All 1 Debates between David Drew and Matt Hancock

Mon 5th Mar 2018
Data Protection Bill [Lords]
Commons Chamber

Money resolution: House of Commons & Programme motion: House of Commons

Data Protection Bill [Lords]

Debate between David Drew and Matt Hancock
Money resolution: House of Commons & Programme motion: House of Commons
Monday 5th March 2018

(6 years, 8 months ago)

Commons Chamber
Read Full debate Data Protection Act 2018 View all Data Protection Act 2018 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 77-I Marshalled list for Third Reading (PDF, 71KB) - (16 Jan 2018)
Matt Hancock Portrait Matt Hancock
- Hansard - - - Excerpts

I thought I had answered the question—the right hon. Member for East Ham (Stephen Timms) was nodding, so I thought I had at least had a crack at it. As the Prime Minister set out on Friday, and as we set out for the first time last August, we will seek, through the Information Commissioner’s Office, to remain engaged in those technical discussions about the future of the rules. As was proposed in the Conservative party manifesto, the Bill also gives young people the right to have data about them removed once they are 18 years old.

The second element is transparency, which is absolutely vital. All citizens should be able to know what is happening to their data and how it is being used. The Bill requires data controllers to give people information about who controls data, the purpose of processing it, and how long it will be stored. That is especially crucial in a world in which emerging technologies such as artificial intelligence are making increasingly important ethical decisions. The Bill therefore provides powers for the restriction of automated decision making and safeguards for those whose data is used. Our new centre for data ethics and innovation will advise on those safeguards, so that we can promote innovation and respond quickly to changes in technology with clear and transparent guidelines that are based on openness and consent.

The third principle is security. The Bill enhances requirements relating to the security of data and strengthens enforcement for those who do not comply. Data security and innovation go hand in hand, and this move will benefit customers and all responsible businesses. The Data Protection Act 1998 has served us well and placed the UK at the forefront of global data protection standards, but the world has changed since 1998, and the Bill updates the position to make our laws fit for purpose in an increasingly digital economy and society. It modernises many of the offences under the Act and creates new offences to help us to deal with emerging challenges.

David Drew Portrait Dr David Drew (Stroud) (Lab/Co-op)
- Hansard - -

The Secretary of State is being very generous in taking interventions. He has probably heard from the National Association of Local Councils, which represents parish and town councils. It has asked that an external data protection officer will not have to be appointed at every council level. There would be a cost of some £3.5 million to the smallest but most relevant authorities, so will the Secretary of State be sympathetic to its request for relief from that onerous responsibility?

Matt Hancock Portrait Matt Hancock
- Hansard - - - Excerpts

I have received representations not only from the National Association of Local Councils, but from the Suffolk Association of Local Councils and many of my own parish councils—including Moulton Parish Council—which do an admirable job in telling me about the pressures facing parish councils throughout the country. I pay tribute to them for their efforts, and for the length of their representations to me.

Of course it is important for parish councils, and other local councils, to follow high-quality data protection standards. The Information Commissioner’s Office has provided extensive guidance to help organisations to prepare for their new responsibilities, and I urge councils to look at it.

The responsibilities of data protection officers—this is relevant to the issue raised by the hon. Gentleman—can be implemented in different ways. For instance, several parish councils can choose to share a single data protection officer, provided that he or she is easily accessible from each establishment. The system does not require the hiring of one person per organisation. Organisations have already been set up to provide this service, and the service itself is important. In the case of a small organisation, such as a very small business or a parish council on a low budget, it is still important for data to be handled and protected carefully, because small organisations too can hold very sensitive personal information. I am extremely sympathetic to the plight of small businesses that must deal with regulation—especially as I come from a small business background myself—but I am also convinced that it is good practice to follow high-quality data protection standards and that it is good for organisations to do so.