|
| |
| | |
| | |
| |
| | |
| | given up to and including |
|
| | |
| | New Amendments handed in are marked thus  |
|
| |  Amendments which will comply with the required notice period at their next appearance
|
|
| | Amendments tabled since the last publication: 2 |
|
| | |
| | Digital Economy Bill, As Amended
|
|
| | |
| | | This document includes all amendments tabled to date and includes any |
|
| | | withdrawn amendments at the end. The amendments have been arranged in the |
|
| | | order in which they relate to the Bill. |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | Caroline Ansell | Heidi Allen | Andrew Selous | Mr Iain Duncan Smith | Mrs Maria Miller | Fiona Mactaggart | Mark Durkan | Sir Jeffrey M. Donaldson | Calum Kerr | Sammy Wilson | Mr Philip Hollobone | Sir Gerald Howarth | Tom Elliott | Danny Kinahan | Jim Shannon |
|
| | | |
| | | To move the following Clause— |
|
|
| |
| | |
| | |
| |
| | | | “Power to require the blocking of access to pornographic material by internet |
|
| | | |
| | | (1) | Where the age-verification regulator determines that a person has made |
|
| | | pornographic material available on a commercial basis on the internet to persons |
|
| | | |
| | | (a) | in contravention of section 15(1), and |
|
| | | (b) | the person has been the subject of a financial penalty or enforcement |
|
| | | notice under section 20 and the contravention has not ceased, |
|
| | | | the age-verification regulator may issue a notice to internet service providers |
|
| | | requiring them to prevent access to the pornographic material that is provided by |
|
| | | the non-complying person. |
|
| | | (2) | A notice under subsection (1) must— |
|
| | | (a) | identify the non-complying person in such manner as the age verification |
|
| | | regulator considers appropriate; |
|
| | | (b) | provide such further particulars as the age-verification regulator |
|
| | | |
| | | (3) | When the age-verification regulator gives notice under this section, it must |
|
| | | inform the non-complying person, by notice, that it has done so. |
|
| | | (4) | An internet service provider who fails to comply with a requirement imposed by |
|
| | | subsection (1) commits an offence, subject to subsection (5). |
|
| | | (5) | No offence is committed under subsection (4) if the internet service provider took |
|
| | | all reasonable steps and exercised all due diligence to ensure that the requirement |
|
| | | |
| | | (6) | An internet service provider guilty of an offence under subsection (4) is liable, on |
|
| | | summary conviction, to a fine. |
|
| | | (7) | In this section “internet service provider” has the same meaning as in section |
|
| | | 124N of the Communications Act 2003 (interpretation).” |
|
| | | Member’s explanatory statement
|
|
| | | This new clause gives a power to the age-verification regulator to require internet service |
|
| | | providers to block pornography websites that do not offer age-verification. |
|
| | |
| | |
| | |
| | |
| | | |
| | | To move the following Clause— |
|
| | | | “Code of practice for commercial internet providers on online abuse |
|
| | | (1) | The relevant Minister must issue a code of practice about the responsibilities of |
|
| | | commercial internet providers in dealing with online abuse. |
|
| | | (2) | The code of practice must include guidance on— |
|
| | | (a) | how a commercial internet provider shall respond to cases of a person |
|
| | | being victim of online abuse on its internet site; |
|
| | | (b) | quality service standards expected of the commercial internet provider in |
|
| | | determining, assessing, and responding to cases of online abuse; and |
|
| | | (c) | the setting and enforcement of privacy settings of persons aged 17 or |
|
| | | under, where deemed appropriate. |
|
| | | (3) | A commercial internet provider must comply with the code of practice. |
|
|
| |
| | |
| | |
| |
| | | (4) | The relevant Minister may from time to time revise and re-issue the code of |
|
| | | |
| | | (5) | As soon as is reasonably practicable after issuing or reissuing the code of practice |
