to conduct those assessments.
(7 years, 9 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
I expected more people to be inspired by the contribution of the noble Lord, Lord Arbuthnot, and to join in the debate. I am rising to give my support to Amendments 105 and 106 and to thank the noble Lords, Lord Arbuthnot and Lord Carlile, for highlighting this simple failure in company policy, which can lead to much bigger dangers and threats. As the noble Lord said, it can have commercial implications, personal privacy implications and, ultimately, national security implications. While we all have a part to play setting the highest standards of data protection, it is true that all too often we put the focus on national Governments without recognising the equal responsibilities of the private sector and private companies to play their part. This is particularly vital, given the number of private sector organisations which access data for government contract work. However, it also extends into other realms of commercial activity, such as commercial personal profiling, in which companies build vast data banks of our shopping habits, our friends, our movements—literally, where we are moving around in cities and towns—and our vulnerabilities, all of which have huge value both in their own hands and in the hands of cyber-thieves. These are issues which we have also flagged up in other amendments tabled today, and we have tried to build in more safeguards. My noble friend Lord Collins has said that we believe that individuals should have the right to know what information is being held about them, for example. They should have the right to be able to withdraw permission for the data to be held, and they should have the right to know immediately if a data breach has taken place.
We welcome the amendments, which would begin to address some of our concerns, by putting a straightforward obligation on companies to prepare a cybersecurity report each year, detailing the measures being taken to ensure that data are being kept safely. It is a simple ask, and it should not really be necessary, but the all too frequent security breaches taking place underline why a legal requirement has to be imposed. An Institute of Directors report last year showed that companies tend to keep quiet when there has been a security breach. As a result, there are no accurate figures on the extent of this crime, or the extent to which companies are being held to ransom. A survey of business leaders found that only half had a formal strategy in place to protect themselves and just 20% held insurance against an attack. Yet we also know that companies are also losing confidence in their encryption systems, their staff capabilities and awareness and the ability of their software to withstand a deliberate assault.
This is a huge issue. Of course, we have a vested interest in sorting this out, as often it is our personal data which are being stolen. But on a wider sphere it impacts on everything from company finances to sensitive market data and research and development. So we very much welcome the initiative set out in these amendments, and agree with the noble Lord, Lord Arbuthnot, that they are helpful. In itself, they will not completely solve the problem, but they represent another small step in getting companies to act responsibly in managing the data that they hold.
My Lords, Part 5 of the Bill requires public authorities and specified persons to specify and meet specific legislative conditions and controls on the handling of personal information. As I have said on a number of occasions this evening, these provisions will be underpinned by codes of practice setting out data security requirements, including cybersecurity. A body that fails to meet these could be prevented from using the data-sharing powers. That is the context in which I turn to Amendments 105 and 106.
Amendment 105 would require all but the smallest of companies to conduct audits on their cybersecurity and to report annually on it and their data protection measures. Clearly, the Government recognise that effective cybersecurity risk management is important to the success of the economy and, indeed, to ensuring the safety and integrity of private citizens’ data. The Government conducted the Cyber Security Regulation and Incentives Review in 2016 to consider whether we need additional regulation or incentives to boost cyber risk management in the wider economy and it showed strong justification for regulation to secure personal data.
The Government will seek to improve cyber risk management through our implementation of the EU general data protection regulation in May 2018. Its requirement to report breaches to the Information Commissioner and individuals affected, and the fines that can be issued under it, will represent a significant improvement. These will be supplemented by a number of measures to more clearly link data protection with cybersecurity, including through closer working of the Information Commissioner and the National Cyber Security Centre. However, we will not seek to pursue further general cybersecurity legislation for the wider economy as would be required by Amendment 105.
We believe that mandating the inclusion of cyber risk information in annual reports, or the introduction of legal provisions for cyber audit, is unlikely to be an effective way of encouraging large-scale change in cyber risk management. Instead, the National Cyber Security Centre plans to work with stakeholders to develop guidance for investors. The long-term aim of the organisation is to include cybersecurity in the guidance it provides to businesses on the kind of information it wants to see in an annual report, and in the reports it provides to investors each year on every listed company.
Amendment 106 is very broad in its aims and, as such, could have unintended consequences for the diverse range of grants that the Government fund each year. The supporting audit and insurance regime would be costly and challenging to enforce given the diversity of grant recipients, including those from voluntary and research communities. Furthermore, this amendment is unnecessary as many of these checks are in place as a matter of routine. The level of cybersecurity risk in grants will continue to be monitored and consideration given to how recently launched grant standards could be used to strengthen guidance in this area. This provides a far more flexible and proportionate solution than legislation.
With respect to subsection (2) of the proposed new clause in Amendment 106, the Government are already taking tangible steps to reduce the level of cybersecurity risk in their supply chain. As of October 2014, suppliers of central government contracts that involve the handling of personal data or the supply of IT products and services must demonstrate they have met the technical requirements set out as part of either the government-owned Cyber Essentials scheme or a suitable equivalent. The scheme was developed jointly with GCHQ and industry to support organisations of all sizes and across all sectors in getting a good, basic level of online security in place. In response to my noble friend Lord Arbuthnot I would observe that, as of the end of December 2016, nearly 5,500 certificates had been issued under the scheme, and we have a strategy in place to significantly increase the adoption of the scheme over the coming year. With that explanation, I hope my noble friend will withdraw his amendment.
My Lords, I am grateful to my noble and learned friend for his comments. From what he says I suspect that the Government are not quite there yet. However, I hope that my amendments will help to encourage them along a path of some form of regulation in this area. I suspect that the arguments my noble and learned friend used were similar to those that were first used when financial audit was suggested. However, I am grateful for what he has said. I am also particularly grateful to the noble Baroness, Lady Jones, for what she said and for the gracious way in which she said it. However, my amendments were aimed not so much at government as at business. I suspect that this will be part of a long-term campaign, so, with those words, I beg leave to withdraw the amendment.
My Lords, perhaps I may ask a couple of questions which arise from the fact sheet on this issue. On civil registration, it says:
“The Bill establishes a framework, with appropriate safeguards, to share bulk registration information where there is a clear and compelling need”.
I wonder whether the Minister can help the Committee in understanding where that is translated into the Bill. The fact sheet also says:
“There are no intentions to share data with the private sector or for data to be used for any commercial purposes”.
It then goes on to say that,
“the powers would not permit this”.
However, I am sure that the Minister will understand my querying the words “no intentions”, because they suggest that there could be a change, and possibly one with which Parliament is not hugely involved. I am going to assume that the points made by the Delegated Powers and Regulatory Reform Committee are in the rather large pile of items that it raised and which the Government will reply to before Report, so I am referring to that only in passing, but it would be very helpful to understand how the points in the fact sheet, which is where many people would start, move over into the legislation.
My Lords, the proposals in Chapter 2 of Part 5, which are being addressed here, will ensure that citizens are able to access future—can I have a moment to sort out my own speaking notes?
While the Minister is doing that, can I ask whether this amendment covers Scotland? He is replying as the noble and learned Lord, Lord Keen of Elie. Registration of births, deaths and marriages was not introduced in Scotland until 1855 rather than 1837—I think—so does this amendment cover Scotland?
It does not extend to Scotland. It is a provision pertaining to England and Wales. I am obliged to the noble Lord for giving me time to find my place in my notes. It is greatly appreciated.
As I said, the proposals in Chapter 2 of Part 5 will ensure that citizens are able to access future government digital services efficiently and securely, while removing the current reliance on paper certificates. I will address the two amendments first before addressing the clause stand part aspect of this debate.
Amendment 113 would add a requirement for a civil registration official to be satisfied that the information is required by a recipient to fulfil one or more of their functions before disclosing data and also seeks to add a requirement that an individual must have given valid consent under data protection legislation prior to any disclosure of their personal data. With respect, this amendment is unnecessary because disclosure of personal data under these clauses will already be subject to the provisions of the Data Protection Act. To require explicit consent in all cases would exceed the requirements of the Data Protection Act and the purpose of this clause. Disclosure will take place without consent only if to do so would be consistent with the Data Protection Act, which governs fair disclosure. Examples of how the powers would be exercised in practice include allowing registration officials to disclose information within and across local authority boundaries in order to safeguard children. Being able to share information will ensure that children are known to the local authorities in which they reside and action can be taken to address any needs of the child or the parent. That is what lies behind this matter.
Amendment 116 seeks to amend the Births and Deaths Registration Act 1953 to introduce an electronic register for the registration of births and deaths. However, the proposed amendment to Section 25 of the 1953 Act as currently drafted does not go far enough. The legislation which provides for the registration of births and deaths is based on legislation in place in 1836—or 1837—and very little has changed to the process of registering births and deaths since then. The Act would need more amendment in order to introduce an electronic register. Moving to an electronic register would remove the requirement for hard-copy registers and the electronic register of births and deaths would be the legal record instead of the paper registers. It is certainly an area of reform that the Government are keen to take forward. However, we need more time. I reassure noble Lords that the Government will look in more detail at what changes need to be made to the Act in order to bring in this change and we will consider legislating in due course. We recognise the benefits that the noble Lord, Lord Clement-Jones, suggested could be achieved once that entire process is completed. In light of those points, I hope that the noble Lord will agree not to press that amendment.
