(6 months, 4 weeks ago)
Lords ChamberMy Lords, I have it in command from His Majesty the King to acquaint the House that His Majesty, having been informed of the purport of the Zoological Society of London (Leases) Bill, has consented to place his interest, so far as it is affected by the Bill, at the disposal of Parliament for the purposes of the Bill.
(8 months, 3 weeks ago)
Lords ChamberMy Lords, we have a bit of an impasse. Could we hear from the Conservative Benches and then the Labour Benches?
Thank you. My Lords, despite financial difficulties, some national museums are prevented by law from deaccessioning. What is the Government’s policy towards regional museums?
(11 months ago)
Lords ChamberMy Lords, purely in terms of fairness, shall we hear from my noble friend Lord Grade?
My Lords, I may have to change my name to Tina. I declare my interests as set out in the register. I have no opinions to offer on the future of the BBC or its funding. My concern is to stress to the Minister that one of the greatest economic success stories—one of the very few in this country in the last two decades—has been the creative industries, and at the heart of that are all our public service broadcasters: the BBC, ITV, Channel 4 and Channel 5. Without them we would not have had “Mr Bates vs The Post Office”, “Line of Duty” or “Happy Valley”. I would love to hear some warm words from the Minister about how the future of the creative industries and the important part it plays in sustaining investment in British production, which the BBC is a big part of, will very much be in the Government’s thinking.
(6 years, 7 months ago)
Lords ChamberMy Lords, Amendments 29 and 30 relate to Clause 51, which enables data subjects to exercise certain rights through the Information Commissioner. Under Part 3, where a person makes a subject access request, it may be necessary for the police or another competent authority to give a “neither confirm nor deny” response; for example, to avoid tipping off that person that they are under investigation for a criminal offence.
Under the Bill as passed by this House, a data subject could exercise their rights under Clause 51 to request that the Commissioner check that the processing of their personal data complied with the provisions in Part 3. Such a request would clearly undermine a “neither confirm nor deny” response, effectively providing a back door for data subjects to find out if personal data was being held on them. To address this, the amendments replace the requirement on the Information Commissioner to check that processing complies with Part 3 with a requirement to check that a restriction imposed by the controller is lawful.
Commons Amendments 31 and 32 relate to Clause 53, which enables a controller when in receipt of a manifestly unfounded or excessive subject access request either to charge a reasonable fee before responding to the request or refuse to act on the request. The amendments extend this latitude afforded to a controller to cover requests made by a data subject under Clause 50, which requires a controller to reconsider a decision based solely on automated processing. Although the vast majority of subject access requests made by data subjects are reasonable, the amendments are necessary to ensure that controllers have a robust mechanism in place to deal with any repeated or malicious requests that they receive. I beg to move.
That this House do agree with the Commons in their Amendment 174.
My Lords, these amendments relate to the immigration exemption in paragraph 4 of Schedule 2, which was debated at some length during the passage of the Bill through this House. It may assist the House if I briefly restate the case for this provision.
The Bill and the GDPR extend and strengthen the rights of individuals, giving them easier access to their data and greater control over its use and processing. This is something we can all welcome. However, it is necessary to balance such enhanced rights of data subjects with other competing interests. The Bill therefore provides mechanisms to ensure that data rights cannot undermine investigations by law enforcement agencies, regulators and others. For the same reasons, the Bill makes provision to protect the integrity of the immigration system; for example, to prevent the release of information which would undermine imminent enforcement action.
As I have previously explained, the immigration provision is limited in nature. It does not allow the Home Office—or, indeed, any other controller—to set aside all the safeguards in the Bill; rather, it allows a number of specific rights to be restricted on a case-by-case basis and only to the extent to which giving effect to those rights would be likely to prejudice the maintenance of effective immigration control in an individual case. Decisions will also be subject to oversight by the Information Commissioner and, ultimately, the Information Tribunal.
On Report noble Lords supported the retention of the exemption by a majority of 130. Last week the House of Commons similarly supported the inclusion of the exemption in the Bill by a clear majority of 28. None the less, it is of course right that the exemption should be as tightly drafted as possible. The Government firmly believe that unless there is a compelling reason to the contrary, data processing should always be fair and transparent and it should not be possible to collect data for one purpose and then to retrospectively apply a policy of processing for further, incompatible purposes. It was always the Government’s intention that processing for immigration purposes should have to meet both these principles. But, on reflection, we agree that the provisions in paragraph 4 of Schedule 2 left room for doubt as to the intended approach. Therefore, Commons Amendments 174 and 175 further narrow the exemption to put the matter beyond doubt.
