Session 2016-17
Internet Publications
Other Bills before Parliament


 
 

1

 

House of Commons

 
 

Notices of Amendments

 

given up to and including

 

Tuesday 15 November 2016

 

New Amendments handed in are marked thus Parliamentary Star

 

Parliamentary Star - whiteAmendments which will comply with the required notice period at their next appearance

 

Amendments tabled since the last publication: 2

 

Consideration of Bill (Report Stage)


 

Digital Economy Bill, As Amended


 

Note

 

This document includes all amendments tabled to date and includes any

 

withdrawn amendments at the end. The amendments have been arranged in the

 

order in which they relate to the Bill.

 


 

New Clauses

 

Claire Perry

 

Mr David Burrowes

 

Fiona Bruce

 

Derek Thomas

 

Jeremy Lefroy

 

Caroline Ansell

Heidi Allen

Andrew Selous

Mr Iain Duncan Smith

Mrs Maria Miller

Fiona Mactaggart

Mark Durkan

Sir Jeffrey M. Donaldson

Calum Kerr

Sammy Wilson

Mr Philip Hollobone

Sir Gerald Howarth

Tom Elliott

Danny Kinahan

Jim Shannon

 

NC1

 

To move the following Clause—


 
 

Notices of Amendments: 15 November 2016                  

2

 

Digital Economy Bill, continued

 
 

         

“Power to require the blocking of access to pornographic material by internet

 

service providers

 

(1)    

Where the age-verification regulator determines that a person has made

 

pornographic material available on a commercial basis on the internet to persons

 

in the United Kingdom—

 

(a)    

in contravention of section 15(1), and

 

(b)    

the person has been the subject of a financial penalty or enforcement

 

notice under section 20 and the contravention has not ceased,

 

    

the age-verification regulator may issue a notice to internet service providers

 

requiring them to prevent access to the pornographic material that is provided by

 

the non-complying person.

 

(2)    

A notice under subsection (1) must—

 

(a)    

identify the non-complying person in such manner as the age verification

 

regulator considers appropriate;

 

(b)    

provide such further particulars as the age-verification regulator

 

considers appropriate.

 

(3)    

When the age-verification regulator gives notice under this section, it must

 

inform the non-complying person, by notice, that it has done so.

 

(4)    

An internet service provider who fails to comply with a requirement imposed by

 

subsection (1) commits an offence, subject to subsection (5).

 

(5)    

No offence is committed under subsection (4) if the internet service provider took

 

all reasonable steps and exercised all due diligence to ensure that the requirement

 

would be complied with.

 

(6)    

An internet service provider guilty of an offence under subsection (4) is liable, on

 

summary conviction, to a fine.

 

(7)    

In this section “internet service provider” has the same meaning as in section

 

124N of the Communications Act 2003 (interpretation).”

 

Member’s explanatory statement

 

This new clause gives a power to the age-verification regulator to require internet service

 

providers to block pornography websites that do not offer age-verification.

 


 

Liz Saville Roberts

 

Jonathan Edwards

 

Hywel Williams

 

NC2

 

To move the following Clause—

 

         

“Code of practice for commercial internet providers on online abuse

 

(1)    

The relevant Minister must issue a code of practice about the responsibilities of

 

commercial internet providers in dealing with online abuse.

 

(2)    

The code of practice must include guidance on—

 

(a)    

how a commercial internet provider shall respond to cases of a person

 

being victim of online abuse on its internet site;

 

(b)    

quality service standards expected of the commercial internet provider in

 

determining, assessing, and responding to cases of online abuse; and

 

(c)    

the setting and enforcement of privacy settings of persons aged 17 or

 

under, where deemed appropriate.

 

(3)    

A commercial internet provider must comply with the code of practice.


 
 

Notices of Amendments: 15 November 2016                  

3

 

Digital Economy Bill, continued

 
 

(4)    

The relevant Minister may from time to time revise and re-issue the code of

 

practice.