I turn to my noble friend Lady Byford and her opposition to the clause standing part of the Bill. Unless there is a specific statutory gateway, information from the records of births, marriages, civil partnerships and deaths may not be disclosed by registration officials other than in the form of a certified copy of an entry, such as a birth or death certificate, on payment of the statutory fee. As I have indicated, the system is outdated and based on paper processes from the 19th century. This clause introduces new data-sharing powers that allow registration officials to share data from birth, death, marriage and civil partnership records with public authorities for the purposes of fulfilling their functions. However, only the minimum amount of data will be provided to enable the public authority to fulfil the function.
My noble friend asked for examples of the benefits of sharing such registration data. Being able to share data about deaths with local authorities would assist in combating housing tenancy fraud. The National Fraud Authority estimates that housing tenancy fraud costs local authorities £845 million each year. An example of this is when someone continues to live in a property following the death of the tenant even when they have no right to do so. The sharing of birth data within the local authority would assist social services, for example, if they wanted to engage with one of the parents in the interests of a child. Sharing marriage data would help to target those living together if there were a fraudulent claim to be single for the purposes of claiming benefits. Sharing death data within local authorities would help them to recover medical equipment following the death of an individual.
There are many examples where such data sharing would be of assistance. It paves the way for citizens to access government services more conveniently, efficiently and securely, for example, by removing the current reliance on paper certificates to access services. This will provide more flexibility and will modernise how government services are delivered. An example is where registration officials will be able to share data on births that have occurred in one district, but where those concerned live in a neighbouring district with no hospital. This would allow local authorities more accurately to plan the provision of health care, school planning and other local services. Being able to share death data across boundaries will also help to prevent unwanted mail being sent to the family of a deceased person.
Registration officials will be able to share registration data only with the public authorities defined in new Section 19AB of the Registration Service Act 1953. Any data sharing will of course be carried out strictly in accordance with the requirements of the Data Protection Act. The sharing of registration data will be underpinned by a statutory code of practice as required by Section 19C. One of the requirements in the code will be that the Registrar-General must personally approve any request for the sharing of large amounts of data.
Before data are shared, the code of practice requires privacy impact assessments and data-sharing agreements to be drawn up and agreed with public authorities to include such things as how data are to be used, stored and retained. Data will be able to be used only for the purpose they have been provided and retained only for as long as necessary. Data-sharing agreements will forbid the creation of a database or the linking of registration data in any way. Any breach would be reported to the Information Commissioner, who has the power to impose penalties where it is appropriate to do so. I hope that that deals with the fears expressed about the bulk use of such registration data.
My Lords, I am not sure whether the Minister has dealt with the questions raised by my noble friend.
I apologise for omitting to respond to the questions asked by the noble Baroness, Lady Hamwee, by reference to the fact sheet. Rather than poring over the provisions of the Bill, I will undertake to write to her pointing out the cross-reference between the terms of the fact sheet and the relevant provisions in the Bill. I will place a copy of that letter in the Library.
My Lords, in an idle moment, a moment of complete frivolity, I looked up GOV.UK to check facts—I thought that would be a useful contribution to the debate. The date we have all been searching for is 1837: the General Register Office is part of Her Majesty’s Passport Office and contains records dating back to 1837. I thought that would be useful.
I beg to move Amendment 117A in my name. This stems from my period of service as chairman of a wonderful charity called StepChange, which deals with individual debt owed by ordinary people. In the time I was there—I resigned about two years ago—we had about 600,000 people a year contacting the telephone helpline or going online to try to seek solutions to their debt problems, so it is a very significant problem in British society and something we must take a great deal of care about. Most people who came to us were struggling with multiple debts; in other words, they owed money to a variety of different sources, ranging from local authorities, mobile phone companies, debt collection agencies, Revenue & Customs, payday lenders, utility companies and catalogue lenders—there is a very large number of them.
A median client would be aged about 45, female and owing about £20,000 to eight different creditors, so it is a significant problem that people get into. Within that, with a tremendous requirement now for debt advice, with lots of people struggling with debt, one worrying trend has been how bad central and local government have been in dealing with people, particularly those with multiple debts. A recent survey of about 1,000 StepChange clients found widespread aggressive enforcement from local authorities even when people were asking their authority for help. Clients were more than twice as likely to be threatened with court action or bailiffs than to be offered an affordable payment option. This is despite guidance being issued by central government about how debts should be treated.
Of course, what happens when people face strong demands, very often from central or local government, is that they tend to go to people who can lend them money quickly, probably from an existing credit line, almost certainly, until recently—but even today it is still happening—taking out a payday loan. They try to borrow more to try to pay back original debts and get themselves into a worse situation than they were before. The same survey asked clients to rate what their creditors had done to them and whether they treated them fairly or unfairly. I am afraid to say that public sector creditors came out very badly, occupying three of the top six places in the unfair treatment table. It is interesting to note that HMRC, for instance, scored no better than payday lenders, which the Government, through the FCA, have spent a lot of time trying to sort out over recent years.
That is the background of our concern. We welcome the provisions in the Bill to think again about how debts owed to the public sector are collected. In that light, these amendments are put forward for suggestion, they are probing amendments at this stage, and I hope that they will elicit a response, because it is not just StepChange, the debt charity, that has been concerned about this. Citizens Advice has also raised concern about public sector debt collection practices, finding that public sector creditors are,
“mostly out of step with financial services and utilities companies when it comes to setting affordable repayment rates, and that our clients can suffer detriment when public bodies have uncoordinated and inconsistent approaches to debt collections ... central government debt collection lags behind the higher standards expected of other creditors”.
This is focused on individuals who have problems with their debts, but of course there is a wider cost to society as a whole which, through relationship breakdown, homelessness and difficulties with maintaining concentration at work, et cetera, has been estimated at about £8 billion a year. The Bill contains clauses that relate to this and they seem to suggest that central government as a whole—but in this case HMRC—are thinking about how the data-sharing powers that are coming should be used to allow them to collect several debts at once, but also to do it in a slightly different way. I hope that is the case. We are back with our old friend, the code of practice, because what is said in the code of practice will determine whether this will work.
I have, then, four things I invite Ministers to respond to. First, Clause 45 is limited to departments that seek data-sharing powers and says only that they should “have regard to” the code of practice. This has, I think, been picked up in other amendments that we have considered today. It would be good if the code of practice were also embedded in a much stronger statutory provision, to give it real bite. We have seen examples of guidance—I mentioned one involving central government issuing guidance on council tax collection methods—but such guidance does not work, because it is non-binding and only advisory. If there is a code, it should be embedded in the statute and people affected by it should be able to refer back to it to make sure that it works properly.
Secondly, the public body itself must believe that this is the way in which it needs to operate. Within the amendments are a range of issues that central government bodies might pick up that would match the best practice in utilities, banks, credit cards and store cards—all of which have been through the cycle of trying to get money out of individuals who owe them and other people money, and have recognised that you have to deal with people with multiple debts in a completely different way from those who just owe money directly. That is gradually changing the way people operate. There is further to go, but it is a lesson that should be learned. I hope that the codes can be adapted to reflect that.
Thirdly—this may be too much of an ask, but it should be recognised—this Bill applies only to public bodies, and their creditors, when they are seeking to use the data-sharing powers. The problem is, of course, wider than the data-sharing powers. Problems with central and local government debt collections are widespread: practices need to be reformed and this is not likely to relate only to places where data sharing is used. The Government should think ahead about this and try to set out an understanding for all their agencies that poor debt-collection practices can harm the rate at which they get their money back and the time it takes, and it will also harm the financially vulnerable people. Taking account of that across all their practices would be a very good thing.
These amendments, therefore, try to raise those points, but there is one other thing that the Government should try to do, which is in the first amendment. It is to take a lesson from Scotland—I am sure that the noble and learned Lord from Scotland will wish to pick this up and think harder about it—where, when you have a private or a public debt and seek guidance from the state agency that operates that scheme, you are given statutory protection from excess charges and your interest rates are frozen, providing you stick to your debt repayment plan. That means that people get a breathing space, time to organise their finances, think about their budgets and work out what they are going to do, without the terrible pressure from those who are owed money to start repaying it. It is only when all those issues have been brought together, and an agreement reached between the creditors and the agency, that repayment begins. That has a very much higher rate of success than any other scheme. England lags way behind on this, and it would be no skin off the Treasury’s nose if it took a leaf out of the Scottish Government’s book and brought in their procedures—with a statutory breathing space that gave some hope to people who want to repay their debts but cannot do so because the practices are not as good.
My Lords, I acknowledge the point made by the noble Lord, Lord Stevenson, that this is a significant issue, and I understand that this is a probing amendment to allow us to consider some of the wider issues that he has touched on in the debate.
Amendment 117A seeks to include in the Bill an additional purpose: to enable debt information to be shared under the powers provided by Clause 41. It seeks to state explicitly that debt data can be disclosed,
“for the purpose of helping individuals to manage their debts”.
There is also a reference to the breathing space, and I will come back to that point in a moment in response to the questions posed by the noble Lord.
In the first instance, we would venture that the amendment is not necessary. The provisions as drafted enable information to be shared,
“for the purposes of the taking of action in connection with debt owed to”,
a public authority or the Crown. This includes but is not limited to, for example, identifying or collecting debt. The provision is sufficiently broad to enable sharing for the purpose set out in this amendment. That is the position of the Government. The Government are considering the recommendations that have been made following work to look into the merits of introducing a breathing space for customers, which we are aware is available in other jurisdictions. While the Government are considering these recommendations, it would be premature to incorporate a reference to this initiative in the Bill at this time. I hope the noble Lord will accept that the matter is being looked at.
