Session 2016-17
Internet Publications
Other Bills before Parliament


 
 

1

 

House of Commons

 
 

Notices of Amendments

 

given up to and including

 

Friday 18 November 2016

 

New Amendments handed in are marked thus Parliamentary Star

 

Parliamentary Star - whiteAmendments which will comply with the required notice period at their next appearance

 

Amendments tabled since the last publication: NC13-NC18

 

Consideration of Bill (Report Stage)


 

Digital Economy Bill, As Amended


 

Note

 

This document includes all amendments tabled to date and includes any

 

withdrawn amendments at the end. The amendments have been arranged in the

 

order in which they relate to the Bill.

 


 

New Clauses

 

Claire Perry

 

Mr David Burrowes

 

Fiona Bruce

 

Derek Thomas

 

Jeremy Lefroy

 

Caroline Ansell

Heidi Allen

Andrew Selous

Mr Iain Duncan Smith

Mrs Maria Miller

Fiona Mactaggart

Mark Durkan

Sir Jeffrey M. Donaldson

Calum Kerr

Sammy Wilson

Mr Philip Hollobone

Sir Gerald Howarth

Tom Elliott

Danny Kinahan

Jim Shannon

Gavin Robinson

Sir Peter Bottomley

Kirsten Oswald

Helen Goodman

 

NC1

 

To move the following Clause—


 
 

Notices of Amendments: 18 November 2016                  

2

 

Digital Economy Bill, continued

 
 

         

“Power to require the blocking of access to pornographic material by internet

 

service providers

 

(1)    

Where the age-verification regulator determines that a person has made

 

pornographic material available on a commercial basis on the internet to persons

 

in the United Kingdom—

 

(a)    

in contravention of section 15(1), and

 

(b)    

the person has been the subject of a financial penalty or enforcement

 

notice under section 20 and the contravention has not ceased,

 

    

the age-verification regulator may issue a notice to internet service providers

 

requiring them to prevent access to the pornographic material that is provided by

 

the non-complying person.

 

(2)    

A notice under subsection (1) must—

 

(a)    

identify the non-complying person in such manner as the age verification

 

regulator considers appropriate;

 

(b)    

provide such further particulars as the age-verification regulator

 

considers appropriate.

 

(3)    

When the age-verification regulator gives notice under this section, it must

 

inform the non-complying person, by notice, that it has done so.

 

(4)    

An internet service provider who fails to comply with a requirement imposed by

 

subsection (1) commits an offence, subject to subsection (5).

 

(5)    

No offence is committed under subsection (4) if the internet service provider took

 

all reasonable steps and exercised all due diligence to ensure that the requirement

 

would be complied with.

 

(6)    

An internet service provider guilty of an offence under subsection (4) is liable, on

 

summary conviction, to a fine.

 

(7)    

In this section “internet service provider” has the same meaning as in section

 

124N of the Communications Act 2003 (interpretation).”

 

Member’s explanatory statement

 

This new clause gives a power to the age-verification regulator to require internet service

 

providers to block pornography websites that do not offer age-verification.

 


 

Liz Saville Roberts

 

Jonathan Edwards

 

Hywel Williams

 

NC3

 

To move the following Clause—

 

         

“Safety responsibilities of social media sites

 

(1)    

This section applies to a person who operates an internet site for commercial

 

purposes which requires a user to create a personal account to fully access the

 

internet site.

 

(2)    

A person under subsection (1) must—

 

(a)    

undertake and publish an online safety impact assessment in respect of

 

their account holders,

 

(b)    

inform the police if they become aware of any threat on its internet site

 

to physically harm an individual,


 
 

Notices of Amendments: 18 November 2016                  

3

 

Digital Economy Bill, continued

 
 

(c)    

remove any posts made on its internet site that are deemed to be violent

 

or that could incite violence.”

 


 

Louise Haigh

 

Kevin Brennan

 

NC5

 

To move the following Clause—

 

         

“Personal data breaches

 

(1)    

The Data Protection Act 1998 is amended as follows.