 

(5)    

As soon as is reasonably practicable after issuing or reissuing the code of practice

 

the relevant Minister must lay, or arrange for the laying of, a copy of it before—

 

(a)    

Parliament,

 

(b)    

the Scottish Parliament,

 

(c)    

the National Assembly for Wales, and

 

(d)    

 the Northern Ireland Assembly.

 

(6)    

In this section “commercial internet provider” means a person who operates an

 

internet site on a commercial basis.”

 


 

Liz Saville Roberts

 

Jonathan Edwards

 

Hywel Williams

 

NC3

 

To move the following Clause—

 

         

“Safety responsibilities of social media sites

 

(1)    

This section applies to a person who operates an internet site for commercial

 

purposes which requires a user to create a personal account to fully access the

 

internet site.

 

(2)    

A person under subsection (1) must—

 

(a)    

undertake and publish an online safety impact assessment in respect of

 

their account holders,

 

(b)    

inform the police if they become aware of any threat on its internet site

 

to physically harm an individual,

 

(c)    

remove any posts made on its internet site that are deemed to be violent

 

or that could incite violence.”

 


 

Kevin Brennan

 

Louise Haigh

 

NC4

 

To move the following Clause—

 

         

“Offence to use digital ticket purchasing software to purchase excessive

 

number of tickets

 

(1)    

A person commits an offence if he or she utilizes digital ticket purchasing

 

software to purchase tickets over and above the number permitted in the condition

 

of sale.

 

(2)    

A person commits an offence if he or she knowingly resells or offers to resell a

 

ticket that the person knows, or could reasonably suspect, was obtained using

 

digital ticket purchasing software and was acting in the course of a business.

 

(3)    

For the purposes of subsection (2) a person shall be treated as acting in the course

 

of a business if he or she does anything as a result of which he makes a profit or

 

aims to make a profit.


 
 

Notices of Amendments: 15 November 2016                  

4

 

Digital Economy Bill, continued

 
 

(4)    

A person guilty of an offence under this section shall be liable on summary

 

conviction to—

 

(a)    

imprisonment for a period not exceeding 51 weeks,

 

(b)    

a fine not exceeding level 5 on the standard scale, or

 

(c)    

both.

 

(5)    

In this section—

 

(a)    

“digital ticket purchasing software” means any machine, device,

 

computer programme or computer software that, on its own or with

 

human assistance, bypasses security measures or access control systems

 

on a retail ticket purchasing platform that assist in implementing a limit

 

on the number of tickets that can be purchased, to purchase tickets.

 

(b)    

“retail ticket purchasing platform” shall mean a retail ticket purchasing

 

website, application, phone system, or other technology platform used to

 

sell tickets.”

 

(6)    

Subsections (1) and (2) shall apply in respect of anything done whether in the

 

United Kingdom or elsewhere.”

 

Member’s explanatory statement

 

This new clause creates an offence to use digital ticket purchasing software to purchase tickets for

 

an event over and above the number permitted in the condition of sale. It also creates an offence

 

to knowingly resell tickets using such software.

 


 

Louise Haigh

 

Kevin Brennan

 

NC5

 

Parliamentary Star - white    

To move the following Clause—

 

         

“Personal data breaches

 

(1)    

The Data Protection Act 1998 is amended as follows.

 

(2)    

After section 24 insert—

 

“24A  

Personal data breaches: notification to the Commissioner

 

(1)    

In this section, section 24B and section 24C “personal data breach”

 

means unauthorised or unlawful processing of personal data or accidental

 

loss or destruction of, or damage to, personal data.

 

(2)    

Subject to subsections (3), (4)(c) and (4)(d), if a personal data breach

 

occurs, the data controller in respect of the personal data concerned in

 

that breach shall, without undue delay, notify the breach to the

 

Commissioner.

 

(3)    

The notification referred to in subsection (2) is not required to the extent

 

that the personal data concerned in the personal data breach are exempt

 

from the seventh data protection principle.

