Digital Economy Bill (Third sitting) Debate
Full Debate: Read Full DebateLouise Haigh
Main Page: Louise Haigh (Labour - Sheffield Heeley)Department Debates - View all Louise Haigh's debates with the Cabinet Office
(8 years, 1 month ago)
Public Bill CommitteesWe will hear oral evidence first from StepChange, Citizens Advice and Dr Jerry Fishenden from the Cabinet Office’s privacy and consumer advisory group. Before I call Louise Haigh to ask the first question, I remind all hon. Members that questions should be limited to matters within the scope of the Bill and that we must stick to the timings in the programme motion that the Committee agreed to. For this session, we have until 12 o’clock. Will the witnesses please introduce themselves for the record?
Peter Tutton: Hello everybody. My name is Peter Tutton and I am from StepChange Debt Charity.
Dr Fishenden: Good morning. My name is Jerry Fishenden. I am a technologist working with private and public sector clients. Today, I am here in my capacity as co-chair of the Cabinet Office’s privacy and consumer advisory group.
Alistair Chisholm: Hello. My name is Alistair Chisholm and I am here from Citizens Advice.
Q 214 I will start with part 5 and ask about debt collection. My questions are particularly aimed at StepChange and Citizens Advice. What concerns do you have about the principles of public authority debt collectors when dealing with their creditees?
Peter Tutton: Sorry, did you say local authorities?
No, just the public sector.
Peter Tutton: We recently did a poll of our clients and asked them which of the different types of creditor they face treats them the most unfairly. Our clients are all people in heavy financial difficulty; they are really struggling and under pressure. Of the top five creditors that treated them the most unfairly, four were Government Departments or agents collecting Government debt.
We are concerned that the way in which public debt is collected is not subject to the same sort of oversight and scrutiny as private sector debt. Organisations from banks to payday lenders are part of a regulated sector that still has problems, but those problems can be addressed. In the public sector, we do not see the same kind of control and oversight, or even any sense of regulation about how that should be done. As a result, we see a lot of problems, with the sort of debt collection practices that we might have seen 20 years ago from banks now coming from the collection of public debt.
Q Can you give us an example of those kinds of problems?
Peter Tutton: With central Government debt, it will be things such as persistent aggressive phone calls; old debts suddenly popping up with no explanation; and people trying to arrange affordable payment, getting short shrift and being told, “Pay this or else.” With local government debts, bailiffs are used and there is a lack of any kind of mechanism to make affordable, sustainable payments, which are at the core of what people need.
Our clients typically have six debts. They are often in difficulty because they have lost their job or become ill, and they need a period to recover control of their finances. We need creditors to show some forbearance and help people to make affordable, sustainable repayments. When that happens, about 60% of people say that their finances start to recover straight away. When that does not happen, none say that.
If people get shouted at and told to pay money they cannot afford, they actually go and borrow somewhere else—about a third of our clients went to a payday lender when they received an aggressive payment demand that they could not afford—or they do not pay another bill. The financial chaos continues, and gets worse and worse.
Alistair Chisholm: There is a particular issue around the way in which debts can be disputed. There is a difference between the way in which that is dealt with in the public sector and in the private sector. I certainly agree that the Government need to apply to their own collection activities the standards and protections they have asked financial, energy and water services to offer to consumers. The Bill is an opportunity to make that change and, if they do, sharing data can be helpful.
We see a lot of cases in which bad data sharing has a wasteful effect on Government and a detrimental effect on our clients. For example, in a survey of our advisers last year, 55% of them had seen more than one case the previous 12 months in which a debt was sent to a bailiff but in which the debtor’s council tax benefit had actually not been processed. It is a common, systemic problem that bits of Government do not use their own data to try to resolve people’s problems. That is an opportunity for the Government, but there are big risks.
Take the recent debacle with Concentrix and Her Majesty’s Revenue and Customs, in which the Government were using credit reference data and, it seems to me, tracing data to find people who were guilty of cohabiting. They were accusing those people of having a tax credit debt and it turned out they were not guilty of that at all. If mistakes like that are ricocheting around public sector debt collectors, the detriment could be much worse. For this power to work we need a shift in the way the Government collect debt. It needs to be allied with the best practices in the private sector, particularly—
Q Sorry, but what precisely could the Bill do to address that?
