Lord Lester of Herne Hill (LD)

- Hansard -

Copy Link

- - Excerpts

My Lords, one of my many character defects is party loyalty. That has led me in the past even to vote against my own amendment, which I will never do again. Today, I have the misfortune to disagree with my party. I will explain briefly why I cannot possibly support the original amendment, which is constitutionally illiterate, or the attempt to rescue it in the manuscript amendment.

The Minister has rightly put on the front page of the Bill his opinion that the Bill is compatible with the convention rights. Those rights include the right to free speech in Article 10 and the right to respect for privacy in Article 8. The Minister could certify in that way because the Bill rightly carries forward from the previous Act journalists’ rights—for example, to protect their sources—which you can find buried away in Schedule 2(5). The Minister was able to do that because we have the Human Rights Act, which requires him to do so, and the European convention, which strikes a balance between free speech and privacy.

I do not understand what on earth the charter has to do with that. As the noble Lord, Lord Faulks, rightly explained in the better part of his speech—the first part—the charter is there as a shield against the abuse of power by EU institutions. Maybe he did not say that, but he would like to have done, I am sure. It is not intended to be a source of rights in parallel with the European convention. The amendment in its original form, and its amended form, seeks to give legal force to one bit of the charter. It squints. It looks at Article 8 of the charter on privacy and data protection, but it does not look at the other bit of the charter that deals with free speech. Then, because it is obvious that the original version was constitutionally illiterate, the manuscript amendment seeks to repair that by saying that it is subject to the exceptions and derogations in the Bill. That is not good enough because it then seeks to give fundamental importance to the right of data protection, as though it were in the Human Rights Act and the European convention, and then it completely fails to explain how on earth any court is meant to reconcile the amendment, if it became law, or the amended amendment, if that became law, with what we already have in the European convention.

I agree with every word of my noble friend Lord Pannick’s speech, and I agree with the first part of the speech by the noble Lord, Lord Faulks. I am afraid I cannot possibly support this amendment. I very much hope that it will be a probe and nothing more at this stage. We are at the beginning of Committee stage. We need to think about some of these issues carefully. If we were now to divide the House and vote to incorporate either version, we would be doing an injustice to the arguments and intelligence of the House.

When I first joined the House, I remember Lord Alexander of Weedon saying to me, “Anthony, you must remember that the House of Lords is not a Court of Appeal; it is essentially a jury”. He was right about that. Most noble Lords, including me, will have understood only half of what was said in some of the original speeches. What is surely clear is that we would be failing in our duty today if we were to amend the very beginning of the Bill at this stage, rather than consider it properly and come back to it at Report.

Lord Goldsmith (Lab)

- Hansard -

Copy Link

- - Excerpts

The amendment raises an important question of principle, and one which this House will have to consider further when we scrutinise the European Union (Withdrawal) Bill. One reason why the charter was brought into being was to give visibility to rights which existed elsewhere. As at least some noble Lords will know, I speak with some experience, having spent a number of months involved in the negotiation and conclusion of the European Charter of Fundamental Rights. It was a key aim behind the decision of the European Council at Tampere and Cologne to bring together a group of people to set out in the charter the rights which would affect them, largely in their relations with the EU institutions.

I emphasise the word “visibility”, because the point just made by the noble Lord, Lord Lester, about laypeople not understanding what lawyers say is all too familiar to those of us who are lawyers. It is a very good reason why we should attempt, when we are saying things which are important, to say them in a way which is clear and comprehensible. Both amendments—I shall come to the difference between them as I see it—start by saying that we all have the right to protection of personal data concerning ourselves. That is a very important principle, and one which is very reassuring, whatever the exceptions, derogations and limitations on it may be. That is what the charter sought to do: to make these things clear to everybody.

What are the objections to the amendments? The first is that they do not allow for the exceptions and reservations which apply. The noble Lord, Lord Pannick, referred to the provisions of the charter, which state that all of the rights in the charter, with almost no exception—although there are one or two—can be subject to exceptions and limitations. I agree with the noble Lord about that; that is the position taken in the charter, and rightly so. There is a balance between different rights of different people and of different rights between the citizen and the state.

That is what I understand that Amendment 4A is intended to correct, by making it clear that the general statement of principle, which I still believe is important, is none the less subject to certain exceptions and derogations set out in the Bill. The Bill in Clause 13 and the regulation-making power under Clause 14 provide for the ability to make exceptions, reservations and derogations. I sympathise with the noble Lord, Lord Pannick, when he says that he is not sure, in the time available, whether this will achieve the objective of turning something which he was concerned appeared to be too absolute into something which works. There are ways to deal with that and ensure that further time is available or—this is not for me to say—if my noble friend Lord Stevenson moves the amendment and it is passed, it can be corrected afterwards. But that is a point of timing, albeit an important detail. With respect, it appears to me that what matters is for us to give a clear statement that this principle of data protection applies to all of us.