My Lords, I rise briefly to support this amendment. There seems to be something quite perverse in obstructing the access of the Statistics Board to datasets that are in the hands of other public bodies. That is a very simplified account, but it is a curious place in which to have an obstacle. I hope that the Minister can consider this clause very seriously.
I am obliged to the noble Baronesses for their interest in this part of the Bill. As your Lordships will be aware, Clause 68 gives the UK Statistics Authority the powers to access important data needed to produce official statistics to support decision-making.
On Amendment 199, new Section 45B gives UKSA a right of access to information held by Crown bodies. A Crown body must respond in writing to a formal notice issued by the UK Statistics Authority and explain any refusal to give the authority information. If the Crown body’s explanation is inadequate or it fails to respond or comply, the UK Statistics Authority may lay the request and any response before the relevant legislature. A Crown body must therefore either comply with the notice or explain its refusal in writing. Where the Statistics Authority puts that correspondence before Parliament, then Parliament can judge the body’s actions openly and transparently. We consider that this is the right approach, creating effective, proportionate accountability and transparency.
Of course, my noble friend Lady Byford would argue that the amendment is a more effective means of requiring a Crown body to give the Statistics Authority the information. We cannot accept that it is either necessary or desirable. The Statistics Authority is part of the Crown, as are government departments. As my noble friend anticipated, it would be extremely novel, and possibly unprecedented, to legislate to compel one part of the Crown to obey another. Even the Health and Safety at Work etc. Act 1974 excludes the Crown from being subject to enforcement measures such as prosecution, instead providing long-standing structures to help departments to work with each other administratively. In this context, new Section 45B strikes the right balance. I hope that explanation reassures my noble friend.
My Lords I declare my interest as chair of the National Mental Capacity Forum, and in that role I have been working closely with the Office of the Public Guardian.
For some time the Public Guardian has wanted to move away from the wet signature requirement for the creation of lasting power of attorney for both health and welfare, and property and financial affairs decisions, as laid out in the Mental Capacity Act 2005. This amendment would allow that process to be purely electronic and carried out online, with the safeguards it outlines. A digital process should now be secure given the advances in technology since the original provision was made, and the amendment would simply allow the Secretary of State to make appropriate regulations rather than creating the process.
As the hour is late I am inclined to ask the Minister, if he has any reservations about this amendment and the powers it would give to the Secretary of State, to curtail the debate by meeting with me and the Public Guardian before Report. However, I am rather pre-empting the Minister’s decision. If he decides to accept my amendment, that would be just wonderful. I beg to move.
My Lords, in view of the hour, it occurs to me that it would be appropriate to give a lengthy and detailed analysis of powers of attorney, and, indeed, to take us back to the Powers of Attorney Act 1971 and the subsequent developments of the law. Nevertheless, and despite the enthusiasm from the Opposition Benches, I am perfectly happy to accept the kind invitation advanced by the noble Baroness, Lady Finlay, and to meet with her to explain the Government’s position on this matter. I would be obliged if she could at this stage withdraw the amendment.
My Lords, in light of the forthcoming meeting—which I am sure the Public Guardian will wish to join—I beg leave to withdraw the amendment.
(7 years, 9 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
My Lords, I am not a lawyer—I feel a bit uncomfortable joining this debate; I am sure there are issues it is much beyond my abilities to deal with. But I say to the Minister before he responds, the point made about the degree of concern in the industry is important. This is a big and complicated Bill with many different aspects. It reaches far into aspects of our digital world. This clause, however, is the one that has generated the largest number of responses and—to judge from the meetings I have had with people—the most anger.
In a sense, so what? If it is the right decision, it should go ahead. However, it is clear that there is a lot of support for the current situation, even though there are arguments against it. The point was made time and again that the existing arrangements seem to work well, so why are we changing them? The industry, as I said, is pretty well united against it. One or two are speaking up for it but they do not represent the majority of voices we have heard.
There is also a real danger that—particularly at a time of uncertainty over technological change and regulatory positioning—having a period when we deliberately create confusion and delay until the new guidelines, or baselines, are established, is probably not the best way of making progress. Uncertainty over a long period will affect investment, which is not what we want. So there are reasons for asking the Government to be very clear that this is the right way forward.
We all share the same wish: we want an efficient and trusted regulator that can deal with this complicated, fast-moving and complex area. But it would be quite improper to have a situation in which there was a very limited right of appeal on any case determined not to have been carried out correctly—not so much about the judicial aspects, but on the merits of the case; in other words, where the evidence does not support the decision that has been taken.
I do not understand quite what the difficulties are. I have looked back over comments made by the noble and learned Lord when he was Advocate-General for Scotland. He is on the record in a number of places and a quick search with an algorithm of some complexity, which I could not possibly describe, reveals him to have said several things about judicial oversight. As it has developed, he says, it has,
“provided us with a flexible standard of oversight, which in many senses is wide-ranging”.
However, judicial oversight is the issue and that is what we have to emphasise. He might like to reflect on that in relation to what has been said. There are other things—I will not quote them as I am sure he is embarrassed enough already, or perhaps not. But the issue needs bottoming out—there is a serious point at its heart. There are issues that will affect the whole nature of the business we are regulating in this manner which need to be resolved.
My Lords, I am obliged to the noble Lord, Lord Clement-Jones, for raising this matter because it has generated a great deal of heat and debate in the context of the Bill. I appreciate the point made by the noble Lord, Lord Stevenson, with respect to the number of responses there have been. I just emphasise that judicial review is a form of judicial oversight, and a very effective one, but I will elaborate on that in a moment.
We are aware that the major telecoms operators in particular, and their agents, have lobbied vigorously and in detail on this point. Indeed, the noble Lord, Lord Clement-Jones, brought out many of the points that have been made by their agents in the course of that vigorous and detailed lobbying. I shall not go into the detail of Ofcom’s position on this. It has expressed its position very clearly and we understand it. What I would say is that there is no single position for all utility sectors, and both judicial review and appeals on the merits may be used in the same sector for different kinds of appeals. It is not a black and white situation.
The Government’s case is not that this change is needed to ensure consistency with other utility sectors but that the public interest will be best served in the communications sector by an appeals regime that focuses on errors which Ofcom is alleged to have made, rather than asking the court to reach a different conclusion. Let us remember that Ofcom is a qualified regulator and its decisions are entitled to respect. They are informed decisions and they are not irrational. They are not determined on the toss of a coin. That is why judicial review is an appropriate approach.
The noble Lord, Lord Clement-Jones, also talked about consumers. I find that interesting. Perhaps I may refer briefly to the Which? response to Clause 75. It sees this measure as one of the most important currently contained in the Digital Economy Bill, saying that it will give the regulator the power and confidence to take the necessary actions to protect consumer interests without fear of costly and lengthy litigation procedures. Introducing a judicial review standard for appeals in telecoms will mean that decisions made by Ofcom in the interest of consumers should be easier to implement and quicker to take effect. That is a reflection of Ofcom’s own view of the matter. This is not necessarily about coming to the aid of Ofcom but about recognising these matters from the perspective of the consumer. That is extremely important.
Currently, appeals brought under Sections 192 to 196 of the Communications Act against Ofcom’s regulatory decisions are decided “on the merits” by the Competition Appeal Tribunal. That exceeds and, as the noble Lord, Lord Clement-Jones, acknowledged, effectively gold-plates Article 4 of the EU framework directive, which requires that the merits of the case are duly taken into account in any appeal. That is not quite the wording of the proposed amendment.
The result of this over-implementation is an unnecessarily intensive and burdensome standard of review that can result in very lengthy and costly appeals litigation, which in turn can hinder timely and effective regulation. Some of the appeals that have taken place have done so over extraordinarily lengthy periods. Of course, the very large communications operators are in a position to fund that sort of appeal process. Clause 75 will change the standard of review so that the Competition Appeal Tribunal will decide appeals against Ofcom’s decisions by applying the same principles as would be applied by a court on an application for judicial review and, in particular, judicial review of other administrative actions. This will focus appeals on the key questions of the legality and reasonableness of Ofcom’s decision-making.
The noble Lord, Lord Stevenson, suggested that there might be cases in which there was simply no merit in a decision. If that was so, and if Ofcom proceeded without reliance on the facts of a particular case, that would be amenable to review under a judicial review standard.
Judicial review itself varies according to whether or not there is a European element. If the review is about a case where free speech under the convention is concerned or an EU directive is concerned, then judicial review embraces the principle of proportionality. However, if it is not about a case where European law can be involved—either system of European law—under the deciding case law, judicial review does not apply the principle of proportionality. In other words, it still—in my view, wrongly—does not look at whether the means employed to pursue a legitimate aim are necessary to achieve that aim. Is not what I have just said an indication of the unsatisfactory nature of relying on judicial review as the solution?
With respect to the noble Lord, Lord Lester, I have to say no, because here we are dealing with judicial review in the context of the EU framework directive, which requires that the merits of the case are duly taken into account in any appeal, therefore effectively introducing the issue of proportionality into that process. Therefore, even if there are cases which some might criticise as involving too narrow an approach to judicial review, that does not apply here. This is an incidence in which the issues of proportionality will arise in the context of judicial review. By taking this route, we are applying an appropriate standard to Ofcom’s decision-making.