|
| | | the relevant Minister must lay, or arrange for the laying of, a copy of it before— |
|
| | | |
| | | (b) | the Scottish Parliament, |
|
| | | (c) | the National Assembly for Wales, and |
|
| | | (d) | the Northern Ireland Assembly. |
|
| | | (6) | In this section “commercial internet provider” means a person who operates an |
|
| | | internet site on a commercial basis.” |
|
| | |
| | |
| | |
| | |
| | | |
| | | To move the following Clause— |
|
| | | | “Safety responsibilities of social media sites |
|
| | | (1) | This section applies to a person who operates an internet site for commercial |
|
| | | purposes which requires a user to create a personal account to fully access the |
|
| | | |
| | | (2) | A person under subsection (1) must— |
|
| | | (a) | undertake and publish an online safety impact assessment in respect of |
|
| | | |
| | | (b) | inform the police if they become aware of any threat on its internet site |
|
| | | to physically harm an individual, |
|
| | | (c) | remove any posts made on its internet site that are deemed to be violent |
|
| | | or that could incite violence.” |
|
| | |
| | |
| | |
| | | |
| | | To move the following Clause— |
|
| | | | “Offence to use digital ticket purchasing software to purchase excessive |
|
| | | |
| | | (1) | A person commits an offence if he or she utilizes digital ticket purchasing |
|
| | | software to purchase tickets over and above the number permitted in the condition |
|
| | | |
| | | (2) | A person commits an offence if he or she knowingly resells or offers to resell a |
|
| | | ticket that the person knows, or could reasonably suspect, was obtained using |
|
| | | digital ticket purchasing software and was acting in the course of a business. |
|
| | | (3) | For the purposes of subsection (2) a person shall be treated as acting in the course |
|
| | | of a business if he or she does anything as a result of which he makes a profit or |
|
| | | |
|
| |
| | |
| | |
| |
| | | (4) | A person guilty of an offence under this section shall be liable on summary |
|
| | | |
| | | (a) | imprisonment for a period not exceeding 51 weeks, |
|
| | | (b) | a fine not exceeding level 5 on the standard scale, or |
|
| | | |
| | | |
| | | (a) | “digital ticket purchasing software” means any machine, device, |
|
| | | computer programme or computer software that, on its own or with |
|
| | | human assistance, bypasses security measures or access control systems |
|
| | | on a retail ticket purchasing platform that assist in implementing a limit |
|
| | | on the number of tickets that can be purchased, to purchase tickets. |
|
| | | (b) | “retail ticket purchasing platform” shall mean a retail ticket purchasing |
|
| | | website, application, phone system, or other technology platform used to |
|
| | | |
| | | (6) | Subsections (1) and (2) shall apply in respect of anything done whether in the |
|
| | | United Kingdom or elsewhere.” |
|
| | | Member’s explanatory statement
|
|
| | | This new clause creates an offence to use digital ticket purchasing software to purchase tickets for |
|
| | | an event over and above the number permitted in the condition of sale. It also creates an offence |
|
| | | to knowingly resell tickets using such software. |
|
| | |
| | |
| | |
| | | |
| | | | To move the following Clause— |
|
| | | |
| | | (1) | The Data Protection Act 1998 is amended as follows. |
|
| | | (2) | After section 24 insert— |
|
| | | “24A | Personal data breaches: notification to the Commissioner |
|
| | | (1) | In this section, section 24B and section 24C “personal data breach” |
|
| | | means unauthorised or unlawful processing of personal data or accidental |
|
| | | loss or destruction of, or damage to, personal data. |
|
| | | (2) | Subject to subsections (3), (4)(c) and (4)(d), if a personal data breach |
|
| | | occurs, the data controller in respect of the personal data concerned in |
|
| | | that breach shall, without undue delay, notify the breach to the |
|
| | | |
| | | (3) | The notification referred to in subsection (2) is not required to the extent |
