Data Protection and Digital Information Bill Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
David Davis
Main Page: David Davis (Conservative - Haltemprice and Howden)Department Debates - View all David Davis's debates with the Department for Digital, Culture, Media & Sport
Data Protection and Digital Information Bill
David Davis ExcerptsWednesday 29th November 2023
(5 months ago)
Commons ChamberRead Full debate Data Protection and Digital Information Bill 2022-23 Read Hansard Text Watch Debate Read Debate Ministerial Extracts Amendment Paper: Consideration of Bill Amendments as at 29 November 2023 - large print - (29 Nov 2023)
Sir John Whittingdale
I can tell the hon. Gentleman that it is not the case that the DWP intends to focus on the state pension—and that is confirmed by my hon. Friend the Member for Corby. This is specifically about ensuring that means-related benefit claimants are eligible for the benefits for which they are currently claiming. In doing that, the identification and the avoidance of fraud will save the taxpayer a considerable amount of money.
Mr David Davis (Haltemprice and Howden) (Con)
I think everybody in the House understands the importance of getting this right. We all want to stop fraud in the state system. That being said, this is the only time that I am aware of where the state seeks the right to put people under surveillance without prior suspicion, and therefore such a power has to be restricted very carefully indeed. As we are not going to have time to debate this properly today, is my right hon. Friend open to having further discussion on this issue when the Bill goes to the Lords, so that we can seek further restrictions? I do not mean to undermine the effectiveness of the action; I just want to make it more targeted.
Sir John Whittingdale
I am very grateful to my right hon. Friend for his contribution, and I share his principled concern that the powers of the state should be limited to those that are absolutely necessary. Those who are in receipt of benefits funded by the taxpayer have an obligation to meet the terms of those benefits, and this provision is one way of ensuring that they do so. My hon. Friend the Member for Corby has already said that he would be very happy to discuss this matter with my right hon. Friend further, and I am happy to do the same if that is helpful to him.
Sir Chris Bryant
He does not—great.
Finally, new schedule 1 would grant the Secretary of State the power to require banks or other financial institutions to provide the bank account data—unspecified—of any recipient of benefits to identify
“cases which merit further consideration to establish whether relevant benefits are being paid or have been paid in accordance with the enactments and rules of law relating to those benefits.”
It is a very broad and, I would argue, poorly delineated power. My understanding from the Commons Library, although I note that the Minister was unable to answer the question properly, is that it includes the bank accounts of anyone in the UK in receipt, or having been in receipt, of state pension, universal credit, working tax credit, child tax credit, child benefit, pension credit, jobseeker’s allowance or personal independence payment.
The Minister says that the Government do not intend to go down some of those routes at the moment, but why, in that case, are they seeking that power? They could have come to us with a much more tightly written piece of legislation, and we would have been able to help them draft it properly. The proposed new schedule would mean that millions of bank accounts could be trawled without the Department for Work and Pensions, as the right hon. Member for Haltemprice and Howden (Mr Davis) referred to, even suspecting anything untoward before it asked for the information. The 19-page new schedule, which was tabled on the last day for consideration, would grant powers to the Government without our having any opportunity to scrutinise it line by line, assess its implications or hear evidence from expert witnesses.
We should of course be tackling fraud. The Government have completely lost control of fraud in recent years, with benefit fraud and error skyrocketing to £8.3 billion in the last financial year. The Minister seemed to think that it was a good thing that he could cite that figure. The year before, it was even higher—a record £8.7 billion. On the Conservative party’s watch, the percentage of benefit expenditure lost to fraud has more than trebled since Labour was last in power.
Let me be absolutely clear: Labour will pursue the fraudsters, the conmen and the claimants who try to take money from the public purse fraudulently or illegally. That includes those who have defrauded the taxpayer over personal protective equipment contracts, or have not declared their full income to His Majesty’s Revenue and Customs. My constituents in the Rhondda know that defrauding the taxpayer is one of the worst forms of theft. It is theft from all of us. It undermines confidence in the system that so many rely on. It angers people when they abide by the rules and they see others swinging the lead and getting away with it.
I back 100% any attempt to tackle fraud in the system, and we will work with the Government to get the legislation right, but this is not the way to do it, because it is not proper scrutiny. The Minister with responsibility for this matter, the Minister for Disabled People, Health and Work, who is present in the Chamber, is not even speaking in the debate. The Government are asking us to take a lot on trust, as we saw from the questions put earlier to the Minister for Data and Digital Infrastructure, so I have some more questions for him that I hope he will be able to answer.
As I understand it, the Government did a test project on this in 2017—all of six years ago—so what on earth have they been doing all this while? When was the new schedule first drafted, and why did the Minister not mention it in the discussions that he and I had two weeks ago? How many bank accounts does it potentially apply to? The Government already have powers to seek bank details where they suspect fraud, so precisely how will the new power be used? I have been told that the Government will not use the power until 2027. Is that right? If so, how on earth did they come to the figure of a £600 million saving—that was the figure that they gave yesterday, but I note that the Minister said £500 million earlier—in the first five years?