As has been acknowledged by noble Lords, this is a fast-moving sector, and regulation needs to be able to keep pace with technological and market changes. This is rather difficult when appeals can drag out for a year after a regulatory decision has been made. As the UK’s expert regulator in the telecommunications sector, it is right that Ofcom itself should be given an appropriate margin of appreciation by the tribunals. That is why we have an expert regulator there—so that it can make an informed decision that should be given an appropriate margin of appreciation by the Competition Appeals Tribunal.
A judicial review basis for appeals is intended to be a flexible process that will ensure that those affected by Ofcom’s regulatory decisions can still challenge those decisions effectively within the framework of Article 4 of the EU framework directive. A number of Ofcom’s regulatory decisions are already appealable only on a judicial review basis. I made the point earlier that, with regard to individual regulators, you can find instances in which there is a merits-based appeal for some matters and a judicial review standard in respect of others.
By changing the standard of review to reduce over-lengthy and costly litigation, this clause will enable consumers to benefit sooner from the outcome of decisions made by Ofcom in pursuit of its statutory duty to further the interests of consumers. I emphasise that: one of Ofcom’s statutory duties is to further the interests of consumers. The clause will also remove a significant potential barrier to the participation of smaller communications providers in the appeals process, benefiting smaller, “challenger” communications providers. Again, they are inhibited by the prospect of massive merits-based appeals going before the Competition Appeal Tribunal.
The noble Lord, Lord Clement-Jones, has tabled two alternative approaches. Amendment 215 would replace the existing “on the merits” standard with a requirement for the tribunal to take,
“due account of the merits of the case”.
I acknowledge that the amendment essentially replicates the wording of Article 4 of the EU framework directive, albeit it is not identical to it. While this would in one view remove the gold-plating of the existing standard in a technical sense, the Government consider that it would not lead to any substantive change in approach. That might be why this proposal is being pushed so hard by the major operators in the telecoms sector. It would not, therefore, result in quicker appeals, timelier implementation of regulatory decisions or resultant consumer benefits.
Amendment 216 would alternatively replace the existing “on the merits” standard of appeal with a list of specified grounds. The tribunal would be able to uphold an appeal only where it was satisfied that Ofcom’s decision was wrong on one or more of these grounds. However, as noble Lords may be aware, the previous Government consulted on a similar approach in 2013 and we do not consider that this approach has merit. On balance, we consider that such an approach would risk significant satellite litigation if it were to be introduced—about the nature of the new standard of appeal, for example, which could lead to longer appeals and further regulatory delay. A standard of review based on judicial review principles, including the principles of proportionality in the context of the application of the European directive, which is well understood and used in many other sectors, will minimise this kind of uncertainty. In these circumstances, I invite the noble Lord to withdraw his amendment.
(7 years, 9 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
My Lords, it is four years after the Leveson inquiry, and I certainly believe that Section 40 of the Crime and Courts Act 2013 should be implemented, and should be implemented now. I voted for it in your Lordships’ House last October and I certainly support the amendments today, which have much the same effect. I also support the fail-safe amendment moved by the noble Lord, Lord Stevenson, although I hope that it is not necessary and that Section 40 will be brought in.
Some incredibly misleading statements have been made about the impact of Section 40. Most of the newspapers, as we know, do not support its implementation and have featured some quite amazing one-sided editorials. To the best of my knowledge, none of them has permitted a right of reply. I am the former Member of Parliament for the wonderful city of Bath, which is included in my title, so I am sure that noble Lords will not be surprised that I take a particular interest and am an avid online reader of the Bath Chronicle. Three weeks ago it published one of these anti-Section 40 diatribes. I wrote a rebuttal and asked the Bath Chronicle to publish it. I have not even had an acknowledgement so far—so much for a free press.
Perhaps to explain why I support these amendments, and to ensure it is published—albeit in Hansard rather than in the Bath Chronicle—I will read what I wrote, because it sums up exactly where I stand:
“I am a strong supporter of local newspapers and the Bath Chronicle in particular. But I was surprised by your recent editorial suggesting that measures being considered by parliament will mean that ‘Any investigation in the public interest could be silenced by anyone with a vested interest’. This is a complete misreading of the proposals made by Lord Justice Leveson after the Public Inquiry which followed the appalling phone hacking scandal.
Few could deny that in the past the press had a shocking track record of setting up its own toothless regulators which failed to protect the public. Leveson has proposed that the press should now establish a truly independent regulator whose independence is checked and then ‘recognised’ by a body which is itself impartial and independent from government or the press.
This is what the public want as shown by a YouGov poll just last week. When asked ‘Do you think it is important that any newspaper self-regulator undergoes an audit to ensure it is effective and that it is genuinely independent of both politicians and the press?’ nearly three-quarters (72%) said yes and just 6% said no.
The ‘regulator’ under which the Bath Chronicle operates—called IPSO—doesn’t meet this test. It is not only funded but controlled by the newspapers it regulates.
Were the Chronicle to join a ‘recognised’ regulator, or were IPSO to demonstrate through getting recognised that it met proper standards of independence and effectiveness, the funding issues you describe would not happen. Moreover, the public would be protected and you”—
that is, the Chronicle—
“would receive protection from wealthy and powerful local figures if they tried to bully you into withholding stories about them by threatening you with unaffordable court costs”.
My article ended:
“I hope Parliament will agree to support the public and back Leveson’s proposals”.
I certainly hope the Government will accept the amendments before us today.
My Lords, I am obliged to the noble Lord, Lord Stevenson, for expressing this amendment and also to the observations of the noble Lord, Lord Foster of Bath. I would say, with respect to his most recent comments, that the test of a free press is not whether or not they publish a letter. Indeed, the fact that they do not publish your letter is itself an expression of freedom.
Amendment 229ZC would require the Government to report to Parliament about the arrangements that would need to be made should Ofcom assume the responsibilities of an independent regulator of digital publications. I acknowledge the care with which the noble Lord, Lord Stevenson, has drafted this amendment. He was quite candid in saying that his real concern is the regulation of the press, but he was equally candid in indicating that, in order to come within scope for the purposes of this Bill, he was not really concerned with all publications by the press but only digital publications.
I see in his amendment an expression of concern—and, indeed, of frustration—over the lack of progress being made towards a viable avenue for press regulation. I am sure that in a sense that, in part, has prompted this amendment. However, he said himself that it might be slightly premature. With respect, I would concur with that observation. It is perhaps too soon—and people will say in response, “Four years after Leveson, is anything too soon?”—but we have to remember that the press landscape has altered quite dramatically over the last four or five years. That is reflected in the fact that certain matters have gone out for consultation—particularly with regard to Section 40, which is going to be raised in a later amendment—albeit that the consultation process has been somewhat stymied by an application for judicial review.
I move on to the core of the present amendment, which is the idea that we should move towards—and this was a backstop of Lord Leveson’s report—Ofcom as a regulator. The idea that Ofcom should regulate digital publications—albeit with “digital publications” not being a defined term, and I make nothing of that—has behind it the real push that Ofcom should become the regulator for the press. As I understand it, that is essentially what lies behind the amendment.
Let us remember that Ofcom already has huge responsibilities as a regulator, many of which we have debated over the last week. Among other things, it has to ensure that we have fast broadband connections, competition decisions, such as the current consideration of the future of Openreach, which has been referred to, and spectrum management, including forthcoming auctions. We have also discussed today its new role in respect of the BBC and its function in managing listed events, and we have heard from my noble friend Lord Borwick in respect of Ofcom’s regulatory functions and in respect of subtitles and the accessibility of on-demand services. There is plenty more, over and above that, that Ofcom does, and that is without even going into the question of postal regulatory functions.
We have the greatest respect for Ofcom as a regulator, but the question arises about how much more we can put on its plate. This amendment seeks to pile on more. For the first time, it would be setting a regulatory requirement on Ofcom, in statute, in relation to internet content, which is not TV-like, if I may use that rather crude term. As my noble friend Lady Buscombe has already made clear, moving to a situation in which Ofcom is a regulator of a broad range of online content would be an enormous undertaking for Ofcom, or indeed for any other regulatory body.
My Lords, again, given the lateness of the hour, I simply say that our views are well known, that we have supported the implementation of Section 40 in a number of previous debates in this Chamber, and on that basis we support the amendment.
My Lords, I am obliged to the noble Baroness, Lady Hollins. I will address Amendments 233F and 234A together. The amendments, of course, mirror Section 40 of the Crime and Courts Act 2013 but would apply to digitally published news-related material only, as we know. The House has debated the issue of Section 40 on various recent occasions, including during passage of the Investigatory Powers Act and the Policing and Crime Act. There was also a stand-alone debate just before the Christmas Recess.
There is obviously a great strength of feeling about this matter. I realise that some Members of this House are frustrated by what they see as a lack of progress by government on Section 40. However, the Committee should also recall the strength of feeling on the other side of the debate. Many noble Lords have argued passionately in this House against Section 40 and are concerned about its commencement and its impact upon freedom of the press. That is why the Government ran a consultation to consider the matter further.
The press self-regulatory landscape has changed significantly in the past four years since the Leveson inquiry reported. It is right that the Government take stock, look at the changes which have already taken place and seek the views of all interested parties on the most effective way to ensure that the inexcusable practices which led to the Leveson inquiry being established can never happen again.
A consultation was the most appropriate way to ensure that the Government were listening to all views when considering options for the next step in respect of Section 40. Indeed, the consultation closed on 10 January, and it is estimated that we have received more than 140,000 responses. I know that many Members of this House responded to the consultation, and of course we are grateful that they took the time to do that, but many others have responded as well. It will be necessary to consider the many and diverse views that have been expressed with regard to this matter.