We are also committed to reviewing the operation of the exemption in the light of experience 12 months after these provisions come into force. To inform the review we would naturally welcome the views of interested parties, such as the Immigration Law Practitioners’ Association. Clause 16 would enable us to narrow the scope of the exemption still further should the review conclude that it would be appropriate to do so.
I look forward to hearing what the noble Baroness, Lady Hamwee, has to say about her Amendment 175A, but for now I beg to move.
Amendment 175A (as an amendment to Amendment 175)
I thank the noble Baroness for setting out the rationale for Amendment 175A. I wholeheartedly endorse the sentiment behind it— namely, that the data protection principles must underpin the processing of personal data held by the Home Office for immigration purposes. I also unreservedly support the notion that the Home Office needs to abide by the highest standards required by the GDPR and the Bill and to ensure that its staff are properly equipped, including through the appropriate training and guidance, to ensure that the department collectively fulfils its statutory responsibilities when it comes to processing people’s personal data. We want our staff to recognise that new data rights should be seen as an opportunity to improve how we collect, process and use other people’s data and respond to customers’ requests.
I am grateful to the noble Baroness for giving me foresight of her specific questions. The first concerned the exemption not being used in a blanket way to deny all requests for files concerning immigration held by the Home Office. This will be the case regardless of the believed immigration status of the client. We have been clear, and guidance will be clear, that the exemption can be used only on an individual basis and on a right-by-right basis—that is, a controller can exclude only those rights that would cause the prejudice test to be satisfied. Further, we will withhold only the information that could be likely to cause the prejudice. All other data is currently—and will carry on being—released.
The noble Baroness’s second question concerned the exemption not being routinely applied or applied without meaningful individual assessment in circumstances where the Home Office seeks to acquire data collected by essential public services from other government departments, such as the Department for Education. Where a right is to be restricted, there has to be evidence which a data controller can identify that has satisfied the likely-to-prejudice effective immigration control test and the test that it is still a live concern. That is irrespective of where or from whom the data was gathered.
The noble Baroness’s third question concerned the exemption not being routinely applied or applied without meaningful individual assessment in circumstances where a person or their legal representative is requesting data held by the Home Office so that they can regularise their immigration status or progress an immigration claim. We have been clear—and our guidance will be clear—that a right can be restricted only where there is a risk to the maintenance of effective immigration control. If a person is seeking to regularise their status, it is incumbent upon us to facilitate their efforts, and we strive to do so.
The noble Baroness’s next question was about the exemption being applied solely by the Home Office and not by government contractors carrying out immigration control functions. The exemption may be used and applied by those who work with us. However, the same checks and balances would be applicable in all instances.
The noble Baroness also asked for the exemption to be used only in cases where the Government have a clear and specific reason to believe that the release of data would undermine immigration control in relation to that specific person. That is correct—and it is what paragraph 4 of Schedule 2 provides for.
The next question the noble Baroness asked was about undermining immigration control not including an individual accessing data that may show why they may have reason to be allowed to stay in the UK. We have been clear that, where a person is seeking to regularise their status or appeal a decision, we will disclose all the data we hold to assist them in that and always give the full basis of why a decision has been made to facilitate any appeal.
The noble Baroness rightly asked, for the above reasons, whether it would be used only in a very small number of cases. The answer is yes. We anticipate that it will be a minority of cases and it is a rebuttable assumption that all rights apply to all data subjects.
The noble Baroness’s final question was about the exemption not being applied to British citizens or migrants who are lawfully resident in the UK. The exemption is not designed to apply to those here lawfully. It could, however, be used if a lawful UK resident was involved in an attempt to cause prejudice to the maintenance of effective immigration control—for example, by sponsoring someone in the knowledge that they did not qualify to be here.
I hope that I have answered in full the noble Baroness’s questions. I thank her again for providing me with sight of her questions.
(6 years, 11 months ago)
Lords ChamberMy Lords, government Amendment 118 responds to an amendment tabled in Committee by the noble Baroness, Lady Hamwee. I said then that I recognised the concern that had been expressed about the lack of transparency as regards national security certificates and that I would consider what more could be done to address this.
Having reflected carefully on that debate, and on representations from the Information Commissioner, I am pleased to move Amendment 118 to address this issue. It inserts a new clause into Part 5 of the Bill which requires a Minister of the Crown who issues a certificate under Clauses 25, 77 or 109 to send a copy of the certificate to the Information Commissioner, who must publish a record of the certificate. We would normally expect the published record to be a copy of the certificate itself. As I indicated in Committee, a number of the existing certificates are already available online.