 

(4)    

The Secretary of State may by regulations—

 

(a)    

prescribe matters which a notification under subsection (2) must

 

contain;

 

(b)    

prescribe the period within which, following detection of a

 

personal data breach, a notification under subsection (2) must be

 

given;


 
 

Notices of Amendments: 15 November 2016                  

5

 

Digital Economy Bill, continued

 
 

(c)    

provide that subsection (2) shall not apply to certain data

 

controllers;

 

(d)    

provide that subsection (2) shall not apply to personal data

 

breaches of a particular description or descriptions.

 

24B    

Personal data breaches: notification to the data subject

 

(1)    

Subject to subsections (2), (3), (4), (6)(b) and (6)(c), if a personal data

 

breach is likely to adversely affect the personal data or privacy of a data

 

subject, the data controller in respect of the personal data concerned in

 

that breach shall also, without undue delay, notify the breach to the data

 

subject concerned, insofar as it is reasonably practicable to do so.

 

(2)    

The notification referred to in subsection (1) is not required to the extent

 

that the personal data concerned in the personal data breach are exempt

 

from the seventh data protection principle.

 

(3)    

The notification referred to in subsection (1) is not required to the extent

 

that the personal data concerned in the personal data breach are exempt

 

from section 7(1).

 

(4)    

The notification referred to in subsection (1) is not required if the data

 

controller has demonstrated, to the satisfaction of the Commissioner—

 

(a)    

that the data controller has implemented appropriate measures

 

which render the data unintelligible to any person who is not

 

authorised to access it; and

 

(b)    

that those measures were applied to the data concerned in that

 

personal data breach.

 

(5)    

If the data controller has not notified the data subject in compliance with

 

subsection (1), the Commissioner may, having considered the likely

 

adverse effects of the personal data breach, require the data controller to

 

do so.

 

(6)    

The Secretary of State may by regulations—

 

(a)    

prescribe matters which a notification under subsection (1) must

 

contain;

 

(b)    

provide that subsection (1) shall not apply to certain data

 

controllers;

 

(c)    

provide that subsection (1) shall not apply to personal data

 

breaches of a particular description or descriptions.

 

24C    

Personal data breaches: audit

 

(1)    

Data controllers shall maintain an inventory of personal data breaches

 

comprising—

 

(a)    

the facts surrounding the breach;

 

(b)    

the effects of that breach; and

 

(c)    

remedial action taken

 

    

which shall be sufficient to enable the Commissioner to verify

 

compliance with the provisions of sections 24A and 24B. The inventory

 

    

shall only include information necessary for this purpose.

 

(2)    

The Commissioner may audit the compliance of data controllers with the

 

provisions of sections 24A, 24B and 24C(1).


 
 

Notices of Amendments: 15 November 2016                  

6

 

Digital Economy Bill, continued

 
 

(3)    

In section 40 (Enforcement notices)—

 

(a)    

in subsection (1)—

 

(i)    

after “data protection principles,” insert “or section 24A,

 

24B or 24C”;

 

(ii)    

for “principle or principles” substitute “principle,

 

principles, section or sections”;

 

(b)    

in subsection 6(a) after “principles” insert “or the section or

 

sections”.

 

(4)    

In section 41 (Cancellation of enforcement notice”)—

 

(a)    

in subsection (1) after “principles” insert “or the section or

 

sections”;

 

(b)    

in subsection (2) after “principles” insert “or the section or

 

sections”.

 

(5)    

In section 41A (Assessment notices)—

 

(a)    

in subsection (1) after “data protection principles” insert “or

 

section 24A, 24B or 24C”;

 

(b)    

in subsection (10)(b) after “data protection principles” insert “or

 

section 24A, 24B or 24C”.

 

(6)    

In section 41C (Code of practice about assessment notices)—

 

(a)    

in subsection (4)(a) after “principles” insert “and sections 24A,

 

24B and 24C”;

 

(b)    

in subsection (4)(b) after “principles” insert “or sections”.