As many Members of the Committee will know, and as the noble Lord, Lord Prescott, mentioned, the consultation is now subject to a legal challenge. While I cannot comment on the ongoing legal proceedings, the Government have committed not to take any final decisions on the matters to which the consultation relates until the judicial review application has been determined. As such, it is not possible for me to set out a timetable for when the Government will respond to the consultation. But of course we hope that that judicial review application will be determined much sooner than later.
That brings me on to the amendments from the noble Baroness, Lady Hollins. The issues that she has raised are of critical importance. I appreciate that she and her family were themselves the subject of press abuse, as were other Members of this House. I also recognise the strength of feeling that parties have on the commencement of Section 40. However, with respect, now is not the right time for this House to consider the present amendment.
News consumption is becoming increasingly global and more and more people are reading their news online from a multitude of sources from around the world. Bringing in a law that effectively mirrors Section 40 but for relevant digital publications only would create an incoherent regime applying different rules depending on the mechanism by which an article has been published.
Noble Lords who have supported these amendments have raised the profile of this issue and given a clear signal of their intent—and of their continuing intent. This has not gone unnoticed in government. But we must ensure that we consider this matter properly. As I said before, a free press is an essential component of a fully functioning democracy and we must ensure that we protect that. I note what the noble Lord, Lord Prescott, said about the position in Ireland. I am not in a position to express a view as to the manner in which that operates but I am perfectly content to indicate that we will look at that going forward as well. I hope that that will satisfy the noble Lord. At this stage, however, I urge the noble Baroness, Lady Hollins, to withdraw her amendment.
My Lords, I thank the Minister for his reply. My hope is for a free and responsible press. However, what is most disappointing for the public is that over the last four years of inertia and of the press’s failure to establish a proper regulator, countless more individuals have been affected by press abuse and have no access to redress. They include victims from the Paris Bataclan attack, the Shoreham air disaster, and many more. This issue is still live and is still troubling. All these individuals have been let down by the Government’s decision to renege on their promises and to prevent access to justice for ordinary victims of press abuse. I am disappointed by the Minister’s response and I intend to return to this on Report. I beg leave to withdraw my amendment.
(7 years, 8 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
(7 years, 7 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
(7 years, 7 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record
My Lords, I am obliged to the noble Baroness, Lady Hamwee. Amendment 25YX and the related Amendments 28CB, 28CG, 28DV and 28FD seek to impose an express requirement that the public service delivery power may be used to share information only to the extent that it is necessary and proportionate to do so. That covers the changes to debt fraud research and similar civil registration provisions in the Bill. With respect, the amendments are unnecessary as the powers will need to be exercised in line with the Data Protection Act and the codes of practice, which already require that only the minimum data necessary to fulfil the particular objective may be shared. It is therefore unnecessary to amend in accordance with this proposal.
The effect of Amendment 25YYD would be that the list of specified persons permitted to use the public service delivery power could be amended only to add or remove bodies. The removal of the word “modify” would affect the way that minor amendments could be made. I do not believe that the noble Baroness, Lady Hamwee, expressly referred to this amendment, but as it is listed in this group as her amendment I just mention the point because clearly it is necessary that there should be a degree of flexibility in how that provision operates.
I apologise; I thought that was in another group, though I received a note later. I would like to understand how extensive a modification might be.
I am obliged to the noble Baroness. I am happy to explain within this group, where I understand the amendment remains. The removal of the word “modify” would affect the way in which minor amendments could be made. For example, where a body changes its name or the description of the category of a body needs to be adjusted, you would then want to modify rather than delete and start again.
Amendment 26A seeks to remove reference to,
“the contribution made by individuals or households to society”,
from the public service delivery chapter. Again, I venture that the amendment is unnecessary because subsection (10) gives examples of “well-being” but does not provide an exhaustive list. Therefore we have three categories by way of example—but only by way of example. In response to the specific observation made by the noble Baroness, Lady Hamwee, I respectfully suggest that there is nothing paternalistic or judgmental about any of the examples given in the Bill. Indeed, where a party makes a contribution to society, that benefits the contributor as well as society, which is why it is appropriate that it should be given as an example in this context.
Amendment 28AU would provide a new definition of “personal information” for the purposes of the public service delivery power. This point was raised in Committee as well. The amendment expressly incorporates the definition of “personal data” under the Data Protection Act 1998 into the definition of personal information for the purposes of these powers, as well as making clear that the Bill’s extended definition also includes deceased individuals and companies. We consider that the existing provisions set out the same position, albeit in slightly different words. I note that reference was made to the issue in Committee, and to the provision of codes of practice in that context.
The intention of Amendment 28AY seems to be to provide greater transparency by ensuring that individuals would know when information about them has been shared. Existing provisions in the Bill already require those using the powers to comply with Data Protection Act requirements as to the information that people are given about the usage of their personal data. This, supplemented by the requirements imposed by applicable codes of practice, ensures that the use of these powers will be as transparent as it can be.
Amendments 28AR and related amendments seek to narrow the exceptions to the general rule in Clause 36(1) that personal information received under the public service delivery powers may be used only for the purpose for which it was shared, to the effect that such information may not be shared for the purpose of preventing anti-social behaviour, and to restrict the exception permitting disclosure for the purpose of preventing or detecting crime to “serious” crime, as indicated by the noble Baroness. These amendments would also bring in an offence of disclosing personal information for the purposes of anti-social behaviour. The prevention of anti-social behaviour and the prevention or detection of crime are matters of significant public interest. If information sharing indicates potential criminal activity, public authorities should be able to take action. Similarly, if information received under the powers indicates that anti-social behaviour is occurring or is likely, we consider that this information should be disclosable to maintain public order. Anti-social behaviour may itself be seriously harmful to those who become its victims.
Amendment 28BM seeks to remove the power given by Clause 40(4), which allows regulations to make disclosures by newly specified persons subject to the same conditions that apply to disclosures of information provided by HMRC. That power would be used to require the consent of the original provider to any subsequent disclosures of particularly sensitive information, as is the case for information provided by HMRC under Clause 38. The amendment is undesirable, as it would remove flexibility to give enhanced protection to information from certain sources. I do not believe the noble Baroness read the provision in that form, but it is there so that enhanced protection may be given in a particular circumstance.
Amendment 28CF would impose a duty on the Secretary of State to review the civil registration power after three years, akin to the powers already provided in the debt and fraud powers. This duty was included in the debt and fraud powers to assess whether the powers deliver demonstrable benefit via an initial piloting process. The information gathered in the course of the pilot process will provide evidence for the review. It is our view that a similar duty to review the civil registration power would not be appropriate. First, civil registration information is already a matter of public record. Secondly, the powers are simply looking to update outmoded legislation to simplify and provide the flexibility to share civil registration data within the public sector to avoid the need to enact specific powers whenever a new need arises. The power has been developed to support a range of public authorities at national and local government level to transform the services that they can provide to citizens.
Finally, Amendment 39 is intended to ensure that Part 5 could not be brought into force until after the GDPR comes into effect, which would be in May 2018. This would prevent the use of the powers until that date, which would be unhelpful given that a number of bodies are keen to use the powers to achieve particular objectives, such as extending the warm home discount scheme. As we have said before, we consider that the present provisions are compatible with the GDPR—compliant, therefore, in that context—and we are committed to revisiting the codes of practice before May 2018 to ensure that they reflect the latest best practice of compliance with the GDPR.
In those circumstances, I invite the noble Baroness to withdraw her amendment.
My Lords, I thank the Minister, but all that will bear some reading. We felt it important to extend some of the comments that we made in Committee to get a more extended response. Noble Lords will be pleased to know that I shall not respond to all those points. On the Minister’s first point about “necessary or proportionate”, I do not know whether he means that I misread the ICO’s comments, that the Government disagree with the ICO, or whether some of the changes to the Bill since its initial form have dealt with them. Perhaps I should just leave that hanging.
The fact that the “contribution to society” is an example does not answer our concerns. I remain anxious about it, as I do about “anti-social behaviour”, which the Minister described as being a matter of significant public interest. I do not dispute that, but data sharing is a matter of significant public interest—I suggest, possibly greater. We are told that anti-social behaviour may be seriously harmful, but it is not criminal in this context, because we have other provisions to deal with crime.
I was indeed confused about the application of the HMRC powers to other bodies, and I remain confused about whether that extension is appropriate.
Finally, of course civil registration information is a matter of public record, but the updating takes us into a very different regime. The ability to share information in bulk is very different from that to look up individual pieces of information. Can the Minister tell the House today whether the consultation to which he referred extended beyond the sharing organisations to the sort of bodies concerned with privacy? He may not know, and I may be quite out of order in asking this on Report. I do not think he is going to leap to his feet—pause—no, he is not. I do not hold that against him. It is probably not in his brief. If there was not such consultation, that answers my point.
However, clearly, I should beg leave to withdraw the amendment.
My Lords, the Delegated Powers and Regulatory Reform Committee made a number of recommendations on Part 5 of the Bill. The Government developed the information-sharing powers through consultation and partnership over a process that started over three years ago. These measures are about improving the way the Government operate for the public benefit. Of course, data sharing must be done with transparency, safeguards and oversight. It is in that spirit that we have accepted the bulk of the committee’s recommendations. The way in which Part 5 is structured in seven chapters to deal with different data-sharing powers has meant that it has taken nearly 100 amendments to implement the recommendations, so I will spare the House from referring to every one in turn. I believe that my noble friend Lord Ashton has written previously setting out all that detail.
