Lord Davies of Brixton (Lab)

- View Speech - Hansard -

Copy Link

-

My Lords, I congratulate the noble Lord, Lord de Clifford, on his excellent maiden speech. I am sure that in this area and others he will be a valuable addition to the House.

One of the advantages of speaking towards the end of the debate is that much of what one could have said has already been said. I particularly enjoyed the speech from my noble friend Lord Knight of Weymouth highlighting the way in which the Bill is consistently behind the curve, always fighting the last war. To some extent, that is inevitable in a field like this, which is developing so rapidly, and I am not convinced that sufficient thought has been given to how developments in digital technology require developments in how it is tackled in legislation.

I think we will have an interesting Committee, in which I will participate as much as I can. The Minister will have a busy spring, with at least two major Bills going through. I hope the Whips have taken account of the number of concerns that have been expressed in this debate, and by external bodies, and that enough time will be allowed in Committee. A particular concern is the large number of amendments added at a late stage in the Commons, which have not had sufficient consideration. It will be our job to look at them in detail.

The proposal to allow the inspection of people’s bank accounts with no due cause is a matter of due concern, which has been mentioned by many people in this debate. I highlight the remarks of UK Finance, the representative body for the banking and financial sector. It says:

“These Department for Work and Pensions proposals have been suggested previously, but they are not part of the economic crime plan 2 or fraud strategy, which are the focus of industry efforts in terms of public-private partnership in tackling economic crime”.


UK Finance goes on to suggest that powers should be more narrowly focused, that they should not leave vulnerable customers disadvantaged—as would appear to be the case in the current drafting—and that further consultation is needed with consumer groups and charities to capture the wider needs of people affected by this proposal. It also suggests that the delivery time for this proposal should be extended even further into the future. For the benefit of the Minister, I shall just interpret that by explaining that what it is saying is, “We have no idea where this proposal came from. It has no part in the overall strategy that was being developed to tackle fraud and we want it pushed off into the indefinite future”—in other words, do not bother. Perhaps the Minister will listen to UK Finance.

I want to focus my remarks particularly on health and health data, which is a particular concern. It is so intimate and personal that it requires additional consideration. It is not just another piece of data; this goes to heart of who we are. The Government said in the context of the King’s Speech that this Bill has been written with industry and for industry. Well, quite. It is possible that some of the changes might result in less work for businesses, including those working in healthcare, but the danger is that the additional flexibility which is being proposed will in fact create additional costs because it is less clear and straightforward, there will be increased risks of disclosure of information that should not be disclosed, and the non-standardised regime will just lead to confusion.

Data regulation can slow down the pace of data sharing, increase people’s concerns about risk, and make research and innovation more difficult. Patients and the public generally quite rightly expect particularly high standards in this area, and I have concerns that this Bill makes the situation worse and that its influence is negative rather than positive. This is a danger, because it affects the public’s attitude to health and health data. If people are worried about the disclosure of their information, this impacts on them seeking and taking advantage of healthcare. That affects all of us, so it is not just a matter of personal concern.

One of the big arguments for the disclosure of health data is that it is available for scientific and developmental research. The need for this is recognised and there are additional safeguards. The UK Health Security Agency can reuse data that is collected by the NHS for the business of disease control, and that is something I am sure we all favour. However, the concept that any data can be reused for scientific purposes has grave dangers, particularly when this Bill fails to define tightly enough what the scientific and developmental research amounts to. The definition of scientific research here appears to apply to commercial as well as non-commercial outfits, whether it is funded publicly or is a private development. This is the sort of concern that we are going to have to tackle in Committee to provide people with the protection that they quite rightly expect.

If we look in more detail at health data, we see that it is protected by the Caldicott principles for health and social care data. It is worth reading the eight principles. The first sets the scene. It says, in the context of social care:

“Every proposed use … of confidential information should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian”.


This Bill is in grave danger of moving beyond that level of protection, which has been agreed and which people expect. People want and expect better regulation of their personal data and more say over what happens to it. This Bill moves us away from that.

It is worth looking in this context at the views of the BMA, which is particularly concerned about health data. It emphasises the fact that the public expect high standards and calls on this House to challenge what it regards as the “problematic provisions” and to seek some reassurance from the Government. I will list what the BMA regards as problematic provisions and why it does not like them: Clause 11, which erodes transparency of information to data subjects; Clauses 32, 35, 143 and 144, which risk eroding regulatory independence and freedom; Clause 1, which risks eroding protections for data by narrowing the definition of “personal data”; Clause 14, which risks eroding trust in AI; Clause 17, which risks eroding the expertise and independence of organisational oversight; and Clauses 20 and 21, which risk eroding organisational data governance. We will need to explore all of these issues in Committee. The hope is that they will get the attention that they deserve.

When it comes to medical data, there is an even stronger case, which the Bill needs to tackle straight on, around people’s genetic information. This is the holy grail of data, which people are desperate to get hold of. It says so much about people, their background and their experiences. We need a super level of protection for genetic data. Again, this is something that needs to be tackled in the Bill.

There are other issues of concern that I could mention—for example, the abolition of the Biometrics Commissioner and Surveillance Camera Commissioner. This is a point of particular concern, raised by a number of bodies. It is quite clear that something is being lost by moving these over to a single commissioner. There is a softer power held by the commissioners, which, to be honest, a single commissioner will not have the time or the bandwidth to deal with.

There is also concern that there needs to be explicit provision in the Bill to enable representative bodies, such as trade unions and commercial organisations, to pursue complaints and issues of concern on behalf of individuals. The issue of direct marketing, particularly of financial services, needs to be addressed.

So there is lots to do on this Bill. I hope the Minister recognises that, at this stage, we are just highlighting issues that need to be looked at in detail, and that time will be provided in Committee to deal with all these issues properly.