It is then asked, “Well, what about other provisions in the charter?”. No doubt that is a debate that we will have when we come to the withdrawal Bill. Will those other provisions also be allowed to stand? That will be a matter for this House and the other place when the Government bring forward that Bill. However, there is a need for visibility and for reassurance to all that there will still be a principle of data protection that we will uphold. For that reason, while it is apparent from what I have said that my preference is for Amendment 4A as opposed to Amendment 4, I think that that amendment ought to receive the support of this House.

Lord Stevenson of Balmacara

- Hansard -

Copy Link

- - Excerpts

As a Scot I can hardly complain, and I am always bewildered, too—not only about this but about many other things. Our Amendment 17 in this group is also one of bewilderment. Clause 8 is headed:

“Child’s consent in relation to information society services”,


and refers to “preventive or counselling services” not being included. This goes back to an earlier amendment, when we established that these references are actually recitals and not part of the substantive GDPR, so we are back in what is not normative language and issues that we cannot possibly talk about in relation to the wider context because we are talking about the law that will apply.

There are three points that need to be made and I would be grateful if the noble Lord would either respond today or write to me about them. The first is to be clear that the reference to “information society services”, which is defined, has nothing in it that would suggest that it is a problem in relation to the lack of inclusion of preventive or counselling services. The answer is probably a straightforward yes. Secondly, what are the preventive or counselling services that we are talking about? I think the context is that these are meant to exclude any data processing relating to a data subject if the data subject concerned—with parental consent if the subject is younger than 13 and on their own if they are older than 13—who is taking a form of counselling that may be related to health or sexual issues would not be allowed to be included. Is my understanding of that right? I am sure that it is.

Thirdly, could we have a better definition of preventive or counselling services because those are very wide-ranging terms? Yes, they come from a recital and perhaps in that sense they can be tracked back to earlier discussions around the formation of the GDPR, but they have to be applied in this country to situations in real life. I am not sure what a preventive service is and I should like to have it explained. Counselling services I probably do get, but do they include face-to-face counselling or is this about only online counselling services? Is it the same if the child is being accompanied by a parent or guardian? There are other issues that come into this and there is a need for clarity on the point.

While I am on my feet I should like to respond to the amendment moved by the noble Baroness, Lady Howe, who has campaigned long and hard on these issues. We would be bereft if she did not enter into this Bill with all its implications for children, given the wisdom and experience that she brings to the table. The point she makes is one of simple clarity. There is a need to be very careful about the evidence gathering on this issue and it is probably not appropriate for it to be left to Ministers in regulations. There needs to be a wider discussion and debate on the matter, perhaps involving the Children’s Commissioner and other persons with expertise. She has made her point very well and I should like to support it.

Lord Stevenson of Balmacara

- Hansard -

Copy Link

- - Excerpts

I thank your Lordships.

Amendment 108B would prevent regulations under this section being used to amend, repeal or revoke the GDPR after Brexit. This may seem a rather tough charge to lay at the Government’s door. However, concerns about adequacy after Brexit will be so important that it may be in the Government’s best interest to ensure that the Bill contains no hint that the GDPR after Brexit, which will be the responsibility of this Parliament and this Parliament alone, could be amended simply by secondary legislation. If the Government follow this argument they will see that it has a symmetry behind it that encourages the approach taken here, in that when we are a third party and need to rely on an adequacy agreement the GDPR will be seen to be especially ring-fenced.

I will also speak to the other amendments in this group, two of which come from recommendations on delegated legislation made by your Lordships’ House. Amendment 110B is about replacing the current requirement for a negative procedure with a requirement for an affirmative one. In order to explain that, it is probably best if I quote from the report itself. The DPRRC took the view that the framework for the transfer of personal data to third countries should be provided on a test greater than just simply the negative procedure. This is a major issue. One possible example is if the Government were to use the argument that it was in the public interest to transfer bulk personal data held by a UK government department to the agencies of a foreign power—a remote possibility, I know. That would be of interest to the House and probably would need to be debated. The recommendation is that a change should be made from a negative to an affirmative procedure, and that is what this amendment seeks to do.

In a similar vein, the proposal to delete Clause 21 comes from the DPRRC report. The report says that the committee was,

“puzzled by the inclusion of … a suite of delegated powers … to provide by regulations for various exemptions and derogations from the obligations and rights contained in the GDPR which, as noted above, may … be exercised in respect of ‘the applied GDPR’. The memorandum fails to explain why those powers are considered inadequate, or why the Government might need to have recourse to the distinct powers in section 2(2) of the 1972 Act—which allows Ministers to make regulations”,

around EU obligations. The point is that there will be a period after Royal Assent to the Bill and when the country leaves—if it does—the EU in which it is possible that the Government will wish to make regulations. The committee assumes that this clause has been included just in case the Government decide that these powers are required. But the committee goes on to say:

“We consider it unsatisfactory that the Government should seek to take this widely drafted power without explaining properly what it might be used for”.


I therefore call on the Government to do so if it is appropriate at this time.