 

(7)    

In section 43 (Information notices)—

 

(a)    

in subsection 43(1)—

 

(i)    

after “data protection principles” insert “or section 24A,

 

24B or 24C”;

 

(ii)    

after “the principles” insert “or those sections”;

 

(b)    

in subsection 43(2)(b) after “principles” insert “or section 24A,

 

24B or 24C”.

 

(8)    

In section 55A (Power of Commissioner to impose monetary penalty)—

 

(a)    

after subsection (1) insert—

 

“(1A)    

The Commissioner may also serve a data controller with

 

a monetary penalty notice if the Commissioner is

 

satisfied that there has been a serious contravention of

 

section 24A, 24B or 24C by the data controller.”;

 

(b)    

in subsection (3A) after “subsection (1)” insert “or (1A)”;

 

(c)    

in subsection (4) omit “determined by the Commissioner and”;

 

(d)    

in subsection (5)—

 

(i)    

after “The amount” insert “specified in a monetary

 

penalty notice served under subsection (1) shall be”;

 

(ii)    

after “Commissioner” insert “and”;

 

(e)    

after subsection (5) insert—

 

“(5A)    

The amount specified in a monetary penalty notice

 

served under subsection (1A) shall be £1,000.

 

(5B)    

The Secretary of State may by regulations amend

 

subsection (5A) to change the amount specified therein.”

 

(9)    

In section 55B (Monetary penalty notices: procedural rights)—

 

(a)    

in subsection (3)(a) omit “and”;


 
 

Notices of Amendments: 15 November 2016                  

7

 

Digital Economy Bill, continued

 
 

(b)    

after subsection (3)(a) insert—

 

“(aa)    

specify the provision of this Act of which the

 

Commissioner is satisfied there has been a serious

 

contravention, and”;

 

(c)    

after subsection (3) insert—

 

“(3A)    

A data controller may discharge liability for a monetary

 

penalty in respect of a contravention of section 24A, 24B

 

or 24C if he pays to the Commissioner the amount of

 

£800 before the time within which the data controller

 

may make representations to the Commissioner has

 

expired.

 

(3B)    

A notice of intent served in respect of a contravention of

 

section 24A, 24B or 24C must include a statement

 

informing the data controller of the opportunity to

 

discharge liability for the monetary penalty.

 

(3C)    

The Secretary of State may by regulations amend

 

subsection (3A) to change the amount specified therein,

 

save that the amount specified in subsection (3A) must

 

be less than the amount specified in section 55A(5A).”;

 

(d)    

in subsection (5) after “served” insert “under section 55A(1)”;

 

(e)    

after subsection (5) insert—

 

“(5A)    

A person on whom a monetary penalty notice is served

 

under section 55A(1A) may appeal to the Tribunal

 

against the issue of the monetary penalty notice.”

 

(10)    

In section 55C(2)(b) (Guidance about monetary penalty notices) at the

 

end insert “specified in a monetary penalty notice served under section

 

55A(1)”.

 

(11)    

In section 67 (Orders, regulations and rules)—

 

(a)    

in subsection (4)—

 

(i)    

after “order” insert “or regulations”;

 

(ii)    

after “section 22(1),” insert “section 24A(4)(c) or (d),

 

24B(6)(b) or (c),”;

 

(b)    

in subsection (5)—

 

(i)    

after subsection (c) insert “(ca) regulations under section

 

24A(4)(a) or (b) or section 24B(6)(a),”;

 

(ii)    

for “(ca) regulations under section 55A(5) or (7) or

 

55B(3)(b),” substitute “(cb) regulations under section

 

55A(5), (5B) or (7) or 55B(3)(b) or (3C),”.

 

(12)    

In section 71 (Index of defined expressions) after

 

“personal data

section 1(1)”

 
 

    

insert—

 

“personal data breach

section 24A(1)”

 

 
Back to StartNext
 

Revised 15 November 2016