Session 2017-19
Internet Publications
Other Bills before Parliament


 
 

1

 

House of Commons

 
 

Thursday 15 March 2018

 

Public Bill Committee

 

New Amendments handed in are marked thus Parliamentary Star

 

Parliamentary Star - whiteAmendments which will comply with the required notice period at their next appearance

 

Data Protection Bill [Lords]


 

Note

 

This document includes all amendments remaining before the Committee and

 

includes any withdrawn amendments at the end. The amendments have been

 

arranged in accordance with the Order of the Committee [13 March 2018].

 

 


 

Darren Jones

 

152

 

Schedule  6,  page  179,  line  17,  leave out paragraph 2 (as inserted by paragraph 49)

 

and insert—

 

“2         

The Commissioner must, in carrying out the Commissioner’s functions under

 

this Regulation, incorporate with any modifications which he or she considers

 

necessary in any guidance or code of practice which the Commissioner issues,

 

decisions, advice, guidelines, recommendations and best practices issued by

 

the European Data Protection Board established under Article 68 of the GDPR.

 

2A         

The Commissioner must, in carrying out the Commissioner’s functions under

 

this Regulation, have regard to any implementing acts adopted by the

 

Commission under Article 67 of the GDPR (exchange of information).”

 

Margot James

 

115

 

Schedule  6,  page  180,  line  2,  leave out sub-paragraph (b) and insert—

 

“(b)    

in paragraph 2, for “Member States” substitute “The Secretary of State”;


 
 

Public Bill Committee: 15 March 2018                  

2

 

Data Protection Bill-[Lords], continued

 
 

(c)    

after that paragraph insert—

 

“3         

The power under paragraph 2 may only be exercised by

 

making regulations under section (Duty to review provision

 

for representation of data subjects) of the 2018 Act.”

 

Member’s explanatory statement

 

This amendment is consequential on NC2.

 


 

Margot James

 

17

 

Clause  25,  page  15,  line  40,  leave out “individual” and insert “data subject”

 

Member’s explanatory statement

 

Clause 25 makes provision about the processing of manual unstructured data used in longstanding

 

historical research. This amendment aligns Clause 25(1)(b)(i) with similar provision in Clause

 

19(2).

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

161

 

Clause  27,  page  17,  line  2,  leave out subsection (1) and insert—

 

    

“A Minister of the Crown must apply to a Judicial Commissioner for a certificate,

 

if exemptions are sought from specified provisions in relation to any personal

 

data for the purpose of safeguarding national security.”

 

Member’s explanatory statement

 

This amendment would introduce a procedure for a Minister of the Crown to apply to a Judicial

 

Commissioner for a National Security Certificate.

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

162

 

Clause  27,  page  17,  line  5,  at end insert—

 

“(1A)    

The decision to issue the certificate must be—

 

(a)    

approved by a Judicial Commissioner,

 

(b)    

laid before Parliament,

 

(c)    

published and publicly accessible on the Information Commissioner’s

 

Office website.

 

(1B)    

In deciding whether to approve an application under subsection (1), a Judicial

 

Commissioner must review the Minister’s conclusions as to the following

 

matters—

 

(a)    

whether the certificate is necessary on relevant grounds,

 

(b)    

whether the conduct that would be authorised by the certificate is

 

proportionate to what it sought to be achieved by that conduct, and


 
 

Public Bill Committee: 15 March 2018                  

3

 

Data Protection Bill-[Lords], continued

 
 

(c)    

whether it is necessary and proportionate to exempt all provisions

 

specified in the certificate.” 

 

Member’s explanatory statement

 

This amendment would ensure that oversight and safeguarding in the application for a National

 

Security Certificate are effective, requiring sufficient detail in the application process.

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

163

 

Clause  27,  page  17,  leave out lines 6 to 8 and insert—

 

“(2)    

An application for a certificate under subsection (1)—

 

(a)    

must identify the personal data to which it applies by means of a detailed

 

description, and”

 

Member’s explanatory statement

 

This amendment would require a National Security Certificate to identify the personal data to

 

which the Certificate applies by means of a detailed description.

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

164

 

Clause  27,  page  17,  line  9,  leave out subsection (2)(b)

 

Member’s explanatory statement

 

This amendment would ensure that a National Security Certificate cannot be expressed to have

 

prospective effect.

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

165

 

Clause  27,  page  17,  line  9,  at end insert—

 

“(c)    

must specify each provision of this Act which it seeks to exempt, and

 

(d)    

must provide a justification for both (a) and (b).”

 

Member’s explanatory statement

 

This amendment would ensure effective oversight of exemptions of this Act from the application for

 

a National Security Certificate.


 
 

Public Bill Committee: 15 March 2018                  

4

 

Data Protection Bill-[Lords], continued

 
 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

166

 

Clause  27,  page  17,  line  10,  leave out “directly” and insert “who believes they are

 

directly or indirectly”

 

Member’s explanatory statement

 

This amendment would broaden the application of subsection (3) so that any person who believes

 

they are directly affected by a National Security Certificate may appeal to the Tribunal against the

 

Certificate.

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

167

 

Clause  27,  page  17,  line  12,  leave out “, applying the principles applied by a court

 

on an application for judicial review,”

 

Member’s explanatory statement

 

This amendment removes the application to the appeal against a National Security Certificate of

 

the principles applied by a court on an application for judicial review.

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

168

 

Clause  27,  page  17,  line  13,  leave out “the Minister did not have reasonable

 

grounds for issuing” and insert “it was not necessary or proportionate to issue”

 

Member’s explanatory statement

 

These amendments would reflect that the Minister would not be the only authority involved in the

 

process of applying for a National Security Certificate.