Our amendments place the lists of specified persons able to disclose and use information under the public service delivery, debt and fraud powers on the face of the Bill rather than in regulations. We then also narrow the powers to amend the lists. For public service delivery, specified persons will be permitted to share information only for the purposes of an objective which has been expressly specified as applicable to that person, rather than any specified objective. We have also narrowed the ability to set and amend data-sharing objectives for public service delivery, so that any specified objective must support the delivery of a specified public authority’s functions.
For water and fuel poverty, we have restricted the powers to amend the list of support measures and to add to the list of permitted recipients of information under the clause, as the DPRRC recommended. Finally, we have adopted the committee’s recommendations to remove Henry VIII powers to make consequential amendments to primary legislation, as well as to narrow the powers to review and amend the fraud and debt powers. We have ensured that any amendments can be only to improve the operation of the fraud and debt powers and there will be no way to use these powers to undo the safeguards that the Bill provides.
In addition to the DPRRC’s recommendations, the Government have tabled amendments on the following matters. Amendments 28FE and 28FF remove repetition in Clause 60(5) relating to the criminal offences which protect personal information originating from HMRC, Revenue Scotland and the Welsh Revenue Authority. By removing this repetition, the amendments avoid any confusion which might otherwise be caused.
Amendments 28FG to 28FN correct an unintended consequence of measures that were agreed during Lords Committee stage to prevent disclosures by journalists in the public interest being caught by the anti-disclosure offences in Chapter 5. The unintended effect is that the criminal offence which protects personal information disclosed under Clause 60(1), and which originates from one of the tax authorities, now applies only to disclosures made by the person who first receives the information but not those within the accreditation system who subsequently receive the information—for example, to undertake peer review or via intermediaries. These amendments therefore restore a key safeguard to the research power, which ensures that information is protected in all parts of the process.
Amendments 28FW, 28FX, 37 and 38 provide new data-sharing powers for Scottish Revenue and the Welsh Revenue Authority. Clause 70 provides the power for HMRC to share de-identified data, allowing HMRC to share aggregate and general information more widely, for purposes in the public interest. Following discussions with the Welsh Government and the Scottish Government, as requested by them, we are providing equivalent powers for devolved tax-raising bodies.
Amendment 28FY, tabled by my noble friend Lord Hunt, is supported by the Government. There is a recognised sound public policy argument for supporting the more effective operation of the Employers’ Liability Tracing Office, referred to as ELTO. The discussions at Lords Committee sparked further conversations between HMRC and ELTO officials, resulting in an agreement to take this amendment forward. This Bill has offered a timely opportunity therefore to legislate. The current clause meets the objective of helping ELTO improve its records of employers’ liability insurance policies, making it easier to identify insurers and so enable claimants to pursue compensation. Both parties recognise that there remains some work to do and it is currently unclear as to how effective HMRC data may be in helping to populate missing data. However, an enabling provision would allow more robust testing of the possibilities, with the opportunity to take these forward.
Amendments 40 and 41 enable commencement of measures by area so that the Government can ensure that measures are not commenced for Northern Ireland in the event that the Northern Ireland Assembly has not given legislative consent. Consent from the Northern Ireland Assembly is required on a number of measures, including the extension of public lending right to e-book loans, Part 5 of the Bill on digital government, the Northern Ireland provision in relation to Ofcom and, should the government amendment be agreed, the offence of breaching limits on ticket sales.
In consequence of the potential need to commence the Bill by area, these amendments also provide the power to make necessary transitional provision. The transitional powers will also be used to define small businesses in the statistics chapter of Part 5 until definitions in the Small Business, Enterprise and Employment Act 2015 come into force. I beg to move.
I declare my interest as a partner in the global law firm DAC Beachcroft, and other interests set out in the register, including chairing the British Insurance Brokers’ Association and being president of the All-Party Parliamentary Group on Occupational Safety and Health. Taken at face value, Amendment 28FY would appear somewhat technical, but the Employers’ Liability Tracing Office is working well, but it could work better, and this amendment would help to facilitate that.
I am so grateful to the Minister and his colleagues for the support that they have given to this amendment, which could make a substantial difference to the capacity of the office to help to secure compensation, expeditiously and effectively, for those afflicted by industrial illnesses. When someone faces a reduced quality of life and possibly an avoidably and unnecessarily early death because of an industrial illness innocently contracted, the least that we can do is to deliver compensation as quickly as possible in the hope that the individual with the illness can enjoy at least some benefit from it. I believe that in some small way the amendment will serve to make this a more civilised and compassionate country.
My Lords, we have two amendments in this group. The Minister was just a little previous in answering Amendment 25YYD on modification, so we do not need to go back to that. Amendment 33ZYD would remove several organisations from the list of specified persons for the purposes of fraud provisions, and the amendment is here to enable us to ask whether all these require the data-sharing gateway or, conversely, whether there are many other government-related organisations; I am not quite sure what the correct term might be for organisations such as the National Lottery or the British Council, but I shall use the term government-related organisations tonight. Are there not others that might use the power? What were the criteria used to select the ones that are in the schedule?
I am obliged to my noble friend Lord Hunt and note what he said with regard to the amendment. On the amendment proposed by the noble Baroness, Lady Hamwee, Amendment 33ZYD, which seeks to remove a number of non-departmental public bodies listed in the schedule for the fraud power, I accept that the list in the schedule is long but the fact is that many public authorities are at serious risk of fraud. Each of the bodies was considered individually before being added to the schedule, and the NDPBs have been included because they each administer many millions of pounds in grant expenditure each year, which exposes them to a significant risk of fraud.
Were any organisations considered and discarded for that purpose?
I am not in a position to say what number of bodies were considered and discarded, but I will undertake to write to the noble Baroness on that point. All the public bodies included in the schedule must, of course, comply with the data-sharing safeguards in the Bill. Clearly, public authorities may not enter into data sharing lightly. They will have to follow the codes of practice, comply with the Information Commissioner’s requirements on data sharing and privacy and have in place all necessary protections to prevent unlawful disclosure.
The list of public bodies in the government amendments is shorter than the lists we have previously published in draft regulations although, as I indicated to the noble Baroness a moment ago, I do not know how many bodies were considered and removed before the process of listing them in the draft regulations took place. Care has been given to ensuring that we share only where there is a clear benefit, as required by the legislation. I hope that, with that explanation, the noble Baroness will withdraw her amendment.
My Lords, I will take this opportunity to briefly comment on this group of amendments. These Benches did submit a series of amendments in Committee. The Minister responded that the Government were giving due consideration to the Delegated Powers Committee report, so there was no opportunity to go through some of those issues in detail. We welcome the Government’s amendments and the fact that they have responded to the Delegated Powers Committee. I have read the Information Commissioner’s briefing for Report, and I welcome the fact that she strongly supports the Government’s adoption of these amendments, which she believes will strengthen parliamentary scrutiny and government accountability.
The next group of amendments deals with the code of practice, on which we had lengthy debates in Committee, but I believe that the Government are now striking the right proportional balance between improving public and government services and the need to protect data.
My Lords, in Committee I had my name to an amendment regarding the status of the codes of practice. At that time, the noble and learned Lord referred to the appropriate level of legal obligation. He certainly persuaded me that the wording “having regard to” or “complying with” did not relate to whether a public authority could ignore a code, but whether there were reasons for doing so. I was persuaded about that level of flexibility.
Of course, we were really concerned about what the codes of practice would ultimately look like, what the engagement of the Information Commissioner would be and what the Information Commissioner’s view was. On these Benches we were pleased to see not only the Government’s amendments but the Information Commissioner saying that she was extremely pleased that the Government had accepted her recommendations on there being references in the Bill to codes of practice and the privacy impact assessments.
In the light of the Information Commissioner’s overall comments and the fact that the Government have responded, we certainly welcome these amendments. However, I give notice that—the noble Baroness, Lady Hamwee, referred to this—what is in the codes and how public authorities operate them will be very important, and parliamentary scrutiny of and engagement in them will be critical in the future. I hope that we will see further drafts of the codes before they are ultimately laid before Parliament. It is really important not only that there is the highest level of consultation on them but that Members of Parliament are properly engaged in them.
I thank noble Lords for their observations on these matters. There are of course government amendments in this group as well and perhaps I may begin with those.
This group of amendments concerns the codes of practice issued under Part 5 and those issued by the Information Commissioner’s Office. It includes the government amendments that implement the recommendations of the Delegated Powers and Regulatory Reform Committee and, as the noble Lord, Lord Collins, observed, the recommendations of the Information Commissioner’s Office. In addition, there are some opposition amendments on similar points.
We have already published draft codes of practice on data sharing. The Delegated Powers and Regulatory Reform Committee recommended that the first codes of practice and the UK Statistics Authority’s statement of principles should be laid before Parliament in draft and should not be brought into force until they had been approved under the affirmative procedure. Revisions were to follow the draft negative procedure. We agree and have tabled amendments to achieve this, and it is intended that Parliament should have a suitable opportunity to consider these drafts and any amendments thereto in due course.
