Draft Data Protection (Charges and Information) (Amendment) Regulations 2019 Debate
Full Debate: Read Full DebateChris Bryant
Main Page: Chris Bryant (Labour - Rhondda and Ogmore)Department Debates - View all Chris Bryant's debates with the Department for Digital, Culture, Media & Sport
(5 years, 9 months ago)
General CommitteesI beg to move,
That the Committee has considered the draft Data Protection (Charges and Information) (Amendment) Regulations 2019.
It is a pleasure to serve under your chairmanship, Mr Bone.
The purpose of the amendment regulations is to implement a new exemption from the annual data protection charge for elected representatives, candidates for election and Members of the House of Lords. Any individual or organisation that decides what happens with the personal data of others is considered a data controller under the Data Protection Act 2018, and that includes many of us in this room, as we have responsibility for often highly sensitive personal information about our constituents.
This House debated the Data Protection (Charges and Information) Regulations 2018 in March 2018 and they came into force on 25 May 2018. The new charging structure they introduced provides increased funding for the Information Commissioner’s Office, which supports the office’s vital work in protecting the information and privacy rights of individuals. Individuals’ personal data is increasingly becoming a commodity in its own right and it is therefore more important than ever that we have a strong and adequately resourced regulator to investigate any data controllers who fail in their data protection responsibilities.
Under the regulations, all data controllers are required to pay an annual data protection charge, unless a relevant exemption applies. There are three levels of charge: micro-organisations, including individuals, pay £40; small and medium organisations pay £60; and large organisations pay £2,900. It is not always appropriate or fair for data controllers to be subject to a charge, which is why the Government have created a number of exemptions. The exemptions ensure that we maintain a fair and flexible framework and do not impose undue financial burdens on, for example, small and medium-sized businesses.
When the 2018 regulations were debated, the Government committed to holding a public consultation on the exemptions, which included the consideration of a new exemption for elected representatives. The consultation, which took place last summer, also sought views on exempting prospective candidates for election as well as Members of the House of Lords, and the Government response was published in November 2018. The consultation exercise was a success, with the Department receiving 430 responses from the public, private and third sectors, as well as from individuals. The consultation demonstrated that there was public support for the current exemptions. It also demonstrated broad public support for the proposed new exemption for elected representatives, prospective candidates and Members of the House of Lords, and it is that exemption that is the subject of the amendment regulations before the Committee.
Dealing with personal and often highly sensitive data is central to the role of elected representatives. A vital part of our duties is to help individuals, and that inevitably involves receiving and using personal data. That is applicable not just to those of us who serve in Westminster or the devolved Parliaments, but to local representatives—councillors, police and crime commissioners—and representatives across all tiers of Government. The Government believe that imposing an annual data protection charge on individuals who are fulfilling their democratic duties to the public is wrong and could present a barrier to democracy and disincentivise people from putting themselves forward for election. Similarly, the Government do not think that prospective or nominated candidates for elected offices should be liable to a charge for the processing of personal data undertaken in support of their candidacy. If incumbents would not have to pay the charge, that would be undemocratic and unfair.
The Government also accept the value-for-money concerns raised by hon. Members during last year’s debates on introducing the charge structure. Many representatives reclaim the charge, either through the Independent Parliamentary Standards Authority or, in the case of local government, from their local authority. That creates an inefficient and duplicative charge on the public purse and does not represent value for money for taxpayers.
As I have mentioned, there was support for the exemption proposed today in the consultation responses. Some responses recognised that processing personal data was an important function of elected representatives.
I presume that the Minister will come on to this point, but she keeps on talking about elected representatives, and I do not understand why Members of the House of Lords are included. They do not have responsibility for constituencies and they are not elected. Why are they included?
The issue was debated and it was felt that although Lords are clearly not elected, they handle personal data in the course of their work, or they may do so if they are involved in the passage of legislation or a campaign. People may well contact them and reveal personal data in the course of the campaign, or they may reveal their views on particular legislation in which their lordships are engaged.
Some responses to the consultation recognised that processing personal data was an essential function of our work. The regulations therefore propose a new exemption from payment of the data protection charge for the processing of personal data by Members of the House of Lords; elected representatives, as defined in paragraph 23(3) of schedule 1 to the Data Protection Act 2018, where that processing is in connection with the discharge of their respective functions; and candidates —prospective and validly nominated—seeking to become elected representatives.
The proposed exemption only refers to payment of the annual data protection charge. It does not exempt elected representatives and others from adhering to data controller responsibilities under current data protection legislation. We all have a fundamental duty to uphold and protect the information rights of the individuals whom we serve. The ICO can and will still take enforcement action for non-compliance against any data controller, including those covered by exemptions from charges.
The Government have a duty to ensure that the ICO is adequately funded to deliver on its incredibly important remit. Approximately 18,000 data controllers will fall within the new exemption, which will lead to a loss of approximately £720,000 in the ICO’s total income for any given year. However, I am confident that the impact is manageable. The effects will be mitigated by an increase of approximately £18 million in the ICO’s income in 2018-19 alone, with further growth predicted for future years.
We have of course engaged with the Information Commissioner and her office on the introduction of the exemption. I can report that the ICO is content that the exemption will not impact on its ability to effectively deliver its remit. The ICO will continue to be a staunch protector of individuals’ information rights and continue to provide essential guidance and support to data controllers across the UK. I conclude by assuring the Committee that the Government are committed to maintaining a strong data protection framework, reflecting not only the needs of data controllers and individuals, but also providing a fair and flexible funding model for the important work of our regulator. That includes an exemption structure that ensures that charges are paid only where it is appropriate and proportionate.