Alistair Chisholm: The Bill says that people who are sharing data should “have regard to” a statement of good practice, but we do not have that statement of good practice and “have regard to” does not seem to me to be very forceful. There are three particular things I think would help to change Government debt collection so they could use data sharing more safely. They could set affordable payments in the way the private sector does; the Government could introduce the standard financial statement that the banks, energy and water companies and the advice sector are going to be using from March next year. They could introduce fair dispute resolution; if the debt is reasonably disputed, stop collecting it until the complaint is investigated. Banks are not allowed to collect it then but public sector creditors routinely do it.
Finally, the big shift we have seen in commercial credit in recent years is the decision to place the legitimate interests of the consumer at the centre of debt collection activities, which means to help them rather than to have an unnecessary adversarial relationship. So, fair payments, fair disputes and being helpful could transform debt collection from being aggressive, adversarial and often wasteful to being helpful and to helping people to rehabilitate themselves.
Q Dr Fishenden, if we can move on to you in relation to part 5, specifically the measures on data sharing. Do the proposals reassure you that the Government have given sufficient consideration to privacy, data security and data ethics?
Dr Fishenden: The policy intent is clear and I suspect you will not hear much disagreement with that. The consultation did not find that either; people were broadly in agreement. The measures described in part 5 are fairly general and vague. There is a lot of reference to the codes of practice, which have still not have appeared.
In general, given that it is about seven years since the previous data sharing proposals were withdrawn for being too wide-ranging and vague and for work to be done on them to make them more specific and build in protections and controls, I am quite surprised that we are back with a Bill that seems aspirationally in the right place but that has none of the detail that allows us to check the sort of security, data protection and controls that will be needed.
There is not even any definition in the Bill of what data sharing means, which gives me a problem. Some people seem to assume it means people copying data around, and I guess that is implied in the bulk data provisions—it seems to imply movement of data between parties. Good cyber-security practice would be to leave the data with their original owner, who can gate access to those data or, as I described in my written submission, can confirm aspects of them.
A specific example could be applying for a blue badge. All that is needed to process that claim is to confirm with the DVLA that a person is a registered driver, that they have a legitimate driving licence and that they own the vehicle for which they are applying for the blue badge; to know from the DWP that they are registered disabled; and the local authority undertaking that process needs to check that person is a resident. There is not actually a flow of data going on there; it is merely a process whereby, to get a blue badge, you confirm the person is disabled, is a registered driver and is living within the local authority boundaries.
I find it quite surprising that the Bill does not have a definition of what data sharing is, either legally or technically. In the absence of the codes of practice, it is very hard to know what it actually means.
Q In your experience, is it unusual for the Government not to have published at least draft codes of practice alongside legislation of this nature?
Dr Fishenden: I would have assumed that they would be drafted in concert with the Bill, because to test the provisions in the Bill, you would need to run them back past the codes of practice to check that the two work together. I am a bit confused about why they have not appeared, because I cannot see how the Bill would have been drafted without them.
Q I have a question for Mr Chisholm. I put on record my thanks to your organisation for the wonderful work that it does in my constituency—and in everyone else’s, I am sure—in helping some of the more vulnerable people in society. It is a fantastic organisation. We hear a lot about the big picture of how technology can help people and make their lives better, but you guys are at the coalface, helping vulnerable people. Will you explain how some of the measures in the Bill on data sharing are going to make your life easier and deliver tangible benefits to vulnerable people?
Alistair Chisholm: As I said before, there are definitely cases in which the Government or local authorities do not use their own data to help people when they could. For example, when somebody is paying their magistrate’s fine directly from their benefits, sometimes the benefits change, so the flow is disrupted and the payments stop.
We often see cases in which somebody then has a bailiff at their door and they are threatened with imprisonment when, in fact, they want to pay. The Government actually know that there has been a temporary interruption to their benefits, or that somebody is shifting from jobseeker’s allowance to employment and support allowance. If those data were joined up—obviously in a way that protected consumers as they need to be protected—the debt would continue to be paid, the problem would not be escalated, and the person would have a stable financial arrangement that enables them to meet their obligations. There are opportunities like that.