A further series of government amendments will require persons disclosing personal information under relevant chapters of Part 5 to have regard to the Information Commissioner’s codes of practice on privacy impact assessments and privacy notices, transparency and control in so far as they apply to information which is being shared. As the noble Lord, Lord Collins, observed, the Information Commissioner called for explicit reference to these two codes to be made on the face of the Bill. We have worked with her office to develop these amendments, which supplement the existing requirement that the codes of practice prepared under the Bill must be consistent with the commissioner’s own code on data sharing, and I understand that she is satisfied with the steps we have taken in that regard. I hope that this will provide further assurance to noble Lords that we are committed to ensuring that best practice concerning compliance with data protection and transparency will be applied to the exercise of powers under Part 5 of the Bill.
I now turn to the opposition amendments in the names of the noble Baroness, Lady Hamwee, and the noble Lord, Lord Clement-Jones. I hope I can persuade them that their amendments are no longer necessary, as the government amendments fully address the concerns of both the Information Commissioner’s Office and the DPRRC.
As the noble Baroness has explained, the amendments in their names seek to ensure further consistency with the ICO’s codes and to strengthen the role of those codes in the regime set up by Part 5, as well as providing for greater parliamentary oversight of the Government’s codes, and I believe that we are now there. The Bill already requires that codes of practice issued under Part 5 of the Bill must be consistent with the ICO’s data-sharing code of practice. The government amendments further require persons to have regard to the ICO’s codes on privacy impact assessments and privacy notices, transparency and control when exercising relevant powers under Part 5. So we are now referencing all the codes which the ICO felt were critical for the operation of Part 5.
Of course, this is not the first time we have discussed amendments that seek to strengthen enforcement of the codes of practice by requiring authorities that use the powers of determined specified bodies to “comply with” rather than “have regard to” these codes. The Government’s position remains that “have regard to” is the right weight to give to codes of this type. That is itself a legal obligation, as the noble Lord, Lord Collins, noted. Moreover, the public law will expect those who are subject to the codes to follow their stipulations unless there are cogent reasons why they should not. We note that the Information Commissioner’s own codes are themselves advisory. A requirement to “comply with” the codes could lead to their being applied in a tick-box fashion, without due regard to whether the recommendations are actually applicable to and desirable in the context of the specific data share.
On the issue of adding additional persons to the consultation obligations for the codes, since Ministers have committed before Parliament to consult publicly on the Part 5 codes of practice, we suggest that such a requirement is unnecessary. The present provisions reflect what the noble Baroness noted to be the normal position.
Finally, on parliamentary oversight, the Government’s amendments fully implement the DPRRC’s recommendations, including, exceptionally, the use of the affirmative procedure for the first codes and the draft negative procedure thereafter. They go further than the noble Baroness’s amendment, and I hope that that will be welcomed by all noble Lords. I therefore invite the noble Baroness not to press her amendments.
My Lords, I thank the Minister for that response. I had forgotten to say that I was glad to see the government amendments about the affirmative procedure—it was because of looking at those that we got those two stray amendments that were tabled in error.
The noble Lord, Lord Collins, is absolutely right about the codes of practice. I simply say, before begging leave to withdraw, that it will not be possible for amendments to be made once the codes are put formally to Parliament. That is why wide consultation and—I do not like the term—an iterative process is very important on what will be significant documents. I beg leave to withdraw my amendment.
My Lords, I hesitate before intervening in this group of amendments because, the last time I intervened, my noble friend said that I must be slightly confused, as I was talking about electoral rolls, bread rolls and toilet rolls. We are, of course, conflating a number of issues in this group, but I think that there is a really good point. My noble friend has raised an important area where the public good can be served not by sharing confidential information but by ensuring the availability of information that will serve a specific purpose in relation to fuel poverty. We on these Benches are very sympathetic on that point. In Committee we tabled amendments on the common-law duty of confidentiality, and the noble and learned Lord responded to those amendments. The only point I would make now is that it is vital that medical records remain confidential. They contain information that can affect not only people’s health but their access to jobs and to insurance. Access to a whole range of things is at risk if it is felt that this information will not remain confidential. Of course, the consequence of that is another public health issue, because if people do not have confidence that their records will remain confidential, they will not go to their doctor, they will not tell their doctor and they will not seek the treatment that they perhaps should. So there is a very strong case here.
One other point—it is not related to this group of amendments so I ask for forgiveness—is that there is a balance between maintaining confidentiality and security. Many of the problems in the health service, and why people lack confidence in it, are not about policies and procedures but about the health service’s ability to maintain a secure IT system. I hope the noble and learned Lord will be able to address those issues. The assurances that my noble friend has sought about future ability are really important. The ability to communicate—not the details of people’s confidential records but one government department to another and one public agency to another, to serve a very clear public need—is vital.
I am obliged to noble Lords, and in particular I thank the noble Lord, Lord Whitty, for his continued interest in this area and for taking the time to meet and discuss this matter at some length with me and the Bill team. Clearly, as the noble Lord, Lord Collins, observed, this is an important part of the fuel poverty agenda. That is why it takes on such considerable importance even when faced with issues such as medical confidentiality.
On the point about common-law confidentiality, and medical confidentiality in particular, it is not an absolute; there are already statutory gateways through which information can and must flow on occasions, and therefore one must not take it that medical confidentiality is somehow completely ring-fenced and separate from the world that we actually live in. There are circumstances where there should be, has to be and is disclosure. It may be possible—I put it no higher in terms of this Bill—to address a further gateway. However, one should not confuse any mechanism within the Bill with the consequences of human or IT failure, however regrettable they may be. I agree with the noble Lord, Lord Collins, that one has to have regard not only to the structure within which information is shared but to the need to ensure that the sharing process is itself secure. But they are separate issues.
The noble Lord, Lord Whitty, acknowledges that some parts of his amendment may not be necessary. Amendments 27 and 28 would provide that information can be shared with licensed electricity and gas distributors for the provision of fuel poverty assistance. They can already be added to the data-sharing arrangements in Clause 32 by regulations. The Government will consider whether to exercise this power in the context of considering the future role of electricity and gas distributors in delivering fuel poverty schemes. I reassure the noble Lord that the provision made by Amendment 26 is already covered by Clause 31, which provides powers to share information for,
“the improvement of the well-being of individuals or households”.
Of course, this includes,
“their physical and mental health and emotional well-being”.
While we do not consider the noble Lord’s amendment necessary in this instance, the objectives that he highlights are an example of how in appropriate circumstances information held by healthcare providers could, in future, be valuable to support the more effective delivery of public services to those in need. It underlines why the Government are unable to accept Amendments 28AV, 28AW and 28AX, tabled by the noble Baronesses, Lady Finlay and Lady Hamwee.
The Government do recognise the particular sensitivities with identifiable health information, as highlighted in the National Data Guardian for Health and Social Care’s recent review of data security, consent and opt-outs. Health bodies in England are therefore not included in the list of bodies now in the Bill that will be permitted to use these powers. However, as the noble Lord, Lord Whitty, noted, health issues are a key factor in the complex social problems faced by people, whom we are aiming to support with these powers. Excluding the use of identifiable health information altogether would remove the possibility of including such information in the future without amending legislation. It would be premature to take this step in advance of the implementation of the National Data Guardian’s review and the public consultation that that will engage.
An amendment to maintain the common-law duty of medical confidentiality is not considered necessary. Those powers enable information to be shared only where it is already held by specified persons, acquired in a different context from the patient-doctor relationship. Any information that would have been subject to medical confidentiality would have found its way into a specified person’s hands only through an existing gateway. As I indicated earlier, there are already statutory gateways through which such information can move. Of course, we are dealing with permissive powers.
At this late hour, I will attempt the impossible: to satisfy the interests of all parties in the context of these provisions. Beginning with the inquiry from the noble Lord, Lord Whitty, health bodies are not presently included in the schedules. As drafted, it would be possible for health bodies to be added to the schedules at a future date but—and I emphasise this—no decision will be taken until, first, the Government publish their response to the Caldicott review and any recommendations have been embedded and assessed; secondly, there has been a public consultation on the issue and the views of the National Data Guardian and appropriate representative health bodies such as the GMC and BMA have been sought; and, thirdly, there has been a debate in both Houses pursuant to the affirmative procedure required to add bodies to the schedule. I hope that that reassures the noble Lord, Lord Whitty, that it can be done, although it has yet to be done, and that there are steps that we will take to reassure the noble Baronesses, Lady Finlay and Lady Hamwee, before any such step is implemented.
If health bodies or information were to be expressly excluded in the Bill, it would require primary legislation to enable those bodies to share information under the powers. If and when we decide that it would be helpful to have those powers—in implementing the fuel poverty initiative, for example—it would be most unfortunate if we were delayed by literally years before we could actually achieve the objective, when in fact there is provision here to do it by way of the affirmative procedure so that both Houses have ample opportunity for debate.
If we take those steps, there will be safeguards. When considering whether to add any health bodies to the schedules in the public service delivery, debt and fraud chapters, clear safeguards will apply. First, before a new body may be added to the schedule, it must show that it fulfils the relevant criteria relating to that specific power designed to ensure that only bodies with relevant functions for holding or requiring information relevant to that particular power may be added. The Minister must consider the procedures in place for secure handling of information before any new body can be added to the schedule—a point raised by the noble Lord, Lord Collins. A decision will be taken on whether it is in the public interest and proportionate to share identifying health information in order to achieve a specified objective. There would be no question of simply sharing this information more widely. The powers must be exercised in accordance with the Data Protection Act, which requires that only the minimum information necessary to achieve the objective may be shared. Under the Bill—and under the Data Protection Act—personal information may be used only for the purpose for which it was shared and data must be stored securely to ensure compliance with that Act. Again, this point was raised a moment ago.