The final two amendments in the group, Amendments 180A and 180B, play to the same issue: that the powers, however they are finally settled, will still be wide ranging and grant the Government of the day a considerable amount of power to introduce rules by secondary legislation. In a sense, that is inevitable given the way that things are going, and we are not attacking the main principle. The question is around what safeguards would be appropriate. On these powers we think it would be appropriate for the Government to consult not only the commissioner, for which there is a provision, but the data subjects affected by the regulations. This is not a power that is currently there and we recommend that the Government consider it. I beg to move.

Lord Paddick (LD)

- Hansard -

Copy Link

- - Excerpts

My Lords, I will briefly comment on Amendment 108B. Taking up the position of the noble Lord, Lord Arbuthnot of Edrom, is it not the case that if we leave the European Union, the GDPR will then become, by means of the repeal Bill, part of UK law and therefore could be changed, which is why the amendment makes sense?

However, while I agree with the argument of the noble Lord, Lord Stevenson of Balmacara, that if parts of the GDPR were amended, repealed or revoked after we have left the EU, this may affect the adequacy decision of the European Union. Presumably, if the European Union makes changes to the GDPR it would be advantageous for the Government to be able to respond quickly by means of secondary legislation to those changes to ensure that we can continue to have adequacy—that is, when the change is on the EU side rather than on the UK side. Perhaps the Minister will clarify that.

Baroness Hamwee

- Hansard -

Copy Link

- - Excerpts

My Lords, I speak also to the other amendments in this group. All these amendments are suggested by the Bar Council and stand in my name and those of the noble Lord, Lord Arbuthnot of Edrom, and the noble Baroness, Lady Neville-Rolfe. All concern legal professional privilege, a subject which the Committee and the House have frequently debated. I know I do not need to stress its importance or remind noble Lords—but obviously, I am just about to—that the confidentiality and privilege are those of the client, not the lawyer.

The Bar Council comments that the powers of the commissioner to have access to the information and systems of data controllers should be limited where the data controller is a legal professional or anyone subject to the requirements of client confidentiality and legal professional privilege. It reminded us that there are exceptions in the 1998 Act which deal with this. Legal professional privilege cannot be waived by the lawyer but is subject to contractual or other legal restrictions. In the clauses in question, legal professional privilege seems to be overridden in circumstances where the commissioner considers that she needs to look at the data to perform her functions. Clause 128(1) refers to use or disclosure,

“only so far as necessary for carrying out those functions”—

that is, the commissioner’s functions. I suggest that this is inappropriate given the provisions elsewhere in the Bill which we now seek to amend.

Amendments 161A, 161B, 161C and 161D deal with confidential legal materials which it is proposed should be inserted and covered. These are defined in the last of these four amendments as “materials brought into being”, as distinct from documents which are communicated between an adviser and a client, and thus would be wider, and include materials brought into being,

“for the purpose of establishing, exercising or defending legal rights”,

which is wider than the Bill provides.

The Bill does not contain directions as to the purpose of the guidance on protection of privileged material. Amendment 161C would give a direction to the commissioner as to the purpose. Amendments 162A, 162B, 163ZA and 163ZB would again extend the protection. Clauses 138 and 141 are limited to documents that relate to data protection legislation. These amendments would widen the protection to all documents protected by legal professional privilege.

Clause 138(5) does not cover the right of self-incrimination of other persons, such as the client of a legal representative or a family member of a client, who would not be entitled to rely on privilege. Amendment 162C would widen the class of persons to others. Since the client may well be seeking advice or representation in relation to a matter which might incriminate him, the Bar Council asks us to point out that this is particularly important.

Amendment 163B reflects provisions in Clause 138, on information notices, and in Clause 141, on assessment notices, and extends the restrictions to enforcement notices. The clauses I have mentioned provide that a person is not required to give the commissioner privileged material—I beg your Lordships’ pardon; a bracket has been opened and I am seeking where it closes—in response to such a notice. As I say, this would extend that restriction to enforcement notices.

Finally, on Amendment 164B, professionals may be restricted in providing information to the commissioner in respect of their processing, because of privilege or an obligation of confidentiality, compliance with the Bar code of conduct, or rules or orders of the court. The Bar Council wishes the Committee to be aware that a barrister,

“may wish to disclose information in mitigation or explanation for a breach of the GDPR provisions, but be unable to do so because disclosure would place”,

counsel,

“in breach of professional conduct rules or other confidentiality obligations, or in breach of data protection obligations because it is not possible to obtain consent for”,

the processing.

Compliance with the profession’s rules might have the result of exposing a barrister to a higher penalty to be imposed by the commissioner as a result of that inability, which does not seem fair. The amendment would provide that circumstances of this kind may be taken into account by the commissioner when assessing the penalty by adding a paragraph to the mitigating circumstances in the list. As the Bar Council points out, none of these points would prevent the commissioner effectively carrying out her duties. Even if she were,

“prevented from seeing privileged and confidential material, this … would be a justified and necessary consequence of … proper weight being given to the citizen’s fundamental right to consult a lawyer and to maintain the confidentiality”.

However, if unamended, there could be a conflict between the legal regulators and the commissioner. I beg to move.