 

(2)    

After section 24 insert—

 

“24A  

Personal data breaches: notification to the Commissioner

 

(1)    

In this section, section 24B and section 24C “personal data breach”

 

means unauthorised or unlawful processing of personal data or accidental

 

loss or destruction of, or damage to, personal data.

 

(2)    

Subject to subsections (3), (4)(c) and (4)(d), if a personal data breach

 

occurs, the data controller in respect of the personal data concerned in

 

that breach shall, without undue delay, notify the breach to the

 

Commissioner.

 

(3)    

The notification referred to in subsection (2) is not required to the extent

 

that the personal data concerned in the personal data breach are exempt

 

from the seventh data protection principle.

 

(4)    

The Secretary of State may by regulations—

 

(a)    

prescribe matters which a notification under subsection (2) must

 

contain;

 

(b)    

prescribe the period within which, following detection of a

 

personal data breach, a notification under subsection (2) must be

 

given;

 

(c)    

provide that subsection (2) shall not apply to certain data

 

controllers;

 

(d)    

provide that subsection (2) shall not apply to personal data

 

breaches of a particular description or descriptions.

 

24B    

Personal data breaches: notification to the data subject

 

(1)    

Subject to subsections (2), (3), (4), (6)(b) and (6)(c), if a personal data

 

breach is likely to adversely affect the personal data or privacy of a data

 

subject, the data controller in respect of the personal data concerned in

 

that breach shall also, without undue delay, notify the breach to the data

 

subject concerned, insofar as it is reasonably practicable to do so.

 

(2)    

The notification referred to in subsection (1) is not required to the extent

 

that the personal data concerned in the personal data breach are exempt

 

from the seventh data protection principle.

 

(3)    

The notification referred to in subsection (1) is not required to the extent

 

that the personal data concerned in the personal data breach are exempt

 

from section 7(1).


 
 

Notices of Amendments: 18 November 2016                  

4

 

Digital Economy Bill, continued

 
 

(4)    

The notification referred to in subsection (1) is not required if the data

 

controller has demonstrated, to the satisfaction of the Commissioner—

 

(a)    

that the data controller has implemented appropriate measures

 

which render the data unintelligible to any person who is not

 

authorised to access it; and

 

(b)    

that those measures were applied to the data concerned in that

 

personal data breach.

 

(5)    

If the data controller has not notified the data subject in compliance with

 

subsection (1), the Commissioner may, having considered the likely

 

adverse effects of the personal data breach, require the data controller to

 

do so.

 

(6)    

The Secretary of State may by regulations—

 

(a)    

prescribe matters which a notification under subsection (1) must

 

contain;

 

(b)    

provide that subsection (1) shall not apply to certain data

 

controllers;

 

(c)    

provide that subsection (1) shall not apply to personal data

 

breaches of a particular description or descriptions.

 

24C    

Personal data breaches: audit

 

(1)    

Data controllers shall maintain an inventory of personal data breaches

 

comprising—

 

(a)    

the facts surrounding the breach;

 

(b)    

the effects of that breach; and

 

(c)    

remedial action taken

 

    

which shall be sufficient to enable the Commissioner to verify

 

compliance with the provisions of sections 24A and 24B. The inventory

 

    

shall only include information necessary for this purpose.

 

(2)    

The Commissioner may audit the compliance of data controllers with the

 

provisions of sections 24A, 24B and 24C(1).

 

(3)    

In section 40 (Enforcement notices)—

 

(a)    

in subsection (1)—

 

(i)    

after “data protection principles,” insert “or section 24A,

 

24B or 24C”;

 

(ii)    

for “principle or principles” substitute “principle,

 

principles, section or sections”;

 

(b)    

in subsection 6(a) after “principles” insert “or the section or

 

sections”.

 

(4)    

In section 41 (Cancellation of enforcement notice”)—

 

(a)    

in subsection (1) after “principles” insert “or the section or

 

sections”;

 

(b)    

in subsection (2) after “principles” insert “or the section or

 

sections”.