It is really important to say that it is now time for the Government to do what they have asked the private sector to do in the way they collect data. They need to adapt their systems so that payments are affordable and debts can be reasonably disputed, and so that people are helped.
Q I have a final question. We have touched, in previous evidence hearings, on the nature of consent and individual knowledge about data sharing. What are the challenges with using consent-based data-sharing models? Do you accept that there is a necessity for data sharing to be used for the benefit of particular vulnerable groups in society without the need for consent?
Elizabeth Denham: The provision in part 5—the kind of data sharing that is envisioned—is not a consent regime. In many cases, citizens do not have a choice. There is one provider and the data need to be shared for good public interest purposes. Consent is not a silver bullet.
If, as is the case here, you are not using consent as a basis for sharing information, the other obligations rise. The need for transparency, safeguards, parliamentary scrutiny and independent oversight are even more important when you are not relying on consent. Those other obligations need to be strengthened.
Q Apologies for my brief absence from the Committee. Ms Denham, do you believe that the proposals in part 5 comply with the EU’s general data protection regulation?
Elizabeth Denham: There may be some challenges between the provisions and the GDPR. Obviously the GDPR will come into effect in 2018 unless we leave Europe before that date. There are some new controls for individuals that are built into the GDPR. There would be a need to carefully review the provisions of this Bill against the GDPR to ensure that individuals could have the right to be forgotten, for example, so that they could ask for the deletion of certain types of data, as long as that was not integral to a service. That is one example.
Steve Wood: To build on those points, the GDPR will strengthen the rights of individuals, particularly in the area of transparency that the commissioner has mentioned already. Article 12 talks about the importance of clear and accessible information to individuals. This Bill will need to operate alongside the GDPR’s enhanced and strong requirements to make sure that the key concepts in that legislation are upheld. The other key concepts we take from European data protection more generally are the those of necessity and proportionality, which is where there will be some important areas to measure the intention of the Bill against the GDPR.
Q We have heard your concerns about the draft codes of practice, which I also find very concerning. Of course, we do not know because we have not seen any draft codes of practice. Would you advise Members to vote on Government powers of that nature without seeing such draft codes of practice? Who else should be consulted on such codes before they are made law?
Elizabeth Denham: We have seen some of the draft codes of practice, and we have been making comments, but I think it would be preferable for Parliament to review all the codes of practice so that they can see and discuss the entire framework before the passage of the Bill. The codes are an important part of the framework.
Q To follow up on that, do you believe that we ought to see the draft codes of practice prior to consideration of these parts of the Bill in Committee?
Elizabeth Denham: That is my view, yes.
Q In your first speech as Information Commissioner you made much of the need for businesses to establish trust in relation to data sharing, with which I obviously completely agree. Do you think this Bill could have done more to put safeguards around data sharing in the commercial space?
Elizabeth Denham: Again, I think that trust and transparency go hand in hand. Part 5 is about Government data sharing and sharing with Government providers, so the focus there needs to be on transparency and trust. All Governments are really struggling with this issue, especially in the face of new technologies. How can you make transparency easy and understandable? We have just issued a privacy notice code of practice, which we introduced last Friday. What would help this Bill is if there was a reference to following our privacy notice code of practice, which again is across the public and the private sector and would lend more trust among the public.
Q The UK is one of the most advanced digital economies in the world, yet we heard from witnesses on Tuesday that, in terms of Government data sharing, we are well behind the curve, well behind other countries—that is partly because they are probably more focused on the opportunities. Does this Bill, in your experience, bring us more in line with the best practice you are seeing in other countries?
Elizabeth Denham: I think the approach that the UK is taking in this Bill is a responsible approach. My recommendations are to up the safeguards and improve the transparency. Breaking down the data sharing by type, function and purpose of data is a good way forward. There are some draconian data-sharing regimes in other parts of the world, which are concerning to data protection commissioners. I generally think that the approach here is right, but there could still be some strengthening of the Bill. That would go a long way to assuring more public trust and therefore more buy-in and participation in the digital economy and digital services.