To match an exact phrase, use quotation marks around the search term. eg. "Parliamentary Estate". Use "OR" or "AND" as link words to form more complex queries.


Keep yourself up-to-date with the latest developments by exploring our subscription options to receive notifications direct to your inbox

Written Question
Home Office: Amazon Web Services
Thursday 11th January 2024

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government whether Amazon Web Services has the right under its contract with the Home Office, agreed on 30 November, to move Home Office data out of the UK when it deems it necessary to provide the services initiated by the customer, as stated in the GDPR Data Processing Addendum attached to the contract.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The supplier shall not process or otherwise transfer Home Office data outside of the United Kingdom unless the prior written consent of the Home Office has been obtained.


Written Question
Home Office: Amazon Web Services
Thursday 11th January 2024

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government whether Amazon Web Services has the right to refuse an inspection from an independent auditor under its contract with the Home Office, agreed on 30 November, given that the contract states that the Home Office does not have a right to audit or inspect Amazon Web Services' physical infrastructure.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The supplier shall not process or otherwise transfer Home Office data outside of the United Kingdom unless the prior written consent of the Home Office has been obtained.


Written Question
Home Office: Amazon Web Services
Thursday 11th January 2024

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government why the new contract between the Home Office and Amazon Web Services, agreed on 30 November, is triple the cost of the Home Office's previous procurement of cloud computing services from Amazon Web Services in 2019.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The supplier shall not process or otherwise transfer Home Office data outside of the United Kingdom unless the prior written consent of the Home Office has been obtained.


Written Question
Home Office: Amazon Web Services
Thursday 21st December 2023

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government whether Home Office data processed by Amazon Web Services under their contract, agreed on 30 November, will be disclosable to foreign governments, as per section 3 of the GDPR data protection impact assessment attached in Appendix 2 of the Supplier Terms.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The Home Office holds one of the largest and most comprehensive data sets across Government. Ensuring this data is safe, secure, and is able to be fully utilised to the maximum benefit to the taxpayer is our primary concern. The Home Office agreement with AWS is based on predicted usage and is part of the Crown Commercial contract, called the One Gov Value Agreement 2 (OGVA2) which is a framework allowing all Government departments to combine to leverage an unprecedented discount on AWS services which would not be possible if each department held separate contracts.

AWS provide the below statement which reinforces our requirement under a shared responsibility model to secure our data in such a way that we retain control of any disclosure:

“Protecting the privacy of our customers is something that we take seriously at AWS. We recommend that customers encrypt their data as part of their overall security model when adopting cloud, and there are AWS services available to help you encrypt your data in transit and at rest (such as AWS Key Management Service and AWS CloudHSM). To be clear, the US Cloud Act / US Patriot Act do not give US Law Enforcement unfettered access to data, and only apply to evidence sought in connection with a crime over which the US has jurisdiction. We have a history of challenging government requests for customer information that we believe are inappropriate and, where we need to act to protect customers, we do; we will notify customers before disclosing any data and please be assured that content that has been encrypted is rendered useless without the applicable decryption keys.”


Written Question
Home Office: Amazon Web Services
Wednesday 20th December 2023

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government what, if any, security vetting is required for Amazon Web Service staff to handle Home Office data under the contract for the supply of cloud computing services agreed between the two on 30 November.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The supplier shall be required to comply with data protection legislation, together with specific confidentiality, data protection and data security obligations to protect Home Office data when required, including physical and logical security restrictions applicable to the supplier’s personnel from accessing and processing the Home Office’s data, in accordance with the AWS Security Standards.

This may include vetting to recognised standards when the specific work requires such clearance. The Home Office use “keys” which ensure its data is fully encrypted at rest and in-transit, such that AWS have no access.


Written Question
Home Office: Amazon Web Services
Wednesday 20th December 2023

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government whether the contract between Amazon Web Services and the Home Office, agreed on 30 November, includes the guarantees, references or legally required elements for a processing contract under section 59(5) of the Data Protection Act 2018, or the requirements of the statutory code of practice for police vetting to permit lawful processing of law enforcement personal data; if so, what form they take; and whether law enforcement personal data are excluded from the contract if such safeguard provisions are not required.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The supplier has no access to any of the data hosted in the AWS cloud. Certain Policing services are hosted in this environment which are assured and approved for this use. The extent of the processing of personal data covered in the contract is the provision of storage.

The nature of the data stored is entirely under the control of the Home Office and, due to the security controls in place, AWS has no knowledge of what is stored, nor is it provided with instructions on the nature of the processing. By design, the contract does not contain details that would that are not necessary to disclose to AWS for it to be bound by a contract that provides the necessary protections to personal data. The Information Commissioner’s Office is aware of this approach. AWS has no access to any personal data under the controllership of policing or the Home Office.


Written Question
Home Office: Artificial Intelligence
Monday 26th June 2023

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government how many automated decision-making systems are currently used by the Home Office to assist with making decisions that affect people’s legal rights or entitlements; and how many of those have publicly available (1) equality impact assessments, and (2) data protection impact assessments.

Answered by Lord Murray of Blidworth

“Assisting automated decision-making” is a broad term covering a large array of systems and processes, and the department does not keep a specific record of all systems that could fall within such a definition for this purpose.

The Home Office has well established processes for completing Equality Impact Assessments and Data Protection Impact Assessments to ensure data processing is lawful, necessary, and proportionate.


Written Question
Computer Misuse Act 1990
Thursday 11th May 2023

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government what is their timetable for the next stages of review and potential reform of the Computer Misuse Act 1990 to ensure better legal protections for cyber security professionals.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The Home Office concluded its public consultation and response to the Call for Information on the Computer Misuse Act on 6th April 2023.

As we set out in the consultation, the question of legal protections is a complex issue, and requires significant further discussion with a wide range of stakeholders. We have committed to work with law enforcement agencies, prosecutors, the cybersecurity industry and system owners to consider proposals, and reach a consensus on the best way forward. This work is under way, and we will provide an update to Parliament in due course.


Written Question
Public Spaces Protection Orders: Enforcement
Tuesday 3rd January 2023

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government, further to the Written Answer by Lord Sharpe of Epsom on 8 December (HL3749), how, if at all, they regulate the enforcement of penalties for the breach of public space protection orders by contractors appointed by local authorities.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The regulation of the enforcement of penalties for breaches of public space protection orders by contractors that have been appointed is a matter for the local authorities concerned.


Written Question
Public Spaces Protection Orders: Enforcement
Thursday 8th December 2022

Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)

Question to the Home Office:

To ask His Majesty's Government, further to the remarks by Lord Sharpe of Epsom on 27 October where he stated that "local authorities are obliged to follow the rules set out in the Public Contract Regulations 2015 in their appointment of such companies" (HL Deb col 1545), whether these (1) regulate private incentivised enforcement, and (2) limit injustices; and whether they restrict fining for profit.

Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)

The Public Contract Regulations 2015 do not regulate these issues. It is a matter for local authorities which models they use to enforce fixed penalty notices. There are no plans to conduct an investigation into these practices of local authorities.