 

(5)    

In section 41A (Assessment notices)—

 

(a)    

in subsection (1) after “data protection principles” insert “or

 

section 24A, 24B or 24C”;

 

(b)    

in subsection (10)(b) after “data protection principles” insert “or

 

section 24A, 24B or 24C”.


 
 

Notices of Amendments: 18 November 2016                  

5

 

Digital Economy Bill, continued

 
 

(6)    

In section 41C (Code of practice about assessment notices)—

 

(a)    

in subsection (4)(a) after “principles” insert “and sections 24A,

 

24B and 24C”;

 

(b)    

in subsection (4)(b) after “principles” insert “or sections”.

 

(7)    

In section 43 (Information notices)—

 

(a)    

in subsection 43(1)—

 

(i)    

after “data protection principles” insert “or section 24A,

 

24B or 24C”;

 

(ii)    

after “the principles” insert “or those sections”;

 

(b)    

in subsection 43(2)(b) after “principles” insert “or section 24A,

 

24B or 24C”.

 

(8)    

In section 55A (Power of Commissioner to impose monetary penalty)—

 

(a)    

after subsection (1) insert—

 

“(1A)    

The Commissioner may also serve a data controller with

 

a monetary penalty notice if the Commissioner is

 

satisfied that there has been a serious contravention of

 

section 24A, 24B or 24C by the data controller.”;

 

(b)    

in subsection (3A) after “subsection (1)” insert “or (1A)”;

 

(c)    

in subsection (4) omit “determined by the Commissioner and”;

 

(d)    

in subsection (5)—

 

(i)    

after “The amount” insert “specified in a monetary

 

penalty notice served under subsection (1) shall be”;

 

(ii)    

after “Commissioner” insert “and”;

 

(e)    

after subsection (5) insert—

 

“(5A)    

The amount specified in a monetary penalty notice

 

served under subsection (1A) shall be £1,000.

 

(5B)    

The Secretary of State may by regulations amend

 

subsection (5A) to change the amount specified therein.”

 

(9)    

In section 55B (Monetary penalty notices: procedural rights)—

 

(a)    

in subsection (3)(a) omit “and”;

 

(b)    

after subsection (3)(a) insert—

 

“(aa)    

specify the provision of this Act of which the

 

Commissioner is satisfied there has been a serious

 

contravention, and”;

 

(c)    

after subsection (3) insert—

 

“(3A)    

A data controller may discharge liability for a monetary

 

penalty in respect of a contravention of section 24A, 24B

 

or 24C if he pays to the Commissioner the amount of

 

£800 before the time within which the data controller

 

may make representations to the Commissioner has

 

expired.

 

(3B)    

A notice of intent served in respect of a contravention of

 

section 24A, 24B or 24C must include a statement

 

informing the data controller of the opportunity to

 

discharge liability for the monetary penalty.

 

(3C)    

The Secretary of State may by regulations amend

 

subsection (3A) to change the amount specified therein,

 

save that the amount specified in subsection (3A) must

 

be less than the amount specified in section 55A(5A).”;

 

(d)    

in subsection (5) after “served” insert “under section 55A(1)”;


 
 

Notices of Amendments: 18 November 2016                  

6

 

Digital Economy Bill, continued

 
 

(e)    

after subsection (5) insert—

 

“(5A)    

A person on whom a monetary penalty notice is served

 

under section 55A(1A) may appeal to the Tribunal

 

against the issue of the monetary penalty notice.”

 

(10)    

In section 55C(2)(b) (Guidance about monetary penalty notices) at the

 

end insert “specified in a monetary penalty notice served under section

 

55A(1)”.

 

(11)    

In section 67 (Orders, regulations and rules)—

 

(a)    

in subsection (4)—

 

(i)    

after “order” insert “or regulations”;

 

(ii)    

after “section 22(1),” insert “section 24A(4)(c) or (d),

 

24B(6)(b) or (c),”;

 

(b)    

in subsection (5)—

 

(i)    

after subsection (c) insert “(ca) regulations under section

 

24A(4)(a) or (b) or section 24B(6)(a),”;

 

(ii)    

for “(ca) regulations under section 55A(5) or (7) or

 

55B(3)(b),” substitute “(cb) regulations under section

 

55A(5), (5B) or (7) or 55B(3)(b) or (3C),”.

