Session 2017-19
Internet Publications
Other Bills before Parliament


 
 

1

 

House of Commons

 
 

Thursday 15 March 2018

 

Public Bill Committee Proceedings

 

Data Protection Bill [Lords]


 

[Third and Fourth Sittings]


 

Glossary

 

This document shows the fate of each clause, schedule, amendment and new clause.

 

The following terms are used:

 

Agreed to: agreed without a vote.

 

Agreed to on division: agreed following a vote.

 

Negatived: rejected without a vote.

 

Negatived on division: rejected following a vote.

 

Not called: debated in a group of amendments, but not put to a decision.

 

Not moved: not debated or put to a decision.

 

Question proposed: debate underway but not concluded.

 

Withdrawn after debate: moved and debated but then withdrawn, so not put to a decision.

 

Not selected: not chosen for debate by the Chair.

 

 


 

Darren Jones

 

Negatived on division  152

 

Schedule  6,  page  179,  line  17,  leave out paragraph 2 (as inserted by paragraph 49)

 

and insert—

 

“2         

The Commissioner must, in carrying out the Commissioner’s functions under

 

this Regulation, incorporate with any modifications which he or she considers

 

necessary in any guidance or code of practice which the Commissioner issues,

 

decisions, advice, guidelines, recommendations and best practices issued by

 

the European Data Protection Board established under Article 68 of the GDPR.

 

2A         

The Commissioner must, in carrying out the Commissioner’s functions under

 

this Regulation, have regard to any implementing acts adopted by the

 

Commission under Article 67 of the GDPR (exchange of information).”


 
 

Public Bill Committee Proceedings: 15 March 2018          

2

 

Data Protection Bill-[Lords], continued

 
 

Margot James

 

Agreed to  115

 

Schedule  6,  page  180,  line  2,  leave out sub-paragraph (b) and insert—

 

“(b)    

in paragraph 2, for “Member States” substitute “The Secretary of State”;

 

(c)    

after that paragraph insert—

 

“3         

The power under paragraph 2 may only be exercised by

 

making regulations under section (Duty to review provision

 

for representation of data subjects) of the 2018 Act.”

 

Schedule, as amended, Agreed to.

 

Clauses 23 and 24 Agreed to.

 


 

Margot James

 

Agreed to  17

 

Clause  25,  page  15,  line  40,  leave out “individual” and insert “data subject”

 

Clause, as amended, Agreed to.

 

Clause 26 Agreed to.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Negatived on division  161

 

Clause  27,  page  17,  line  2,  leave out subsection (1) and insert—

 

    

“A Minister of the Crown must apply to a Judicial Commissioner for a certificate,

 

if exemptions are sought from specified provisions in relation to any personal

 

data for the purpose of safeguarding national security.”

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

Not called  162

 

Clause  27,  page  17,  line  5,  at end insert—

 

“(1A)    

The decision to issue the certificate must be—

 

(a)    

approved by a Judicial Commissioner,

 

(b)    

laid before Parliament,

 

(c)    

published and publicly accessible on the Information Commissioner’s

 

Office website.

 

(1B)    

In deciding whether to approve an application under subsection (1), a Judicial

 

Commissioner must review the Minister’s conclusions as to the following

 

matters—


 
 

Public Bill Committee Proceedings: 15 March 2018          

3

 

Data Protection Bill-[Lords], continued

 
 

(a)    

whether the certificate is necessary on relevant grounds,

 

(b)    

whether the conduct that would be authorised by the certificate is

 

proportionate to what it sought to be achieved by that conduct, and

 

(c)    

whether it is necessary and proportionate to exempt all provisions

 

specified in the certificate.” 

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

Not called  163

 

Clause  27,  page  17,  leave out lines 6 to 8 and insert—

 

“(2)    

An application for a certificate under subsection (1)—

 

(a)    

must identify the personal data to which it applies by means of a detailed

 

description, and”

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

Not called  164

 

Clause  27,  page  17,  line  9,  leave out subsection (2)(b)

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

Not called  165

 

Clause  27,  page  17,  line  9,  at end insert—

 

“(c)    

must specify each provision of this Act which it seeks to exempt, and

 

(d)    

must provide a justification for both (a) and (b).”

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

Not called  166

 

Clause  27,  page  17,  line  10,  leave out “directly” and insert “who believes they are

 

directly or indirectly”


 
 

Public Bill Committee Proceedings: 15 March 2018          

4

 

Data Protection Bill-[Lords], continued

 
 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

Not called  167

 

Clause  27,  page  17,  line  12,  leave out “, applying the principles applied by a court

 

on an application for judicial review,”

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

Not called  168

 

Clause  27,  page  17,  line  13,  leave out “the Minister did not have reasonable

 

grounds for issuing” and insert “it was not necessary or proportionate to issue”

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Brendan O’Hara

 

Stuart C. McDonald

 

Not called  169

 

Clause  27,  page  17,  line  16,  at end insert—

 

“(4A)    

Where a Judicial Commissioner refuses to approve a Minister’s application for a

 

certificate under this Chapter, the Judicial Commissioner must give the Minister

 

of the Crown reasons in writing for the refusal.

 

(4B)    

Where a Judicial Commissioner refuses to approve a Minister’s application for a

 

certificate under this Chapter, the Minister may apply to the Information

 

Commissioner for a review of the decision.

