Debates between Lord Ashton of Hyde and Lord Paddick during the 2017-2019 Parliament

Thu 25th Apr 2019
Mon 20th Nov 2017
Data Protection Bill [HL]
Lords Chamber

Committee: 5th sitting (Hansard): House of Lords

Huawei

Debate between Lord Ashton of Hyde and Lord Paddick
Thursday 25th April 2019

(5 years, 7 months ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Ashton of Hyde Portrait Lord Ashton of Hyde
- Hansard - -

The noble Lord is exactly right. As I said, this is not just about one country. The National Security Council looks at all these issues. The problem with a global network such as the internet is that threats can come from any country, and they may originate in one but attack through another. It is complicated. In this country, we have one of the best organisations to deal with this: the National Cyber Security Centre in GCHQ. The main thing to stress is that our security is pre-eminent, but we have to strike a balance with new and emerging economies and how we deal with them—and not just with regard to cybersecurity.

Lord Paddick Portrait Lord Paddick (LD)
- Hansard - - - Excerpts

My Lords, the security of the UK is greatly enhanced by its membership of the Five Eyes group of countries, almost all of which are very concerned that Chinese tech companies are required by law to co-operate with Chinese security agencies. Five Eyes countries will continue to share sensitive intelligence with the UK only if they have trust and confidence in our security services. What assessment have the Government made of the damage caused by the alleged leak from the National Security Council—both the fact that there has been a leak and the content of the alleged leak?

Lord Ashton of Hyde Portrait Lord Ashton of Hyde
- Hansard - -

To pick up on the noble Lord’s first point, I do not place a huge amount of importance on the Chinese law that he referred to, which requires companies to co-operate with the Government. If anyone thought beforehand that that law did not exist, they were unwise. On his point about security and the leak, I can only re-emphasise that when security matters are discussed at government level, they should be kept confidential. There is an assessment of that going on at No. 10 at the moment, but I have no details of it because it has not been completed.

Video Games: Domestic Violence and Child Abuse

Debate between Lord Ashton of Hyde and Lord Paddick
Wednesday 6th December 2017

(6 years, 11 months ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Ashton of Hyde Portrait Lord Ashton of Hyde
- Hansard - -

I do not agree with the noble Baroness and I see no evidence that this body is not doing its job. It classified the age for 146 out of 498 video games in 2016 as 18, meaning that only adults should be allowed to watch them and that it is a criminal offence to allow other people below that age to do so.

Lord Paddick Portrait Lord Paddick (LD)
- Hansard - - - Excerpts

My Lords, does the Minister not agree that any depiction of child abuse is likely to normalise that behaviour, not just in the minds of children who are less likely to report it, but also in those of potential perpetrators? Does he not agree that if no video game has ever been banned, something really needs to be done about this so-called independent body that is supposed to be taking action?

Data Protection Bill [HL]

Debate between Lord Ashton of Hyde and Lord Paddick
Lord Ashton of Hyde Portrait Lord Ashton of Hyde
- Hansard - -

My Lords, I thank the noble Lord for introducing his amendments, which touch on the fees that the Information Commissioner will be able to charge under the new regime. Noble Lords will recall that we discussed similar issues during the passage earlier this year of what became the Digital Economy Act. Perhaps I may start with some of the general points made by the noble Lord and then go on to address his specific amendments. I agree absolutely that this is a bigger issue than just the amendments; it is the question of how the Information Commissioner, to whom we have given these very important duties, will be able to sustain an effective service. I can assure the noble Lord that we are aware of and understand the specific problem he outlined about staff. In fact, I was present at a meeting three or four weeks ago at which we discussed that exact subject. Part of the issue to deal with that will, I hope, be addressed in the near future, in ways that I cannot talk about tonight.

On the noble Lord’s general question as to whether it is an adequate system, we believe that the suggested system is flexible enough to deal with the requirements of the Information Commissioner. We realise that increased burdens will be placed on her; at the moment, I believe that her office has not raised its fees for 18 years. Of course, the number of data controllers has risen, so the rate applies to a greater number of people. We will lay some statutory instruments that will deal with the fees for the Information Commissioner in the near future, so I am sure that we will come back to that.