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

169

 

Clause  27,  page  17,  line  16,  at end insert—

 

“(4A)    

Where a Judicial Commissioner refuses to approve a Minister’s application for a

 

certificate under this Chapter, the Judicial Commissioner must give the Minister

 

of the Crown reasons in writing for the refusal.

 

(4B)    

Where a Judicial Commissioner refuses to approve a Minister’s application for a

 

certificate under this Chapter, the Minister may apply to the Information

 

Commissioner for a review of the decision.

 

(4C)    

It is not permissible for exemptions to be specified in relation to—


 
 

Public Bill Committee: 15 March 2018                  

5

 

Data Protection Bill-[Lords], continued

 
 

(a)    

Chapter II of the applied GDPR (principles)—

 

(i)    

Article 5 (lawful, fair and transparent processing),

 

(ii)    

Article 6 (lawfulness of processing),

 

(iii)    

Article 9 (processing of special categories of personal data),

 

(b)    

Chapter IV of the applied GDPR—

 

(i)    

GDPR Articles 24 – 32 inclusive,

 

(ii)    

GDPR Articles 35 – 43 inclusive,

 

(c)    

Chapter VIII of the applied GDPR (remedies, liabilities and penalties)—

 

(i)    

GDPR Article 83 (general conditions for imposing

 

administrative fines),

 

(ii)    

GDPR Article 84 (penalties),

 

(d)    

Part 5 of this Act, or

 

(e)    

Part 7 of this Act.”

 

Member’s explanatory statement

 

This amendment would require a Judicial Commissioner to intimate in writing to the Minister

 

reasons for refusing the Minister’s application for a National Security Certificate and allows the

 

Minister to apply for a review by the Information Commissioner of such a refusal.

 


 

Margot James

 

18

 

Clause  30,  page  19,  line  4,  after “specified” insert “or described”

 

Member’s explanatory statement

 

This amendment changes a reference to persons specified in Schedule 7 into a reference to persons

 

specified or described there.

 

Margot James

 

19

 

Clause  30,  page  19,  line  10,  leave out from “add” to end of line and insert “or

 

remove a person or description of person”

 

Member’s explanatory statement

 

This amendment makes clear that regulations under Clause 30 may identify a person by describing

 

a type of person, as well as by specifying a person.

 



 
 

Public Bill Committee: 15 March 2018                  

6

 

Data Protection Bill-[Lords], continued

 
 

Brendan O’Hara

 

Stuart C. McDonald

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

132

 

Clause  35,  page  21,  line  29,  leave out subsections (6) and (7).

 

Member’s explanatory statement

 

This amendment would remove delegated powers that would allow the Secretary of State to vary

 

the conditions and safeguards governing the general processing of sensitive personal data.

 


 

Margot James

 

116

 

Schedule  8,  page  184,  line  32,  at end insert—

 

“Safeguarding of children and of individuals at risk

 

3A  (1)  

This condition is met if—

 

(a)    

the processing is necessary for the purposes of—

 

(i)    

protecting an individual from neglect or physical, mental or

 

emotional harm, or

 

(ii)    

protecting the physical, mental or emotional well-being of an

 

individual,

 

(b)    

the individual is—

 

(i)    

aged under 18, or

 

(ii)    

aged 18 or over and at risk,

 

(c)    

the processing is carried out without the consent of the data subject for

 

one of the reasons listed in sub-paragraph (2), and

 

(d)    

the processing is necessary for reasons of substantial public interest.

 

      (2)  

The reasons mentioned in sub-paragraph (1)(c) are—

 

(a)    

in the circumstances, consent to the processing cannot be given by the

 

data subject;

 

(b)    

in the circumstances, the controller cannot reasonably be expected to

 

obtain the consent of the data subject to the processing;

 

(c)    

the processing must be carried out without the consent of the data

 

subject because obtaining the consent of the data subject would

 

prejudice the provision of the protection mentioned in sub-paragraph

 

(1)(a).

 

      (3)  

For the purposes of this paragraph, an individual aged 18 or over is “at risk” if

 

the controller has reasonable cause to suspect that the individual—

 

(a)    

has needs for care and support,

 

(b)    

is experiencing, or at risk of, neglect or physical, mental or emotional

 

harm, and

 

(c)    

as a result of those needs is unable to protect himself or herself against

 

the neglect or harm or the risk of it.


 
 

Public Bill Committee: 15 March 2018                  

7

 

Data Protection Bill-[Lords], continued

 
 

      (4)  

In sub-paragraph (1)(a), the reference to the protection of an individual or of

 

the well-being of an individual includes both protection relating to a particular

 

individual and protection relating to a type of individual.”

 

Member’s explanatory statement

 

Schedule 8 makes provision about the circumstances in which the processing of special categories

 

of personal data is permitted. This amendment adds to that Schedule certain processing of

 

personal data which is necessary for the protection of children or of adults at risk. See also

 

Amendments 85 and 117.

 


 

Margot James

 

20

 

Clause  41,  page  23,  line  34,  leave out “an individual” and insert “a data subject”

 

Member’s explanatory statement

 

Clause 41 makes provision about the processing of personal data for archiving purposes, for

 

scientific or historical research purposes or for statistical purposes. This amendment aligns

 

Clause 41(2)(b) with similar provision in Clause 19(2).

 


 

Margot James

 

21

 

Clause  42,  page  24,  line  29,  leave out “with the day” and insert “when”

 

Member’s explanatory statement

 

This amendment is consequential on Amendment 71.

 


 

Margot James

 

22

 

Clause  47,  page  28,  line  20,  leave out second “data”

 

Member’s explanatory statement

 

This amendment changes a reference to a “data controller” into a reference to a “controller” (as

 

defined in Clauses 3 and 32).

 



 
Back to StartNext
 

Revised 14 March 2018