What will the cost be to the banks and financial institutions? What kind of information will the Government seek? Will it include details of where people have shopped, banked or travelled, or what they have spent their money on? The Government say that they will introduce a set of criteria specifying the power. When will that be introduced, how wide in scope will it be, what assessments will accompany it, and will it be subject to parliamentary scrutiny?
There is clearly significant potential to use data to identify fraud and error. That is something that Labour is determined to do, but it is vital that new measures are used fairly and proportionately. The Department for Work and Pensions says that its ability to test for unfair impacts across protected characteristics is limited, and the National Audit Office has also warned that machine learning risks bias towards certain vulnerable people or groups with protected characteristics. Without proper safeguards in place, the changes could have significant adverse effects on the most vulnerable people in society.
On behalf of the whole Labour party, I reiterate the offer that I made to the Government yesterday. We need to get this right. We will work with Ministers to get it right, and I very much hope that we can organise meetings after today, if the Bill passes, to ensure that the debates in the Lords are well informed and that we get to a much better understanding of what the Government intend and how we can get this right. If we get it wrong, we will undermine trust in the whole data system and in Government.
Broadly speaking, Labour supports the changes in the Bill that give greater clarity and flexibility to researchers, tech platforms and public service providers, with common-sense changes to data protection where it is overly rigid, but the Government do not need to water down essential protections for data subjects to do that. Our amendments set out clearly where we diverge from the Government and how Labour would do things differently.
By maintaining subject access request protections, establishing a definition of high-risk processing on the face of the Bill, and defending the public from automated decision making that encroaches too significantly on people’s lives, a Bill with Labour’s amendments would unlock the new potential for data that improves public services, protects workers from data power imbalances and delivers cutting-edge scientific research, while also building trust for consumers and citizens. That is the data protection regime the UK needs and that is the protection a Labour Government would have delivered.
Mr David Davis
Before I speak to my new clause, I want to address one or two of the things that the Opposition spokesman, the hon. Member for Rhondda (Sir Chris Bryant), just raised. By not accepting his motion to recommit the Bill to a Committee, we have in effect delegated large parts of the work on this important Bill to the House of Lords. I say directly to the Whip on the Treasury Bench that, when the Bill comes back to the Commons in ping-pong, I recommend that the Whips Office allows considerable time for us to debate the changes that the Lords makes. At the end of the day, this House is responsible to our constituents and these issues will have a direct impact on them, so we ought to have a strong say over what is done with respect to this Bill.
New clause 43 in my name is entitled “Right to use non-digital verification services”. Digitisation has had tremendous benefits for society. Administrative tasks that once took weeks or even years can now be done in seconds, thanks to technology, but that technology has come with considerable risks as well as problems of access. The internet is an equaliser in many ways; I can access websites and services in East Yorkshire in the same way that we do here. I can send and receive money, contact friends and family, organise families, do work, and do all sorts of other things that we could not once do.
However, the reality is more nuanced. Some people lack the technological literacy or simply the hardware to get online and make the most of what is out there—think of elderly people, the homeless and those living on the breadline. As with many things, those groups risk being left behind by the onward march of technology through no fault of their own. Indeed, some people do not want to go fully online. Many people who are perfectly au fait with the latest gadgets are none the less deeply concerned about the security of their data, and who can blame them?
My bank account has been accessed from Israel in the past. My online emails have been broken into during political battles of one sort or another. These things are risky. I hope nobody in the Chamber has forgotten the Edward Snowden revelations about the National Security Agency and GCHQ, which revealed a vast network of covert surveillance and data gathering by Government agencies from ordinary online activity, and the sharing of private information without consent. More recently, we have heard how Government agencies monitored people’s social media posts during the pandemic, and data trading by private companies is an enormous and lucrative industry.
What is more, as time passes and the rise of artificial intelligence takes hold, the ability to make use of central databases is becoming formidable. It is beyond imagination, so people are properly cautious about what data they share and how they share it. For some people—this is where the issue is directly relevant to this Bill—that caution will mean avoiding the use of digital identity verification, and for others that digital verification is simply inaccessible. The Bill therefore creates two serious problems by its underlying assumptions.
Already it is becoming extremely difficult for people to live anything approaching a normal life if they are not fully wired into the online network. If they cannot even verify who they are without that access, what are they supposed to do? That is why I want to create a right to offline verification and, in effect, offline identification. We saw earlier this year what can happen when someone is excluded from basic services, with the planned closure of Nigel Farage’s bank account. That case was not related to identification, but it made clear how much of an impact such exclusion can have on someone’s life. Those who cannot or do not wish to verify their identity digitally could end up in the same position as Farage and many others who have seen their access to banking restricted for unfair reasons.
The rise of online banking, although a great convenience for many, must not mean certain others being left out. We are talking about fairly fundamental rights here. Those people who, by inclination or otherwise, find it preferable or easier to stick to old-fashioned ways must not be excluded from society. My amendment would require that all services requiring identity verification offer a non-digital alternative, ensuring that everyone, regardless of who they are, will have the same access.