On the specific amendments the noble Lord has tabled, Clause 129 permits the Information Commissioner to charge a “reasonable fee” when providing services to data controllers and other persons who are not data subjects or data protection officers. This is intended to cover, for example, the cost to the commissioner of providing bespoke training for a data controller. Amendment 161E would place a requirement on the commissioner to publish guidance on what constitutes a “reasonable fee” within three months of Royal Assent. We agree that data controllers and others should know what charges they should expect to pay before they incur them. However, the Government’s view is that this is already provided for through Clause 131, which requires that the commissioner produce and publish guidance about any fees that she proposes to charge for services under Clause 129. As there is already a requirement for the commissioner to publish guidance in advance of setting any fees, the Government do not consider a particular deadline necessary.

Amendment 161F would remove Clause 132(2) completely. I am concerned that the amendment would create ambiguity in an area where clarity is desirable. Clause 132 makes provision for a general charging regime in the absence of a compulsory notification regime like that provided in the 1998 Act. Clause 132(2) clarifies that the regime could require a data controller to pay a charge regardless of whether the Information Commissioner had provided, or would provide, a “service” to that controller. This maintains the approach that is currently in force under the 1998 Act—namely, that most data controllers are required to pay a fee to the commissioner whether or not a service is provided to them—and is intended to meet the costs of regulatory oversight.

The consultation on the new charging regime recently closed and the Government intend, as I said, to bring forward regulations setting out the proposed fees under the new regime early in the new year. No final decision has yet been taken in relation to those fees, but, as I committed to during the passage of what became the Digital Economy Act, charges will continue to be based on the principle of full cost recovery and, in line with the current model, fee levels will be determined by the size and turnover of an organisation but will also take account of the volume of personal data being processed by the organisation. That partly addresses the point made by the noble Lord.

Amendment 161G addresses a concern raised by the Delegated Powers and Regulatory Reform Committee that the fees regime established by Clause 132 should not raise excess funds beyond what is required to cover the costs of running the Information Commissioner’s Office. I must confess to a sense of déjà vu; we debated a very similar amendment in the Digital Economy Act. The Government are considering their response to the committee’s report, but they remain concerned that there should be sufficient flexibility within the new fees regime to cover the additional functions that the commissioner will be taking on under the new regime and any other changes that may be dictated by operational experience, once the new regime has bedded in. Indeed, if anything, the merit of having some limited flexibility in this regard is even clearer now than it was in March when we debated the Digital Economy Act.

I confirm once again that charges will be on the basis of full cost recovery. We take on board the point made by the noble Lord, Lord Stevenson, that the commissioner must be able to make sufficient charges to undertake and fulfil the requirements that we are asking of her.

Finally, on Amendment 161H, I can reassure the noble Lord that the Information Commissioner already prepares an annual financial statement, in accordance with paragraph 11 of Schedule 12 to the Bill, which is laid before Parliament. In addition, there may be occasions where the Secretary of State needs up-to-date information on the commissioner’s expenses mid-year—in order, for example, to set a fees regime that neither under-recovers nor over-recovers those costs. That is why Clause 132(5) is constructed as it is.

I hope that I have addressed the noble Lord’s concerns both in general and in particular and that he will feel able not to press his amendments.

Lord Paddick Portrait Lord Paddick
- Hansard - - - Excerpts

My Lords, I do not know whether I am getting confused here. The Minister referred to Clause 132(2), about the power for the Information Commissioner to require data controllers to pay a charge regardless of whether the commissioner has provided, or proposes to provide, a service to the controller. How can that be done if there is to be no requirement for data controllers to register with her?

Lord Ashton of Hyde Portrait Lord Ashton of Hyde
- Hansard - -

There is a duty for data controllers to pay a charge to the Information Commissioner in the same way as there is a duty today for data controllers to register with the Information Commissioner. The duty applies in both circumstances. In some cases, some data controllers do not register with the Information Commissioner—they are wrong not to do so, but they do not. In the same way, it is possible that some data controllers may not pay the charge that they should. In both cases, in today’s regime and that proposed, there is a duty on data controllers to perform the correct function that they are meant to perform. Controllers do not all register with the Information Commissioner today, although they should, and may not pay their charges. Under the new regime, they should, and an enforcement penalty is able to be levied if they do not.