|
| | | that the personal data concerned in the personal data breach are exempt |
|
| | | from the seventh data protection principle. |
|
| | | (4) | The Secretary of State may by regulations— |
|
| | | (a) | prescribe matters which a notification under subsection (2) must |
|
| | | |
| | | (b) | prescribe the period within which, following detection of a |
|
| | | personal data breach, a notification under subsection (2) must be |
|
| | | |
|
| |
| | |
| | |
| |
| | | (c) | provide that subsection (2) shall not apply to certain data |
|
| | | |
| | | (d) | provide that subsection (2) shall not apply to personal data |
|
| | | breaches of a particular description or descriptions. |
|
| | | 24B | Personal data breaches: notification to the data subject |
|
| | | (1) | Subject to subsections (2), (3), (4), (6)(b) and (6)(c), if a personal data |
|
| | | breach is likely to adversely affect the personal data or privacy of a data |
|
| | | subject, the data controller in respect of the personal data concerned in |
|
| | | that breach shall also, without undue delay, notify the breach to the data |
|
| | | subject concerned, insofar as it is reasonably practicable to do so. |
|
| | | (2) | The notification referred to in subsection (1) is not required to the extent |
|
| | | that the personal data concerned in the personal data breach are exempt |
|
| | | from the seventh data protection principle. |
|
| | | (3) | The notification referred to in subsection (1) is not required to the extent |
|
| | | that the personal data concerned in the personal data breach are exempt |
|
| | | |
| | | (4) | The notification referred to in subsection (1) is not required if the data |
|
| | | controller has demonstrated, to the satisfaction of the Commissioner— |
|
| | | (a) | that the data controller has implemented appropriate measures |
|
| | | which render the data unintelligible to any person who is not |
|
| | | authorised to access it; and |
|
| | | (b) | that those measures were applied to the data concerned in that |
|
| | | |
| | | (5) | If the data controller has not notified the data subject in compliance with |
|
| | | subsection (1), the Commissioner may, having considered the likely |
|
| | | adverse effects of the personal data breach, require the data controller to |
|
| | | |
| | | (6) | The Secretary of State may by regulations— |
|
| | | (a) | prescribe matters which a notification under subsection (1) must |
|
| | | |
| | | (b) | provide that subsection (1) shall not apply to certain data |
|
| | | |
| | | (c) | provide that subsection (1) shall not apply to personal data |
|
| | | breaches of a particular description or descriptions. |
|
| | | 24C | Personal data breaches: audit |
|
| | | (1) | Data controllers shall maintain an inventory of personal data breaches |
|
| | | |
| | | (a) | the facts surrounding the breach; |
|
| | | (b) | the effects of that breach; and |
|
| | | (c) | remedial action taken |
|
| | | | which shall be sufficient to enable the Commissioner to verify |
|
| | | compliance with the provisions of sections 24A and 24B. The inventory |
|
| | | | shall only include information necessary for this purpose. |
|
| | | (2) | The Commissioner may audit the compliance of data controllers with the |
|
| | | provisions of sections 24A, 24B and 24C(1). |
|
|
| |
| | |
| | |
| |
| | | (3) | In section 40 (Enforcement notices)— |
|
| | | |
| | | (i) | after “data protection principles,” insert “or section 24A, |
|
| | | |
| | | (ii) | for “principle or principles” substitute “principle, |
|
| | | principles, section or sections”; |
|
| | | (b) | in subsection 6(a) after “principles” insert “or the section or |
|
| | | |
| | | (4) | In section 41 (Cancellation of enforcement notice”)— |
|
| | | (a) | in subsection (1) after “principles” insert “or the section or |
|
| | | |
| | | (b) | in subsection (2) after “principles” insert “or the section or |
|
| | | |
| | | (5) | In section 41A (Assessment notices)— |
|
| | | (a) | in subsection (1) after “data protection principles” insert “or |