As an important safeguard under the new clause, the commissioner must not publish the text or part of the text of the certificate if the Minister determines, and has so advised the commissioner, that to do so would be against the interests of national security or contrary to the public interest, or might jeopardise the safety of any person. Where it was necessary to redact information in a particular certificate, there would still be a public record of the certificate as set out in subsection (3) of the new clause. While in practice we expect that most certificates will continue to be published in full with no need for such restrictions, as is currently the case, this provides an important safeguard where it is necessary for a certificate to include operationally sensitive information. The commissioner must keep the record of the certificate available to the public while the certificate is in force, and if a Minister of the Crown revokes a certificate the Minister must notify the commissioner.
In the Information Commissioner’s briefing to this House on the Bill, she stated that there should be a presumption in favour of placing national security certificates in the public domain where to do so would not damage national security. She also noted that adopting a provision requiring her to be notified when a certificate was issued would provide a further safeguard to help inspire public confidence in regulatory oversight. I agree with her.
We have listened to concerns, and trust that this amendment will be widely welcomed. Indeed, it is worth recording that the ICO’s latest briefing on the Bill said that the amendment was,
“very welcome as it should improve regulatory scrutiny and foster greater public trust and confidence in the use of national security certificate process”.
I beg to move.
Amendment 118A (to Amendment 118)
(7 years ago)
Lords ChamberMy Lords, we have Amendment 37 tabled in my name and that of my noble friend Lord Kennedy in this group. The focus of our amendment is to tease out from the Dispatch Box a sense of what is meant by “meaningful” in the context of the discussions we have already had about how organisations might disclose details of algorithms used in profiling and data-driven decision systems, to meet the obligation in the GDPR to provide meaningful information about what has been going on in that space. It will be difficult to do this because “meaningful” can involve many words and obligations and is, I think, a slightly slippery concept. It will probably exercise the noble and learned Lord, Lord Mackay of Clashfern, in its imprecision—but do not blame us, mate; it is the GDPR, which we are not allowed to discuss. However, I think that the Minister can help us here by providing a bit more information.
We have suggested that a way of dealing with this would be to look at how the information is used and make it a requirement that it should,
“be sufficient to enable the data subject to assess whether the profiling will be beneficial or harmful to their interests”.
That may not be sufficiently strict legal language but, if it is an important distinction, it would help to get us to the point at which the Minister might say that she will bring back improved wording in an amendment at Third Reading.
The real issue which is not discussed here is the question of whether we can access the algorithms themselves. The problem, and the reason for the solution to that problem lying in terms of the test of how it works in practice, is that it is not sufficient just to have simple information about the actual mathematics of the algorithm because that in itself would not give us enough information. What we need, for those in a particular part of the population cohort, is knowledge of the consequences of being in one category or another and how that is weighed up by those carrying out the processing. This covers all the ways in which decisions are made on credit, on our purchases and how we are advertised to. It is happening now, so the sooner we can get the information, the better. I look forward to hearing the Minister’s comments when she comes to respond.
My Lords, I start by thanking noble Lords for their amendments, which bring us back to the important issues around the use of automated processing in what is an increasingly digital world. I apologise if my smile was misleading, I was just very pleased to see the noble Baroness in her place; it did not indicate anything other than that.
The range in which automated processing is applied includes everything from suggested views on YouTube to quotes for home insurance and beyond. In considering these amendments it is important to bear in mind that automated decision-making can bring benefits to data subjects, so we should not view these provisions simply through the prism of threats to data subjects’ rights. The Government are conscious of the need to ensure that stringent provisions are in place to regulate appropriately decisions based solely on automated processing. We have included in the Bill the necessary safeguards such as the right to be informed of automated processing as soon as possible, along with the right to challenge an automated decision made by a data controller or processor. We have considered the amendments proposed by noble Lords and believe that Clauses 13, 43, 48, 94, 95, 111 and 189 provide sufficient safeguards to protect data subjects of all ages—adults as well as children.
I accept that people want to assert their rights. Of course I do. I also think that we had a very detailed debate in Committee. Points were raised about the broad-brush approach; the Government have responded, and I am happy to support their amendments.
