(7 years ago)
Lords ChamberMy Lords, I support Amendment 184. As the noble Lord, Lord Stevenson, said, the GDPR does allow not-for-profit organisations to lodge complaints about suspected breaches of data protection without needing the authorisation of the individuals concerned. I really do not understand why this has been taken out; it is such an important piece of legislation that gives teeth to data protection. Most people do not have the time or the inclination to lodge complaints against data controllers. So many organisations are now holding data about us that it is ridiculous to suggest that individuals can become data detectives responsible for finding out who holds data on them and trying to work out whether that data is being processed in accordance with data protection rules.
I went through the hassle of getting my own subject access request from the Met police. It took a lot of form filling and cost me £10, which was absolutely not money well spent because the file, when I got it, was so redacted. I did ask for my money back but was not given it. That shows me that most of us will not know that data about us is being held—so the amendment is extremely valid.
Despite my opposition to some provisions in the Bill, I accept that it is very important. However, it is equally important that we get it right and that we do not have all these derogations which mean that it has less authority and power. Personally, I think that the amendment strengthens the data protection regime without any hassle for consumers. I hope that the Government will include it in the next iteration of the Bill.
I, too, support the amendment. One thing that we can all agree on is that data regulations is a complex and highly technical area of the law. As the Bill stands, it asks members of the public to become experts on the subject, which actually creates a significant barrier to its successful implementation. My particular and declared interest in the Bill is the rights of children. It is a pervasive myth in the digital environment that all users are equal. That is a category error, because if all users are equal, children are treated in the digital environment as adults and their long-established rights and privileges do not then apply. So it is on behalf of that demographic that I want to say specifically that this amendment is very important.
Without the amendment, a child would be expected to take on the very adult responsibility of being a named complainant in a regulatory or judicial complaint for a breach of data law. In the case of a child, such a complaint is very likely to be made against a multimillion or indeed multibillion dollar corporation. That cannot be, in anybody’s mind, a fair fight. While the noble Lord’s amendment and indeed the GDPR are designed to benefit all users, I point out that the amendment usefully aligns with the recommendation made by the Children’s Commissioner and the House of Lords Communications Committee that children urgently need champions in the digital environment.
We have seen special provision being made in the Bill for libraries, archivists, the insurance industry, security and intelligence, and possibly even for journalists this evening. Given that, I am waiting for the Government to concede that, like all these other special needs groups, children are data subjects with specific needs. One of those needs is to have an informed advocate if they have a complaint. So, although I do not think that the amendment would adequately fulfil that role, because I would like to see something more formal, it would at least go some way to providing support for children should they have a complaint.