PL&B joins a group to advise the House of Lords on the UK’s Data Protection Bill
On 31 October, Stewart Dresner, PL&B’s Chief Executive, joined a small group of data protection law specialists to advise peers, led by Lord Tim Clement-Jones, on the Data Protection Bill. He is the peer leading the Upper Chamber in the Committee Stage, the line-by-line review of the Bill. He was joined at the meeting by peers including Lord Tom McNally, former Justice Minister; and Baroness Sarah Ludford, a former Member of the European Parliament who worked on the EU Data Protection Regulation.
Clement-Jones explained that the first day of the Committee stage was on 30 October when it had reached clause 15 on “Power to make further exemptions etc by regulations”. The Committee had heard evidence from civil society groups, financial services, the insurance industry (but not the British Bankers Association), and the tech sector.
Stewart Dresner presented views of Privacy Laws & Business clients. He proposed adding the EU Data Protection Regulation (GDPR) in its entirety as an Appendix to the Data Protection Bill. This amendment would make it clear that the Data Protection Bill is a measure to implement the GDPR which the government will implement regardless of Brexit, and it means that the link between the two will be clear, especially if there is a reference to the specific GDPR article in each clause of the Data Protection Bill. Clement-Jones accepted that this would be a good and useful idea but was uncertain whether the Government would allow such a step. The rationale is apparently that incorporating the GDPR into the UK’s new Data Protection Act would cause opposition from MPs favouring Brexit. He asked his staff to investigate whether it would be possible to adopt this proposal.
Dresner’s second point, regarding clause 28, was that local authorities should be specified in Schedule 7 as being permitted to process personal data for law enforcement purposes. Baroness Sally Hamwee questioned the need for this step as clause 28 (1) states that a “competent authority” means “any other person if and to the extent that the person has “statutory functions for any of the law enforcement purposes.” He responded that as many authorities were specified in Schedule 7, so should local authorities.
Points made by others in the group included permitting biometric data for identification purposes on the basis of a legitimate interest and that consent should not be required for this purpose, and applying “substantial public interest” to the processing of personal data for Anti Money Laundering purposes.
It was thought that the language in the Government’s Explanatory Notes was much easier to understand than the complex language in the Data Protection Bill and should be used wherever possible.
The meeting was convened by former Member of Parliament, Parmjit Singh Gill, who is currently the Information Assurance Services Manager at the University of Leicester. He asked about the Committee’s timetable. Clement-Jones said that he expected the Committee stage to continue probably until January. There would then be a two week interval until the Report stage. On this basis, the Bill would pass to the House of Commons in February.
Further information about the House of Lords work on the Data Protection Bill is at https://www.parliament.uk/business/news/2017/october/lords-debates-data-protection-bill/
A longer version of this e-news will be published in the November edition of PL&B UK Report. www.privacylaws.com/Publications/uk/