All 1 Debates between Lord Knight of Weymouth and Baroness Chisholm of Owlpen

Data Protection Bill [HL]

Debate between Lord Knight of Weymouth and Baroness Chisholm of Owlpen
Monday 30th October 2017

(6 years, 5 months ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Baroness Chisholm of Owlpen Portrait Baroness Chisholm of Owlpen (Con)
- Hansard - - - Excerpts

My Lords, the Bill creates a comprehensive and modern framework for data protection in the UK. The importance of these data protection standards continues to grow—a point which has not been lost on noble Lords; nor has it been lost on organisations, business groups and others. We are grateful for all the feedback we have received through responses to the Government’s call for views and on our statement of intent, and, most recently, on the drafting of the Bill itself. Hence this large group of technical amendments seek to polish various provisions of the Bill in response to that feedback. If I may, I will save noble Lords from the tedium of going through each amendment in turn—we would be here all night—and instead focus on the small number of substantive amendments in the group.

I begin with Amendment 51, which ensures that automatic renewal insurance products purchased before 25 May 2018 can continue to function. Automatic renewal products work on the principle that, if the insured person does not respond to the renewal notice, their insurance continues uninterrupted. Without the amendment this would not be possible for products such as motor insurance, which require processing of special categories of personal data and criminal convictions and offences data, potentially leaving individuals unwittingly uninsured.

Amendment 55 responds to a request from the Welsh Government to extend an exemption on passing information about a prisoner to an elected representative to Members of the Welsh Assembly. I am very happy to give effect to that request.

Amendment 56 ensures that existing court reporting—so important for ensuring open justice—can continue. Judgments may include personal data, so this amendment will allow the courts to continue with current reporting practices.

Paragraph 9 of Schedule 2 provides a limited exemption in respect of certain regulatory activities which could otherwise be obstructed by a sufficiently determined individual. Amendment 86 adds five additional regulatory activities to that list to allow relevant existing data processing activities to continue.

Amendment 87 extends the common-sense protection provided by paragraph 22 of Schedule 2 for confidential employment references, so that it also expressly covers confidential references given for voluntary work.

Amendments 90 and 186 ensure a consistent definition of “publish” and “publication” throughout the Bill.

I conclude my brief tour—it did not seem very brief to me—of these amendments with reference to the amendments to Schedule 6. As noble Lords will recall, in creating the applied GDPR Schedule 6 anglicises its language, so as to ensure that it makes sense in a UK context. This is a mechanical process involving, for example, replacing the term “member state” with “United Kingdom”. Amendments 112 to 114, 116 to 118 and 120 to 124 refine that process further.

The remaining amendments that I have failed to mention will dot the “i”s and cross the “t”s, as detailed in the letter from my noble friends Lord Ashton and Lady Williams when the amendments were tabled on 20 October. For these reasons, I beg to move Amendment 8 and ask the House to support the other government amendments in this group.

Lord Knight of Weymouth Portrait Lord Knight of Weymouth
- Hansard - -

My Lords, I will be brief on this group but I have two points to make. One is a question in respect of Amendment 51, where I congratulate the insurance industry on its lobbying. Within proposed new paragraph 15A(1)(b) it says,

“if … the controller has taken reasonable steps to obtain the data subject’s consent”.

Can the Minister clarify, or give some sense of, what “reasonable” means in this context? It would help us to understand whether that means an email, which might go into spam and not be read. Would there be a letter or a phone call to try to obtain consent? What could we as citizens reasonably expect insurance companies to do to get our consent?

Assuming that we do not have a stand part debate on Clause 4, how are the Government getting on with thinking about simplifying the language of the Bill? The noble Baroness, Lady Lane-Fox, is temporarily not in her place, but she made some good points at Second Reading about simplification. Clause 4 is quite confusing to read. It is possible to understand it once you have read it a few times, but subsection (2) says, for example, that,

“the reference to a term’s meaning in the GDPR is to its meaning in the GDPR read with any provision of Chapter 2 which modifies the term’s meaning for the purposes of the GDPR”.

That sort of sentence is quite difficult for most people to understand, and I will be interested to hear of the Government’s progress.