(6 years, 6 months ago)
Commons ChamberI am delighted that 10,212 employers have now reported their gender pay gap, as of 9 o’clock this morning. That is 95% of eligible employers. Of course, reporting is just the first step, and it is important that employers now take action to close the gender pay gap in their businesses and organisations. Many have already published action plans, and we are working to support employers to take action to close those gaps.
Of course, had the coalition implemented Labour’s ground-breaking 2010 Equality Act fully, we would be much further down the road towards gender pay equality today. It is all very well publishing the data, but when is the Minister going to show some grit and insist that companies produce action plans, so that we can make some real progress?
The hon. Gentleman does the Government a disservice, if I may say so. This is world-leading legislation, and I have always been careful to ensure that we share the credit for it with the right hon. and learned Member for Camberwell and Peckham (Ms Harman), who brought the Act into being. We are ambitious about this, but we want to bring business with us. This is about cultural change, and there are really good signs that businesses are now listening to the public’s will that women must be paid fairly and properly.
(6 years, 8 months ago)
Public Bill CommitteesIf I may, I will write to the right hon. Gentleman with that precise number, but I know that the Equality and Human Rights Commission is very clear in its guidance that employers must act within the law. The law is very clear that there are to be no direct or indirect forms of discrimination.
The hon. Member for Cambridge raised the GDPR, and talked about looking forwards not backwards. Article 5(1)(a) requires processing of any kind to be fair and transparent. Recital 71 draws a link between ensuring that processing is fair and minimising discriminatory effects. Article 35 of the GDPR requires controllers to undertake data protection impact assessments for all high-risk activities, and article 36 requires a subset of those impact assessments to be sent to the Information Commissioner for consultation prior to the processing taking place. The GDPR also gives data subjects the tools to understand the way in which their data has been processed. Processing must be transparent, details of that processing must be provided to every data subject, whether or not the data was collected directly from them, and data subjects are entitled to a copy of the data held about them.
When automated decision-making is engaged there are yet more safeguards. Controllers must tell the data subject, at the point of collecting the data, whether they intend to make such decisions and, if they do, provide meaningful information about the logic involved, as well as the significance and the envisaged consequences for the data subject of such processing. Once a significant decision has been made, that must be communicated to the data subject, and they must be given the opportunity to object to that decision so that it is re-taken by a human being.
We would say that the existing equality law and data protection law are remarkably technologically agnostic. Controllers cannot hide behind algorithms, but equally they should not be prevented from making use of them when they can do so in a sensible, fair and productive way.
Going back to the point raised by my right hon. Friend, I suspect that the number of cases will prove to be relatively low. The logic of what the Minister is saying would suggest that there is no algorithmic unfairness going on out there. I do not think that that is the case. What does she think?
I would be guided by the view of the Equality and Human Rights Commission, which oversees conduct in this area. I have no doubt that the Information Commissioner and the Equality and Human Rights Commission are in regular contact. If they are not, I very much hope that this will ensure that they are.
We are clear in law that there cannot be such discrimination as has been discussed. We believe that the framework of the law is there, and that the Information Commissioner’s Office and the Equality and Human Rights Commission, with their respective responsibilities, can help, advise and cajole, and, at times, enforce the law accordingly. I suspect that we will have some interesting times ahead of us with the release of the gender pay gap information. I will do a plug now, and say that any company employing more than 250 employees should abide by the law by 4 April. I look forward to reviewing the evidence from that exercise next month.
We are concerned that new clauses 7 and 8 are already dealt with in law, and that new clauses 9 to 11 would create an entirely new regulatory structure just for computer-assisted decision-making in the workplace, layered on top of the existing requirements of both employment and data protection law. We want the message to be clear to employers that there is no distinction between the types of decision-making. They are responsible for it, whether a human being was involved or not, and they must ensure that their decisions comply with the law.
Having explained our belief that the existing law meets the concerns raised by the right hon. Member for Birmingham, Hodge Hill, I hope he will withdraw the new clause.