My Lords, these amendments bring us back to the immigration exemption in paragraph 4 of Schedule 2 which, as the noble Lord, Lord Kennedy, said, was debated at some length in Committee. As this is Report, I am not going to repeat all the arguments I made in the earlier debate, not least because noble Lords will have seen my follow-up letter of 23 November, but it is important to reiterate a few key points about the nature of this provision, not least to allay the concerns that have been expressed by noble Lords.
Let me begin by restating the core objective underpinning this provision. The noble Lord, Lord Kennedy, specifically asked for further clarity on this point. The UK’s ability to maintain an effective system of immigration control and to enforce our immigration laws should not be threatened by the impact of the GDPR. It is therefore entirely appropriate to restrict, on a case-by-case basis, certain rights of a data subject in circumstances where giving effect to those rights would undermine that objective. That is the sole purpose and effect of this provision—nothing more, nothing less.
The GDPR recognises this by enabling member states to place restrictions on the rights of data subjects where it is necessary and proportionate to do so to safeguard,
“important objectives of general public interest”.
The maintenance of effective immigration control is one such objective. This is the basis for the provision in paragraph 4 of Schedule 2.
The noble Baroness referred to article 23 of the GDPR. It does not expressly allow restrictions for the purposes of immigration control. She asked whether the immigration restriction is legal. She pointed to Liberty’s claim that the exemption is unlawful. It is not the case.
My Lords, the Minister is reading from her brief, but I do not think I made any of the statements it anticipated I would make.
I have been badly advised somewhere. Shall I just get on with what I was going to say?
I made clear in Committee that the exemption is not a blanket provision applying to a whole class of data subjects. It is important to note that Schedule 2 does not create a basis for processing personal data. The exemptions in that schedule operate as a shield allowing data controllers to resist the exercise or application of the data subjects’ rights as set out in chapter III of the GDPR. It is the assertion or application of those rights that triggers the exemptions in Schedule 2. Given this, it is simply not the case that the Home Office, or any other data controller, can invoke the immigration exemption or, for that matter, any other exemption as a default response to subject access requests by a group of persons. Instead, an individual decision must be taken as to whether to apply the exemption in circumstances where a data subject’s rights are engaged.
Moreover, before a right can be restricted, the controller must be satisfied that there would be a likelihood of prejudice to the maintenance of effective immigration control or the investigation or detection of activities that would undermine the maintenance of effective immigration control. Only if that test is satisfied will the controller be able to apply the restriction on the data subject’s rights. I should also stress that this restriction should be seen as a pause button and not something to be applied in perpetuity to the data subject. If circumstances change so that the test is no longer satisfied in a given case, then the restriction will have to be lifted.
Having said that, I recognise the concerns that were expressed in Committee about the breadth of the exemption, and government Amendments 43 and 44, as the noble Lord, Lord Kennedy, said, respond to those concerns. These amendments remove the right to rectification and the right to data portability from the list of data subjects’ rights that may be restricted. On further examination of the listed GDPR provisions in paragraph 1 of Schedule 2, we have concluded that the risk of any prejudicial impact on our ability to maintain effective immigration control that might arise from the exercise of the rights in articles 16 and 20 of the GDPR is likely to be low.
Having clarified both the purpose of this provision and the way it will operate, and having addressed the concerns about the extent of the exemption, I would ask the noble Baroness, Lady Hamwee, to withdraw her amendment and support the government amendments.
My Lords, I am obviously disappointed by both those speeches. I agree with the noble Lord, Lord Kennedy, that immigration control should be effective and fair, which is precisely what I was driving at. He referred to balance; I quoted article 23(1), which requires necessity and proportionality.
I thank the Minister for her answers and for her response to Liberty. She talked about taking this “case by case”, but is that not how we deal with all our immigration control? We do not apply wholesale visa bans; we are not Trump’s poodle. Data requests are made on a case-by-case, individual basis, but you need to know what data is held in order to make the request.
The Minister referred to a “pause button”. I am afraid that does not, to me, have the air of reality or really offer any assurance in the real world.
Amendment 44 does not respond to our concerns. As I commented, you cannot exercise the right of rectification unless you know what is said about you. I feel we are hardly even talking the same language, although it gives me no pleasure to say that. I think I must seek to test the opinion of the House.
(7 years, 1 month ago)
Lords ChamberMy Lords, I thank all noble Lords who have taken part in the debate. There is clearly a lot of interest, as is evident from what has been said. I am also glad to be back opposite the noble Lord, Lord Kennedy of Southwark, as we have been on so many occasions, and I am sure we will be in the future. It is probably worth addressing some of the evident misunderstandings that have arisen around the purpose and the scope of this provision, and I hope to be able to persuade the Committee that this is a necessary and proportionate measure to protect the integrity of our immigration system.