Identifying health information will constitute sensitive personal data and so to ensure fair and lawful processing, it must fulfil one of the more onerous Schedule 3 conditions as well as the Schedule 2 condition under the Bill. In addition, new criminal sanctions have been included for wrongful disclosure with a maximum penalty of up two years’ imprisonment, a heavy fine or both. Further steps can of course also be taken to remove a body from the schedule if it does not comply with the requirements of the Act.
I do not suppose that I have satisfied anyone with that explanation at the end of the day. But, if nothing else, I hope that it has assisted in informing your Lordships as to why we consider that these amendments are not appropriate and that it would be appropriate to retain the ability to introduce health bodies by way of appropriate regulation. We feel that there will be appropriate safeguards and extensive consultation before any such step is taken, so I invite the noble Lord to withdraw his amendment.
May I ask for clarification over one issue? Would a statutory instrument, when brought forward, envisage adding health bodies to the Bill in a blanket way, or would it be envisaged that there would be statutory instruments for specific purposes, such as health bodies for the purposes of identifying fuel poverty, and that when something else emerged it would require a separate statutory instrument so as to keep that gateway as narrow as possible?
With respect, we clearly intend to maintain any gateway in as narrow a manner as is reasonable. The point that the noble Baroness raises is really a question for another day. We are not there yet; health bodies are not included in the schedule. If and when it is contemplated that they will be, there will be extensive consultations on the very issues that she raises.
My Lords, I thank the Minister for his ability to deliver a compromise position between what appeared to be diametrically opposed attacks in this group of amendments. He has done very well and almost satisfied me—I thank him for that and for his previous discussions.
Clearly, my amendments envisage a fairly narrow gateway, and in her latest remarks the noble Baroness, Lady Finlay, was responding to that. I am very grateful to the Minister for his assurance that the procedure could add health authorities and health bodies to the list in specific circumstances. When we come to the statutory instrument phase, I am arguing for only a relatively narrow inclusion, which may well be carried by the form of the statutory instrument which we eventually have to consider. I also recognise that the Minister has to await the outcome of these other considerations.
On the other hand, I would impress on the Minister that fuel poverty is a really big issue and that the lack of communication between the health and social security sides, and the other interventions, has proved a major inhibition in tackling fuel poverty. The information to be shared is in two directions. It would also allow a medical GP, for example, to access DWP information as to whether people in a household qualified for help. It is not simply a matter of disclosing medical information; it is one of ensuring that the medics actually understand the broader context of the household with which they are concerned.
I thank the Minister for his help in this direction. We will no doubt return to this at some subsequent stage but in the meantime, I beg leave to withdraw.
Briefly, the ground has been well covered by the noble Lords, Lord Foster and Lord Aberdare, and I have little to add. Three things strike me. I recalled in Committee that this was one of the areas where we had received the most external notifications and correspondence. It is still something that we need to take carefully. As has just been said, it is surprising that almost the entirety of the industry affected by the judgments of Ofcom have joined up to make the case.
Following on from both speeches, what is required is a statement from the noble and learned Lord. I am sure he is straining at the leash to give us all another compromise solution that will do the trick. He is shaking his head; maybe there are other things he has to cover as well. However, the situation seems to hinge on whether Article 4 of the EU directive applies sufficiently well after this Bill goes through, as before. Yet, as has been mentioned, there will be an opportunity, presumably in the great repeal Bill, to cover exactly this point. So what is the hurry?
My Lords, I am obliged to noble Lords. As the noble Lord, Lord Stevenson, observed, there have been quite a lot of external communications on this. Indeed, I notice that the quotation that the noble Lord, Lord Foster, gave on my observations in Committee was identical to that quoted in a letter from Towerhouse LLP to the Department for Culture, Media and Sport on 17 March. Everybody seems to be singing from the same hymn book.
At present, Section 195 of the Communications Act 2003 requires that appeals against Ofcom’s regulatory decisions are decided by the Competition Appeal Tribunal on the merits. I shall come back to “on the merits” in more detail in a moment.
Appellants argue that appeals “on the merits” should allow for a bottom-up review of the decision, inviting the tribunal to substitute its own view for that of the regulator—in effect, two tiers doing the same thing. Appeals are therefore seen as an opportunity to rerun arguments that were considered and rejected by Ofcom in reaching its decision, or to put forward swathes of new evidence to persuade the tribunal to reach a different decision. Such appeals can lead to extremely lengthy and costly litigation, with extensive cross-examination of experts and witnesses. This depletes the regulator’s resources and means that other regulatory action by Ofcom is inevitably delayed, allowing for the potential for providers to frustrate the regulator with speculative or even spurious appeals, causing considerable uncertainty in the market and delay to other regulatory decisions.
The Government consider that appeals in the communications sector need to be rebalanced to ensure that Ofcom is held properly to account for its decisions, but also enabled to regulate in an effective and timely manner in the interests of citizens and consumers, as it is required to do. Clause 80 does just that; it requires that instead of merits appeals, the tribunal must decide appeals against Ofcom’s decisions by applying the same principles as would be applied by a court on a judicial review. Judicial review is generally a well-understood standard of review against which very significant decisions made by most public bodies are tested. Importantly, this will ensure that appeals are focused on identifying errors in Ofcom’s decisions, rather than simply seeking to persuade the tribunal to reach a different conclusion.
Those affected by Ofcom’s decisions will remain able to challenge them effectively. In Committee, the noble Lord, Lord Clement-Jones, said that judicial review was,
“solely concerned with whether the decision is unlawful in a technical sense—that is, was the correct process followed?”.—[Official Report, 8/2/17; col. 1734.]
I hope I can reassure him that this is simply not the case. First, appellants are able to argue that Ofcom’s decisions are based on material errors of fact or law. Material errors will therefore be identified and corrected in a judicial review process. Secondly, judicial review is a flexible standard of review, which allows the court to decide on the appropriate intensity of review according to the individual circumstances of the case. For example, there may be more intensive review processes in the context of matters pertaining to human rights. In particular, Ofcom has various statutory duties to ensure that its decisions are proportionate—in other words, that they go no further than is appropriate and necessary to attain a legitimate aim. In reviewing whether a decision is proportionate, the courts can carry out a closer and more rigorous review of the decision.
Of course, appeals in the communications sector are required to ensure that,
“the merits of the case are duly taken into account”,
as a matter of EU law under Article 4 of the EU framework directive. That will remain the case under a judicial review standard. I understand that there is uncertainty about the extent to which requirements in EU law may become a part of UK law after the United Kingdom leaves the EU, but that will be a matter for Parliament to determine when the great repeal Bill is introduced, as the noble Lord, Lord Stevenson, observed, and will be looked at in the context of the overall future regulatory framework for electronic communications, including the appeals regime, once the UK has left the EU.
A number of Ofcom’s regulatory decisions are already appealable only by way of judicial review, and the Court of Appeal confirmed as long ago as 2008 that judicial review is capable of taking account of the merits of the case, as required by EU law and, in particular, by Article 4 of the EU directive. Lord Justice Jacob in the Court of Appeal in the T-Mobile case in 2008 said that it,
“is inconceivable that Art. 4 in requiring an appeal which can duly take into account the merits, requires Member States to have in effect a fully equipped duplicate regulatory body waiting in the wings just for appeals. What is called for is an appeal body and no more, a body which can look into whether the regulator had got something material wrong”.
He also held that,
“there can be no doubt that just as JR was adapted because the Human Rights Act so required, so it can and must be adapted to comply with EU law and in particular Article 4 of the Directive”.
Indeed, in a more recent case involving judicial review and Article 4 in 2016, Mr Justice Cranston observed that, as the Competition Appeal Tribunal had said:
“Ofcom enjoys a margin of appreciation on issues which entail the exercise of its judgment”,
and that,
“the Tribunal should apply appropriate restraint”.
It is not a second-tier regulator, and the fact that it might have preferred to give different weight to various factors in the exercise of a regulatory judgment would not in itself provide a sufficient basis to set aside Ofcom’s determination. It should not interfere with Ofcom’s exercise of a judgment unless satisfied that it was wrong.
These are the relevant judicial review standards that will be applied in these circumstances. We do not want a complete retrial—if I can call it that—or a situation in which, at two levels, we begin at the beginning and end at the end with an entirely different opinion and approach to the evidence, and, perhaps, entirely new arguments being advanced evidentially in support of the merits of a case. That is a never-ending process and is not common to any other area of regulation by a public authority.
The judgments I have referred to have been considered in a number of subsequent cases and it is clear that a judicial review standard is consistent with the requirements of Article 4 of the framework directive. In these circumstances, it is not considered that there is any real need for this amendment. It is appropriate that we proceed with Clause 80 and I therefore invite the noble Lord to withdraw the amendment.
(7 years, 7 months ago)
Lords ChamberThis text is a record of ministerial contributions to a debate held as part of the Digital Economy Act 2017 passage through Parliament.
In 1993, the House of Lords Pepper vs. Hart decision provided that statements made by Government Ministers may be taken as illustrative of legislative intent as to the interpretation of law.
This extract highlights statements made by Government Ministers along with contextual remarks by other members. The full debate can be read here
This information is provided by Parallel Parliament and does not comprise part of the offical record