Data Protection Bill [HL] Debate
Full Debate: Read Full DebateLord Kennedy of Southwark
Main Page: Lord Kennedy of Southwark (Labour - Life peer)Department Debates - View all Lord Kennedy of Southwark's debates with the Department for Digital, Culture, Media & Sport
(7 years, 1 month ago)
Lords ChamberMy Lords, Amendment 170J, which stands in my name and that of my noble friend Lord Stevenson of Balmacara, seeks to address an issue that I am not convinced is sufficiently covered in the Bill as it stands.
Freelance workers or self-employed people—whatever you want to call them—offering a range of services and seeking work through various platforms, have sprung up in recent years. In many cases, their customers are able to rate them and the work they have done. However, these individuals often find that they cannot take that rating information with them if they move on to another platform. The reviews are written by third parties, who rate the quality of the work, and understandably it is very valuable to the trades- persons if they can carry those reviews forward with them.
This is a very strange situation. Various companies often maintain that they do not have employees and that they are merely acting as a platform, a noticeboard or a portal where people can find tradespersons. However, those tradespersons then find that it is not very easy to take information about them with them when they move on. This is intended as an enabling amendment to put on the face of the Bill that data subjects have the right to take with them the information written about them by third parties when they move on to another platform.
At this stage, this is obviously a probing amendment but I am keen to hear what the noble Lord has to say about this issue. It is important for the people concerned—if you have done a good job, you want to take recognition of that with you. I look forward to the noble Lord’s response.
My Lords, I am grateful to the noble Lord, Lord Kennedy, for turning the Committee’s attention to the provisions in Clause 163. The clause makes it a criminal offence for a data controller, or somebody employed by the controller, to deliberately frustrate a subject access request by altering, defacing or destroying information that a person would have been entitled to receive.
This offence is not new. A similar offence was provided for in Section 77 of the Freedom of Information Act 2000. The only difference between the offence in Clause 163 and the offence in the Act is that the latter was limited to the handling of subject access requests by public authorities and their employees and agents, whereas Clause 163 extends this to apply to all controllers.
The noble Lord’s amendment would make it clear that the offence applies where a data subject requests personal data about them contained in a review about workers written by a third party. I am grateful to the noble Lord for explaining the background to the amendment; nevertheless, I submit that it is unnecessary. Article 15 of the GDPR makes it clear that the data subject has the right to obtain from the controller confirmation as to whether data about him or her is being processed, as well as access to that data. Whether a report about the data subject was compiled by a third party or processor acting on the controller’s behalf is irrelevant, as it still amounts to personal data held by the controller.
It is always unacceptable for any controller to destroy or deface personal data with the sole intention of preventing somebody accessing what they were entitled to. That is precisely why Clause 163 creates a criminal offence targeted on that particular activity.
I hope that I have addressed the noble Lord’s concerns. If I have not, of course I will be more than happy to discuss them with him later. Therefore, I hope that he will be able to withdraw the amendment.
I thank the noble Lord for his response. He has not really addressed the point that I was making, so I will be very happy to have a discussion outside the Chamber. This is a real problem that is happening now and I am not convinced that what we have in the Bill will be enough to deal with it. It may well be that my amendment is not in the right place, but there is an issue with people not easily accessing data that is held on them, particularly for the self-employed and others seeking work through various platforms.
If we have misunderstood the noble Lord’s intention behind the amendment, I apologise. As I said, we will be happy to discuss it with him.
I do not think that the noble Lord misunderstood; it is just that there are several issues around the gig economy that we need to look at, and I shall be happy to discuss them outside the Chamber. I beg leave to withdraw the amendment.
My Lords, the Bill creates a comprehensive and modern framework for data protection in the UK. The importance of these data protection standards continues to grow—a point that has not been lost on noble Lords, nor the Government. That is why the Government have tabled Amendments 185A, 185B, 185C and 185D, which provide for a framework for data processing by government.
Inherent in the execution of the Government’s function is a requirement to process significant volumes of personal data, whether in issuing a passport or providing information on vulnerable persons to the social services departments of local authorities. The Government recognise the strong public interest in understanding better how they process that data. The framework is intended to set out the principles and processes that the Government must have regard to when processing personal data.
All government and public sector activities require some form of power to process personal data, which is derived from both statute and common law. In light of the requirements of the GDPR, such processing should be undertaken in a clear, precise and foreseeable way. The Government’s view is that the framework will serve further to improve the transparency and clarity of existing government data processing. The Government can, and should, lead by example on data protection. To that end, the proposed clauses provide the Secretary of State with the power to issue guidance in relation to the processing of personal data by government under existing powers. As I have already stated, government departments will be required to have regard to the guidance when processing personal data.
The Government have consulted the Information Commissioner in preparing the amendment and will, as required in Amendment 185A, consult the commissioner before preparing the framework. The Government are keen to benefit from the commissioner’s expertise in this area and to ensure that the framework does not conflict with the commissioner’s codes of practice. The guidance should provide reassurance to data subjects about the approach that government takes to processing data and the procedures it follows when doing so. It will also help to strengthen further the Government’s compliance with the GDPR’s principles. I beg to move.
My Lords, government Amendments 185A, 185B, 185C and 185D add four fairly substantial new clauses to the Bill on the last day of Committee. I can see the point made by the Minister when he moved the amendments, but it is disappointing that they were not included right at the start. Have the Government just thought about them as a good thing?
The Delegated Powers and Regulatory Reform Committee has not had time to look at these matters. I note that in Amendment 185A, the Government suggest that regulations be approved by Parliament under the negative procedure. I will look very carefully at anything that the committee wants to bring to the attention of the House when we look at these matters again on Report. I am sure the committee will have reported by then.
I will not oppose the amendments today, but that is not to say that I will not move some amendments on Report—particularly if the committee draws these matters to the House’s attention.
My Lords, I want to echo that point. There is time for reflection on this set of amendments and I sympathise with what the noble Lord, Lord Kennedy, said.