The Government welcome the enhanced rights and protections for data subjects afforded by the GDPR and in negotiating, it was accepted by all parties that at times these rights needed to be qualified in the general public interest, whether that is to prevent and detect crime, safeguard legal professional privilege or journalists’ sources, or in this case maintain an effective system of immigration control. A number of articles of the GDPR therefore make express provision for such derogations, including article 23, which enables restrictions to be placed on certain rights of data subjects. Given the extension of data subjects’ rights under the GDPR, it is necessary that we include in the Bill an express targeted exemption in the immigration context. The exemption would apply to the processing of personal data by immigration officers and the Secretary of State for the purposes of maintaining effective immigration control or the detection and investigation of activities which would undermine the system of immigration control. It would also apply to other public authorities required or authorised to share information with the Secretary of State for either of those purposes.
It is important that it is clear to the Committee what paragraph 4 of Schedule 2 does not do. It emphatically does not set aside the whole of the GDPR for all processing of personal data for all immigration purposes. The opening words of paragraph 4 make it clear that only “the listed GDPR provisions” may be set aside. The listed GDPR provisions are those set out in paragraph 1 of Schedule 2. The provisions in question relate to various rights of data subjects as provided for in chapter 3 of the GDPR, such as the rights to information and to access to personal data, and to two of the data protection principles: those relating to fair and transparent processing and the purpose limitation. Except to that extent, all the data protection principles, including those relating to the lawfulness of processing, data minimisation, accuracy, storage limitation, and integrity and confidentiality will continue to apply. So too will all the obligations on data controllers and processors, all the safeguards around cross-border transfers and all the oversight and enforcement powers of the Information Commissioner. The latter is particularly relevant here as it is open to any data subject affected by the provisions in paragraph 4 of Schedule 2 to lodge a complaint with the Information Commissioner, which the commissioner is then obliged to investigate.
Moreover, paragraph 4 does not give the Home Office carte blanche to invoke the permitted exceptions as a matter of routine. The Bill is clear: the exceptions may be applied only to the extent that the application of the rights of data subjects or the two relevant data protection principles,
“would be likely to prejudice … the maintenance of effective immigration control, or … the investigation or detection of activities that would undermine the maintenance of effective immigration control”.
This is a significant and important qualification. The noble Lord, Lord Clement-Jones, asked why we have not listed exactly what we mean by,
“the maintenance of effective immigration control”.
The maintenance of that control does not merely encompass physical immigration controls at points of entry but, more generally, the arrangements made in connection with a person’s entry into and stay within the United Kingdom. A system of effective immigration control depends on our ability to control the entry and stay of those who wish to come to our country; to identify those who should not be admitted; and to pursue enforcement action against those who are liable to removal for failure to comply with restrictions and conditions on their stay, or otherwise in the public interest.
To use the example of the right conferred by article 15 of the GDPR, each subject access request would need to be considered on its own merits. We could not, for example, and would not want to limit the information given to visa applicants as to how their personal data will be processed as part of that application. Rather, the restrictions would bite only where there is a real likelihood of prejudice to immigration controls in disclosing the information concerned. It is equally important to dispel one other myth. Some of the briefing I have seen on this provision suggests that it creates new information-sharing gateways. This is simply not the case. As I have indicated, Schedule 2 sets out certain exceptions from the GDPR; it does not in and of itself create new powers to share data between data controllers. However, where personal data is shared between controllers for the limited immigration purposes specified in paragraph 4, it does mean that the data subject does not need to be notified if to do so would be prejudicial to the maintenance of effective immigration control.
It may assist the Committee if I explain the kind of information that it might be necessary to withhold from data subjects, and offer a couple of examples of the circumstances requested by the noble Baroness, Lady Hamwee, where to do so would be necessary to maintain the effectiveness of our immigration controls. The classes of information which the Home Office may need to withhold include a description of the data held, our data sources, the purposes for which the data was held, and details of the recipients to whom the data has been disclosed. There will be circumstances where the disclosure to data subjects of such information could afford them the opportunity to circumvent our immigration controls. Two examples will, I hope, help to illustrate where the disclosure of such information may have precisely the adverse effect.