|
| | | section 24A, 24B or 24C”; |
|
| | | (b) | in subsection (10)(b) after “data protection principles” insert “or |
|
| | | section 24A, 24B or 24C”. |
|
| | | (6) | In section 41C (Code of practice about assessment notices)— |
|
| | | (a) | in subsection (4)(a) after “principles” insert “and sections 24A, |
|
| | | |
| | | (b) | in subsection (4)(b) after “principles” insert “or sections”. |
|
| | | (7) | In section 43 (Information notices)— |
|
| | | |
| | | (i) | after “data protection principles” insert “or section 24A, |
|
| | | |
| | | (ii) | after “the principles” insert “or those sections”; |
|
| | | (b) | in subsection 43(2)(b) after “principles” insert “or section 24A, |
|
| | | |
| | | (8) | In section 55A (Power of Commissioner to impose monetary penalty)— |
|
| | | (a) | after subsection (1) insert— |
|
| | | “(1A) | The Commissioner may also serve a data controller with |
|
| | | a monetary penalty notice if the Commissioner is |
|
| | | satisfied that there has been a serious contravention of |
|
| | | section 24A, 24B or 24C by the data controller.”; |
|
| | | (b) | in subsection (3A) after “subsection (1)” insert “or (1A)”; |
|
| | | (c) | in subsection (4) omit “determined by the Commissioner and”; |
|
| | | |
| | | (i) | after “The amount” insert “specified in a monetary |
|
| | | penalty notice served under subsection (1) shall be”; |
|
| | | (ii) | after “Commissioner” insert “and”; |
|
| | | (e) | after subsection (5) insert— |
|
| | | “(5A) | The amount specified in a monetary penalty notice |
|
| | | served under subsection (1A) shall be £1,000. |
|
| | | (5B) | The Secretary of State may by regulations amend |
|
| | | subsection (5A) to change the amount specified therein.” |
|
| | | (9) | In section 55B (Monetary penalty notices: procedural rights)— |
|
| | | (a) | in subsection (3)(a) omit “and”; |
|
|
| |
| | |
| | |
| |
| | | (b) | after subsection (3)(a) insert— |
|
| | | “(aa) | specify the provision of this Act of which the |
|
| | | Commissioner is satisfied there has been a serious |
|
| | | |
| | | (c) | after subsection (3) insert— |
|
| | | “(3A) | A data controller may discharge liability for a monetary |
|
| | | penalty in respect of a contravention of section 24A, 24B |
|
| | | or 24C if he pays to the Commissioner the amount of |
|
| | | £800 before the time within which the data controller |
|
| | | may make representations to the Commissioner has |
|
| | | |
| | | (3B) | A notice of intent served in respect of a contravention of |
|
| | | section 24A, 24B or 24C must include a statement |
|
| | | informing the data controller of the opportunity to |
|
| | | discharge liability for the monetary penalty. |
|
| | | (3C) | The Secretary of State may by regulations amend |
|
| | | subsection (3A) to change the amount specified therein, |
|
| | | save that the amount specified in subsection (3A) must |
|
| | | be less than the amount specified in section 55A(5A).”; |
|
| | | (d) | in subsection (5) after “served” insert “under section 55A(1)”; |
|
| | | (e) | after subsection (5) insert— |
|
| | | “(5A) | A person on whom a monetary penalty notice is served |
|
| | | under section 55A(1A) may appeal to the Tribunal |
|
| | | against the issue of the monetary penalty notice.” |
|
| | | (10) | In section 55C(2)(b) (Guidance about monetary penalty notices) at the |
|
| | | end insert “specified in a monetary penalty notice served under section |
|
| | | |
| | | (11) | In section 67 (Orders, regulations and rules)— |
|
| | | |
| | | (i) | after “order” insert “or regulations”; |
|
| | | (ii) | after “section 22(1),” insert “section 24A(4)(c) or (d), |
|
| | | |
| | | |
| | | (i) | after subsection (c) insert “(ca) regulations under section |
|
| | | 24A(4)(a) or (b) or section 24B(6)(a),”; |
|
| | | (ii) | for “(ca) regulations under section 55A(5) or (7) or |
|
| | | 55B(3)(b),” substitute “(cb) regulations under section |
|
| | | 55A(5), (5B) or (7) or 55B(3)(b) or (3C),”. |
|
| | | (12) | In section 71 (Index of defined expressions) after |
|
|
| | | |
|
|
