Data Protection Bill [ Lords ] (Morning sitting) Debate

Full Debate: Read Full Debate
Department: Department for Digital, Culture, Media & Sport
Thursday 15th March 2018

(6 years, 8 months ago)

Public Bill Committees
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Daniel Zeichner Portrait Daniel Zeichner (Cambridge) (Lab)
- Hansard - -

It is a pleasure to serve under your chairmanship, Mr Streeter. I listened closely to the Minister—I am struggling with the real and the applied GDPRs, as I am sure we all are—and the sense I get is that that will lead to potential divergence, which could have further consequences. We have reached an important point in the discussion. If we have divergence a few years down the line, does that not put adequacy at risk?

Margot James Portrait Margot James
- Hansard - - - Excerpts

I reassure the hon. Gentleman that divergence, if it occurs, will apply only to the applied GDPR, which is outside the scope of EU law, and therefore may well apply in a similar sense to member states as well as to us, when we become a third country.

--- Later in debate ---
Darren Jones Portrait Darren Jones
- Hansard - - - Excerpts

My right hon. Friend is exactly right. Of course, the Information Commissioner is an excellent commissioner. We are privileged to have Elizabeth in the role here in the UK, not least with her experience, as a Canadian, of being in a third country. That is why I put some flexibility into my amendment—to recognise that situations may arise about which we cannot hypothesise today in which the commissioner will need some flexibility. Under my amendment, she has the power to add modifications that she considers necessary. The Government’s concerns about the lack of flexibility are not reflected in the drafting of my amendment, as I have tried to deal with that.

The idea that the amendment increases the European data protection board’s power is incorrect, because this is UK law, not European Union law. The amendment merely says that we will go only slightly further, with flexibility, by recognising that in the decisions that we want to be a part of—that is a really important point here—and to influence, we will take the obligations as well as the responsibilities, should we be invited to.

Daniel Zeichner Portrait Daniel Zeichner
- Hansard - -

Could the Bill not also put the Information Commissioner in an extraordinarily difficult position? Decisions that she may make in the future could have huge political consequences. I would be surprised if she wanted to take that on.

Darren Jones Portrait Darren Jones
- Hansard - - - Excerpts

I agree with my hon. Friend. The reality may be that under the wording in the Bill, the Information Commissioner has no choice but to apply and incorporate the European data protection board’s decisions if it is to keep up and maintain adequacy.

That is why the amendment is not something to worry about. It seeks to do what will probably happen in practice, but it puts our commitment to that relationship in the Bill. When we say to Europe that, uniquely, unlike any other third country and despite not being a member of the European Union, we want to have a position of influence on the EDPB, we can also say that we recognise that no one else has that level of influence, but in seeking to have it, we have made commitments to that future relationship in UK legislation.

I do not think any other Members here are members of the European Scrutiny Committee, but I spent the whole of yesterday afternoon losing votes on amendments to a report, and I rather enjoyed myself, so I will press this amendment to a vote.

Question put, That the amendment be made.

--- Later in debate ---
Victoria Atkins Portrait Victoria Atkins
- Hansard - - - Excerpts

I am very happy to write to the right hon. Gentleman about that. The exemption does not cover all processing of personal data by the Ministry of Defence, but I am happy to write to him on that subject.

It may assist the Committee if I give a few examples of processing activities that might be considered to fall into the definition of defence purposes requiring the protection of the exemption. Such processing could include the collation of personal data to assist in assessing the capability and effectiveness of armed forces personnel, including the performance of troops; the collection and storage of information, including biometric data necessary to maintain the security of defence sites, supplies and services; and the sharing of data with coalition partners to support them in maintaining their security capability and the effectiveness of their armed forces. That is not an exhaustive list. The application of the exemption should be considered only in specific cases where the fulfilment of a specific data protection right or obligation is found to put at risk the security capability or effectiveness of UK defence activities.

The hon. Member for Sheffield, Heeley asked for a definition of national security. It has been the policy of successive Governments not to define national security in statute. Threats to national security are constantly evolving and difficult to predict, and it is vital that legislation does not constrain the security and intelligence agencies’ ability to protect the UK from new and emerging threats. For example, only a few years ago it would have been very difficult to predict the nature or scale of the threat to our national security from cyber-attacks.

Clause 26 does not provide for a blanket exemption. It can be applied only when it is required to safeguard national security or for defence purposes.

Daniel Zeichner Portrait Daniel Zeichner
- Hansard - -

What weight does the Minister give to the written evidence that the Committee received from the Information Commissioner’s Office? It is obviously expert on this issue, and it addresses some of the points she made. It concludes that there is no threshold for when “defence purposes” are to be used, and that there is no guidance

“for when it is appropriate to rely on the exemption.”

What weight does the Minister give to that, and what is her response to the concern raised by the Information Commissioner’s Office?

Victoria Atkins Portrait Victoria Atkins
- Hansard - - - Excerpts

Again, surely it is for the Executive—elected officials—to take responsibility for decisions that are made by data controllers in the Ministry of Defence. Obviously, the Department has considered the Information Commissioner’s representations, but this is not a blanket exemption. The high threshold can be met only in very specific circumstances.

Question put and agreed to.

Clause 26 accordingly ordered to stand part of the Bill.

Clause 27

National security: certificate