Data Protection and Digital Information Bill
Debate between John Whittingdale and Layla MoranWednesday 29th November 2023
(5 months ago)
Commons ChamberRead Full debate Data Protection and Digital Information Bill 2022-23 View all Data Protection and Digital Information Bill 2022-23 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Consideration of Bill Amendments as at 29 November 2023 - large print - (29 Nov 2023)
Layla Moran (Oxford West and Abingdon) (LD)
I am grateful to the Minister for giving way so early. Oxford West and Abingdon has a huge number of spin-offs and scientific businesses that have expressed concern that any material deviation on standards, particularly European Union data adequacy, would entangle them in more red tape, rather than remove it. He says he has spoken to industry leaders. Have he and his Department assessed the risk of any deviation? Is there any associated cost to businesses from any potential deviation? Who is going to bear that cost?
Sir John Whittingdale
I share the hon. Lady’s appreciation of the importance of data adequacy with the European Union. It is not the case that we have to replicate every aspect of GDPR to be assessed as adequate by the European Union for the purposes of data exchange. Indeed, a number of other countries have data adequacy, even though they do not have precisely the same framework of data protection legislation.
In drawing up the measures in the Bill, we have been very clear that we do not wish to put data adequacy at risk, and we are confident that nothing in the Bill does so. That is not only my view; it is the view of the expert witnesses who gave evidence in Committee. It is also the view of the Information Commissioner, who has been closely involved in all the measures before us today. I recognise the concern, but I do not believe it has any grounds.
Layla Moran
The Minister says, “We do not wish”. Is that a guarantee from the Dispatch Box that there will be absolutely no deviation that causes a material difference for businesses on EU data adequacy? Can he give that guarantee?
Sir John Whittingdale
I can guarantee that there is nothing in the Government’s proposals that we believe puts data adequacy at risk. That is not just our view; it is the view of all those we have consulted, including the Information Commissioner. He was previously the information commissioner in New Zealand, which has its own data protection laws but is, nevertheless, recognised as adequate by the EU. He is very familiar with the process required to achieve and keep data adequacy, and it is his view, as well as ours, that the Bill achieves that objective.
We believe the Government amendments will strengthen the fundamental elements of the Bill and reflect the Government’s commitment to unleashing the power of data across our economy and society. I have already thanked all the external stakeholders who have worked with us to ensure that the Bill functions at its best. Taken together, we believe these amendments will benefit the economy by £10.6 billion over the next 10 years. That is more than double the estimated impact of the Bill when it was introduced in the spring.
Sir John Whittingdale
I am happy to look at that, as the hon. Gentleman suggests. I hope the changes we are making to the Bill will provide greater legal certainty for MPs and others who undertake the processing of personal data for the purposes of democratic engagement.
The Bill starts and ends with reducing burdens on businesses and, above all, on small businesses, which account for over 99% of UK firms. In the future, organisations will need to keep records of their processing activities only when those activities are likely to result in a high risk to individuals. Some organisations have queried whether that means they will have to keep records in relation to all their activities if only some of their processing activities are high risk. That is not the Government’s intention. To maximise the benefits to business and other organisations, the amendments make it absolutely clear that organisations have to keep records only in relation to their high-risk processing activities.
The Online Safety Act 2023 took crucial steps to shield our children, and it is also important that we support grieving families who are seeking answers after tragic events where a child has taken their own life, by removing obstacles to accessing social media information that could be relevant to the coroner’s investigations.
Layla Moran
We welcome such measures, but is the Minister aware of the case of Breck Bednar, who was groomed and then murdered? His family is campaigning not just for new clause 35 but for measures that go further. In that case, the coroner would have wanted access to Breck’s online life but, as it currently stands, new clause 35 does not provide what the family needs without a change to widen the scope of the amendment to the Online Safety Act. Will the Minister look at that? I think it will just require a tweak in some of the wording.
Sir John Whittingdale
I understand the concerns of the hon. Lady. We want to do all that we can to support the bereaved parents of children who have lost their lives. As it stands, the amendment will require Ofcom, following notification from a coroner, to issue information notices to specified providers of online services, requiring them to hold data they may have relating to a deceased child’s use of online services, in circumstances where the coroner suspects the child has taken their own life, which could later be required by a coroner as relevant to an inquest.
We will continue to work with bereaved families and Members of the other place who have raised concerns. During the passage of the Online Safety Act, my noble colleague Lord Parkinson of Whitley Bay made it clear that we are aware of the importance of data preservation to bereaved parents, coroners and others involved in investigations. It is very important that we get this right. I hear what the hon. Lady says and give her an assurance that we will continue to work across Government, with the Ministry of Justice and others, in ensuring that we do so.
The hon. Member for Rhondda made reference to proposed new schedule 1, relating to improving our ability to identify and tackle fraud in the welfare system. I am grateful for the support of the Minister for Disabled People, Health and Work, my hon. Friend the Member for Corby (Tom Pursglove). In 2022-23, the Department for Work and Pensions overpaid £8.3 billion in fraud and error. A major area of loss is the under-declaration of financial assets, which we cannot currently tackle through existing powers. Given the need to address the scale of fraud and error in the welfare system, we need to modernise and strengthen the legal framework, to allow the Department for Work and Pensions to keep pace with change and stand up to future fraud challenges.
As I indicated earlier, the fraud plan, published in 2022, contains a provision outlining the DWP’s intention to bring forward new powers that would boost access to data held by third parties. The amendment will enable the DWP to access data held by third parties at scale where the information signals potential fraud or error. That will allow the DWP to detect fraud and error more proactively and protect taxpayers’ money from falling into the hands of fraudsters.