First, in the case of a suspected overstayer, if we had to disclose in response to a subject access request what we are doing to track their whereabouts with a view to effecting administrative removal, it is clearly possible that they might then be able to evade enforcement action. A second example relates to circumstances where we seek to establish the legitimacy of a particular claim, such as an extension of leave to remain in the UK, and suspect that the claimant has provided false information to support that claim. In such a case, we may contact third parties to evidence the claim. If we are then obliged to inform the claimant that we are accessing records held by third parties, they may abscond and evade detection. Such procedures may then become common knowledge and further undermine our ability to maintain effective controls.
Immigration is, naturally, a very sensitive subject area and a topic of huge importance to the public, to the economic well-being of this country and to the social cohesion of our society. Being able to effectively control immigration is, therefore, in the words of the GDPR,
“an important objective of general public interest”.
As I have indicated, having a new data protection regime which seeks to give broader rights to data subjects is to be welcomed. But in an area as sensitive as the immigration system, we need to make appropriate use of the limited exemptions available to us so that we can continue to maintain effective control of that system in the wider public interest.
I hope that I have been able to satisfy noble Lords that this provision is necessary and proportionate. It is not the wholesale carve-out of subject access rights that some have suggested but a targeted provision wholly in line with the discretion afforded to member states by the GDPR, and it is vital to maintaining the integrity of the immigration system.
Having given this provision a good airing, I hope the noble Lord, Lord Clement-Jones, will feel happy to withdraw his amendment.
My Lords, there is a lot that demands careful reading and careful thought. I have three questions which I can raise now. First, in the examples which the Minister gave it struck us on these Benches that she was talking about things which are, in fact, criminal offences being dealt with under Part 3, which is the law enforcement part of the Bill.
Secondly, how is all this applied in practice? How does the controller know about the purposes? I am finding it quite difficult to envisage how this might work in real life. Thirdly, the Minister referred to the lawfulness of processing. I wonder whether this is not circular because paragraph 4, in disapplying listed provisions—by the way, I think those listed provisions include many which are very important indeed—makes it lawful, so I have a bit of a problem around that. Of course, I and others will carefully read what the Minister said, but I am sure we will want to return to this at the next stage.
My Lords, I felt entirely comfortable with my noble friend’s examples, but they do not fit with what the Home Office has been doing. What it has done with the national pupil database is not to ask targeted questions when it has a problem with an individual but to collect the whole lot so that it has the ability to trawl, look at, match and use the whole of the dataset. That is a much more dangerous thing because of the consequences it has for the integrity of the data and for the way in which the lawfulness of gathering it is questioned. It is that sort of practice that troubles me. I had not read this clause in the narrow way in which my noble friend described it. I will obviously go away and read it again carefully, but if she would add a letter to her noble friend’s letter enlarging on why this is a narrow provision and giving us comfort, that would be worth while for me.
I thank my noble friend for that. In the meantime, I think my words should be reread, particularly my point about it not being a wholesale carve-out but quite a narrow exemption. I will write to noble Lords. I thought I might home in on one question that the noble Baroness, Lady Hamwee, asked about relying on this in the investigation, detection and prevention of crime. Of course, that is not always the correct and proportionate response to persons who are in the UK without lawful authority and may not be the correct remedy. I will write to noble Lords, and I hope that the noble Lord will feel happy to withdraw the amendment.
My Lords, I thank the Minister. For a Home Office Minister she has a wonderful ability to create a sense of reassurance, which is quite dangerous. I am afraid that for all her well-chosen words, these Benches are not convinced. In particular, I noticed that she started off by saying, “This is only a very limited measure; it does not set aside everything”. But paragraph 1 sets aside nine particular aspects, all of which are pretty important. This provision is not a pussycat; it is very important.
I thank all those who spoke, including the noble Baroness, Lady Jones, and the noble Lord, Lord Lucas. I thought the support from the noble Lord, Lord Kennedy, for this amendment—I called him the right name this time—was rather more equivocal, and I hope he has not been persuaded by the noble Baroness’s siren song this evening. This is a classic example of the Home Office dusting off and taking off the shelf a provision which it has been dying to put on the statute book for years. The other rather telling point is that the noble Baroness said there is express provision for such derogation in the GDPR. But that is no reason to adopt it—just because it is possible, it is not necessarily desirable. But no, they say, let us adopt a nice derogation of this kind when it is actually not necessary.
As my noble friend pointed out, the Minister has not actually adduced any example which was not covered by existing exemptions, for instance, criminal offences. We will read with great care what the Minister has said, but I do not think that the “Why now?” question has really been answered this evening. In the meantime, I beg leave to withdraw the amendment.