(6 years, 8 months ago)
Public Bill CommitteesI am very happy to write to the right hon. Gentleman about that. The exemption does not cover all processing of personal data by the Ministry of Defence, but I am happy to write to him on that subject.
It may assist the Committee if I give a few examples of processing activities that might be considered to fall into the definition of defence purposes requiring the protection of the exemption. Such processing could include the collation of personal data to assist in assessing the capability and effectiveness of armed forces personnel, including the performance of troops; the collection and storage of information, including biometric data necessary to maintain the security of defence sites, supplies and services; and the sharing of data with coalition partners to support them in maintaining their security capability and the effectiveness of their armed forces. That is not an exhaustive list. The application of the exemption should be considered only in specific cases where the fulfilment of a specific data protection right or obligation is found to put at risk the security capability or effectiveness of UK defence activities.
The hon. Member for Sheffield, Heeley asked for a definition of national security. It has been the policy of successive Governments not to define national security in statute. Threats to national security are constantly evolving and difficult to predict, and it is vital that legislation does not constrain the security and intelligence agencies’ ability to protect the UK from new and emerging threats. For example, only a few years ago it would have been very difficult to predict the nature or scale of the threat to our national security from cyber-attacks.
Clause 26 does not provide for a blanket exemption. It can be applied only when it is required to safeguard national security or for defence purposes.
What weight does the Minister give to the written evidence that the Committee received from the Information Commissioner’s Office? It is obviously expert on this issue, and it addresses some of the points she made. It concludes that there is no threshold for when “defence purposes” are to be used, and that there is no guidance
“for when it is appropriate to rely on the exemption.”
What weight does the Minister give to that, and what is her response to the concern raised by the Information Commissioner’s Office?
Again, surely it is for the Executive—elected officials—to take responsibility for decisions that are made by data controllers in the Ministry of Defence. Obviously, the Department has considered the Information Commissioner’s representations, but this is not a blanket exemption. The high threshold can be met only in very specific circumstances.
Question put and agreed to.
Clause 26 accordingly ordered to stand part of the Bill.
Clause 27
National security: certificate
(6 years, 8 months ago)
Public Bill CommitteesI am very happy to write to the right hon. Gentleman about that. The exemption does not cover all processing of personal data by the Ministry of Defence, but I am happy to write to him on that subject.
It may assist the Committee if I give a few examples of processing activities that might be considered to fall into the definition of defence purposes requiring the protection of the exemption. Such processing could include the collation of personal data to assist in assessing the capability and effectiveness of armed forces personnel, including the performance of troops; the collection and storage of information, including biometric data necessary to maintain the security of defence sites, supplies and services; and the sharing of data with coalition partners to support them in maintaining their security capability and the effectiveness of their armed forces. That is not an exhaustive list. The application of the exemption should be considered only in specific cases where the fulfilment of a specific data protection right or obligation is found to put at risk the security capability or effectiveness of UK defence activities.
The hon. Member for Sheffield, Heeley asked for a definition of national security. It has been the policy of successive Governments not to define national security in statute. Threats to national security are constantly evolving and difficult to predict, and it is vital that legislation does not constrain the security and intelligence agencies’ ability to protect the UK from new and emerging threats. For example, only a few years ago it would have been very difficult to predict the nature or scale of the threat to our national security from cyber-attacks.
Clause 26 does not provide for a blanket exemption. It can be applied only when it is required to safeguard national security or for defence purposes.
What weight does the Minister give to the written evidence that the Committee received from the Information Commissioner’s Office? It is obviously expert on this issue, and it addresses some of the points she made. It concludes that there is no threshold for when “defence purposes” are to be used, and that there is no guidance
“for when it is appropriate to rely on the exemption.”
What weight does the Minister give to that, and what is her response to the concern raised by the Information Commissioner’s Office?
Again, surely it is for the Executive—elected officials—to take responsibility for decisions that are made by data controllers in the Ministry of Defence. Obviously, the Department has considered the Information Commissioner’s representations, but this is not a blanket exemption. The high threshold can be met only in very specific circumstances.
Question put and agreed to.
Clause 26 accordingly ordered to stand part of the Bill.
Clause 27
National security: certificate