 

(12)    

In section 71 (Index of defined expressions) after

 

“personal data

section 1(1)”

 
 

    

insert—

 

“personal data breach

section 24A(1)”

 
 

(13)    

In paragraph 1 of Schedule 9—

 

(a)    

after paragraph 1(1)(a) insert—

 

“(aa)    

that a data controller has contravened or is contravening

 

any provision of section 24A, 24B or 24C, or”;

 

(b)    

in paragraph 1(1B) after “principles” insert “or section 24A, 24B

 

or 24C”;

 

(c)    

in paragraph (3)(d)(ii) after “principles” insert “or section 24A,

 

24B or 24C”;

 

(d)    

in paragraph (3)(f) after “principles” insert “or section 24A, 24B

 

or 24C.””

 

Member’s explanatory statement

 

This new clause seeks to create a general obligation on data controllers to notify the Information

 

Commissioner and data subjects in the event of a breach of personal data security. The proposed

 

obligation is similar to that imposed on electronic communication service providers by the Privacy

 

and Electronic Communications (EC Directive) Regulations 2003.

 



 
 

Notices of Amendments: 18 November 2016                  

7

 

Digital Economy Bill, continued

 
 

Louise Haigh

 

Kevin Brennan

 

NC6

 

To move the following Clause—

 

         

“Code of practice: accessibility to on-demand audiovisual services for people

 

with disabilities affecting hearing and/or sight

 

(1)    

It shall be the duty of Ofcom to draw up, and from time to time to review and

 

revise, a code giving guidance as to—

 

(a)    

the extent to which on-demand audiovisual services should promote the

 

understanding and enjoyment by—

 

(i)    

persons who are deaf or hard of hearing,

 

(ii)    

persons who are blind or partially-sighted, and

 

(iii)    

persons with a dual sensory impairment,

 

    

of the programmes to be included in such services; and

 

(b)    

the means by which such understanding and enjoyment should be

 

promoted.

 

(2)    

The code must include provision for securing that every provider of a service to

 

which this section applies ensures that adequate information about the assistance

 

for disabled people that is provided in relation to that service is made available to

 

those who are likely to want to make use of it.

 

(3)    

In complying with subsection (1) Ofcom must conduct a public consultation to

 

inform Ofcom’s determination of the elements of the code.

 

(4)    

In complying with subsection (1), Ofcom must have regard, in particular, to—

 

(a)    

the extent of the benefit which would be conferred by the provision of

 

assistance for disabled people in relation to the programmes;

 

(b)    

the size of the intended audience for the programmes;

 

(c)    

the number of persons who would be likely to benefit from the assistance

 

and the extent of the likely benefit in each case;

 

(d)    

the extent to which members of the intended audience for the

 

programmes are resident in places outside the United Kingdom;

 

(e)    

the technical difficulty of providing the assistance; and

 

(f)    

the cost, in the context of the matters mentioned in paragraphs (a) to (e),

 

of providing the assistance.

 

(5)    

The code must set out the descriptions of programmes that Ofcom considers

 

should be excluded programmes for the purposes of the requirement contained in

 

that subsection or paragraph.

 

(6)    

The code shall make provisions about the meeting of obligations established,

 

including by allocating relevant responsibilities between—

 

(a)    

broadcasters;

 

(b)    

platform operators; and

 

(c)    

any other provider or purveyor of programmes or programme services.

 

(7)    

For the purpose of subsection (1) a service is an on-demand audiovisual

 

programme if it falls within the definition given in section 368A (Meaning of “on-

 

demand programme service”) of the Communications Act 2003 (as inserted by

 

the Audiovisual Media Service Regulations 2009).”

 



 
Back to StartNext
 

Revised 18 November 2016