Data Protection Bill [HL]
Debate between Viscount Hailsham and Lord Clement-JonesWednesday 10th January 2018
(6 years, 4 months ago)
Lords ChamberRead Full debate Data Protection Act 2018 View all Data Protection Act 2018 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 74-III Third marshalled list for Report (PDF, 153KB) - (8 Jan 2018)
Viscount Hailsham (Con)
My Lords, I have only two brief observations to make, one supportive and one otherwise. My supportive observation is that I am very much in favour of the use of the affirmative resolution procedure for the approval of regulations, rather than the negative one. I add in parenthesis that I have always believed that we in Parliament should be able to amend under the affirmative resolution procedure. When we come to the European Bill, that will be particularly important, but that is for another day.
Where I disagree with the noble Lord is on his proposal that the commissioner should be responsible for preparing the document. That seems to me essentially a matter for the Secretary of State, because of the principle of ministerial responsibility. Ministers can be questioned and quizzed in a way which is utterly impossible for Parliament to do with the commissioner. There is also a small technical point. If a Minister has to come to Parliament—for example, under an affirmative resolution procedure—to argue in favour of regulations which he or she has not made, but which have, rather, been made by the commissioner, that could be at least a trifle embarrassing.
Lord Clement-Jones
My Lords, I hear what the noble Viscount said about the amendment, but the problem is that even the affirmative resolution procedure is not necessarily a good way to test the framework. The noble Lord, Lord Stevenson, was unusually kind about the Government’s framework. As he said, the Secretary of State can produce a framework that applies data protection to his own department; ignore what the Information Commissioner says about the framework; lay his own framework for Parliament through the negative procedure—I take the noble Viscount’s point about the affirmative procedure—which means it is very unlikely to get much scrutiny; and raise barriers against the ICO’s enforcement mechanism. He can then, as part and parcel of the framework, extend or introduce frameworks to include any other public sector body. Frankly, the Secretary of State can pretty much do what he or she wants. We should not be saying that the framework is essentially like a statutory code of practice; it is a very different animal.
This is our first debate on the architecture that the Government have imposed. In Committee the Minister produced a whole raft of amendments introducing the framework and we did not have a chance to scrutinise it properly. The Information Commissioner is not very happy with this architecture either. That is utterly clear. It is not just opposition parties or organisations such as medConfidential that are unhappy. The ICO has stated:
“The Commissioner understands the needs for government departments and public bodies to be clear about the legal basis for undertaking the functions and this is particularly true when processing personal data. However the provisions as drafted appear to go beyond this limited ambition and create different risks that must also be considered. She has made clear her concerns to government and these are set out below”.
I should very much like to hear what sort of dialogue the Government have had with the ICO because, frankly, at the moment they seem to be overriding any powers or involvement that she has in this framework. I am afraid that I am raising the temperature slightly at this time of night, but the framework for government data protection is not in fact data protection at all.