 

(4C)    

It is not permissible for exemptions to be specified in relation to—

 

(a)    

Chapter II of the applied GDPR (principles)—

 

(i)    

Article 5 (lawful, fair and transparent processing),

 

(ii)    

Article 6 (lawfulness of processing),

 

(iii)    

Article 9 (processing of special categories of personal data),

 

(b)    

Chapter IV of the applied GDPR—

 

(i)    

GDPR Articles 24 – 32 inclusive,

 

(ii)    

GDPR Articles 35 – 43 inclusive,

 

(c)    

Chapter VIII of the applied GDPR (remedies, liabilities and penalties)—

 

(i)    

GDPR Article 83 (general conditions for imposing

 

administrative fines),

 

(ii)    

GDPR Article 84 (penalties),

 

(d)    

Part 5 of this Act, or

 

(e)    

Part 7 of this Act.”

 

Clause Agreed to.


 
 

Public Bill Committee Proceedings: 15 March 2018          

5

 

Data Protection Bill-[Lords], continued

 
 

Clauses 28 and 29 Agreed to.

 


 

Margot James

 

Agreed to  18

 

Clause  30,  page  19,  line  4,  after “specified” insert “or described”

 

Margot James

 

Agreed to  19

 

Clause  30,  page  19,  line  10,  leave out from “add” to end of line and insert “or

 

remove a person or description of person”

 

Clause, as amended, Agreed to.

 

Schedule 7 Agreed to.

 

Clauses 31 to 34 Agreed to.

 


 

Brendan O’Hara

 

Stuart C. McDonald

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Not called  132

 

Clause  35,  page  21,  line  29,  leave out subsections (6) and (7).

 

Clause Agreed to.

 


 

Margot James

 

Agreed to  116

 

Schedule  8,  page  184,  line  32,  at end insert—

 

“Safeguarding of children and of individuals at risk

 

3A  (1)  

This condition is met if—

 

(a)    

the processing is necessary for the purposes of—

 

(i)    

protecting an individual from neglect or physical, mental or

 

emotional harm, or

 

(ii)    

protecting the physical, mental or emotional well-being of an

 

individual,

 

(b)    

the individual is—

 

(i)    

aged under 18, or

 

(ii)    

aged 18 or over and at risk,


 
 

Public Bill Committee Proceedings: 15 March 2018          

6

 

Data Protection Bill-[Lords], continued

 
 

(c)    

the processing is carried out without the consent of the data subject for

 

one of the reasons listed in sub-paragraph (2), and

 

(d)    

the processing is necessary for reasons of substantial public interest.

 

      (2)  

The reasons mentioned in sub-paragraph (1)(c) are—

 

(a)    

in the circumstances, consent to the processing cannot be given by the

 

data subject;

 

(b)    

in the circumstances, the controller cannot reasonably be expected to

 

obtain the consent of the data subject to the processing;

 

(c)    

the processing must be carried out without the consent of the data

 

subject because obtaining the consent of the data subject would

 

prejudice the provision of the protection mentioned in sub-paragraph

 

(1)(a).

 

      (3)  

For the purposes of this paragraph, an individual aged 18 or over is “at risk” if

 

the controller has reasonable cause to suspect that the individual—

 

(a)    

has needs for care and support,

 

(b)    

is experiencing, or at risk of, neglect or physical, mental or emotional

 

harm, and

 

(c)    

as a result of those needs is unable to protect himself or herself against

 

the neglect or harm or the risk of it.

 

      (4)  

In sub-paragraph (1)(a), the reference to the protection of an individual or of

 

the well-being of an individual includes both protection relating to a particular

 

individual and protection relating to a type of individual.”

 

Schedule, as amended, Agreed to.

 

Clauses 36 to 40 Agreed to.

 


 

Margot James

 

Agreed to  20

 

Clause  41,  page  23,  line  34,  leave out “an individual” and insert “a data subject”

 

Clause, as amended, Agreed to.

 


 

Margot James

 

Agreed to  21

 

Clause  42,  page  24,  line  29,  leave out “with the day” and insert “when”

 

Clause, as amended, Agreed to.

 

Clauses 43 to 46 Agreed to.

 



 
 

Public Bill Committee Proceedings: 15 March 2018          

7

 

Data Protection Bill-[Lords], continued

 
 

Margot James

 

Agreed to  22

 

Clause  47,  page  28,  line  20,  leave out second “data”

 

Clause, as amended, Agreed to.

 

Clauses 48 and 49 Agreed to.

 


 

Brendan O’Hara

 

Stuart C. McDonald

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

Not called  133

 

Clause  50,  page  30,  line  5,  at end insert “, and

 

(c)    

it does not engage the rights of the data subject under the Human Rights

 

Act 1998.”

 

Margot James

 

Agreed to  23

 

Clause  50,  page  30,  line  11,  leave out “21 days” and insert “1 month”

 

Margot James

 

Agreed to  24

 

Clause  50,  page  30,  line  17,  leave out “21 days” and insert “1 month”

 

Clause, as amended, Agreed to.

 


 

Margot James

 

Agreed to  25

 

Clause  51,  page  31,  line  2,  leave out from first “the” to end of line 3 and insert

 

“restriction imposed by the controller was lawful;”

 

Margot James

 

Agreed to  26

 

Clause  51,  page  31,  line  11,  leave out from first “the” to end of line 12 and insert

 

“restriction imposed by the controller was lawful;”

 

Clause, as amended, Agreed to.

 

Clause 52 Agreed to.

 



 
Back to StartNext
 

Revised 15 March 2018