Session 2017-19
Internet Publications
Other Bills before Parliament


 
 

1

 

House of Commons

 
 

Notices of Amendments

 

given up to and including

 

Thursday 8 March 2018

 

New Amendments handed in are marked thus Parliamentary Star

 

Parliamentary Star - whiteAmendments which will comply with the required notice period at their next appearance

 

Amendments tabled since the last publication: 129 to 170 and NC3 to NC16

 

Public Bill Committee


 

Data Protection Bill [Lords]


 

Note

 

This document includes all amendments tabled to date and includes any

 

withdrawn amendments at the end. The amendments have been arranged in

 

accordance with the Order to be proposed by Margot James.

 


 

Margot James

 

To move, That the Bill be considered in the following order, namely, Clauses 1 to 10,

 

Schedule 1, Clauses 11 to 15, Schedules 2 to 4, Clauses 16 and 17, Schedule 5, Clauses

 

18 to 22, Schedule 6, Clauses 23 to 30, Schedule 7, Clauses 31 to 35, Schedule 8, Clauses

 

36 to 86, Schedules 9 and 10, Clauses 87 to 112, Schedule 11, Clauses 113 and 114,

 

Schedule 12, Clauses 115 and 116, Schedule 13, Clauses 117 and 118, Schedule 14,

 

Clauses 119 to 153, Schedule 15, Clause 154, Schedule 16, Clauses 155 to 181, Schedule

 

17, Clauses 182 to 204, Schedule 18, Clauses 205 to 208, new Clauses, new Schedules,

 

remaining proceedings on the Bill.

 


 

Margot James

 

That, subject to the discretion of the Chair, any written evidence received by the

 

Committee shall be reported to the House for publication.

 



 
 

Notices of Amendments: 8 March 2018                     

2

 

Data Protection Bill-[Lords], continued

 
 

Margot James

 

1

 

Clause  3,  page  2,  line  25,  leave out “personal data” and insert “information”

 

Member’s explanatory statement

 

This amendment and Amendment 2 enable the definition of “processing” to be used in relation to

 

any information, not just personal data.

 

Margot James

 

2

 

Clause  3,  page  2,  line  26,  leave out “personal data, or on sets of personal data” and

 

insert “information, or on sets of information”

 

Member’s explanatory statement

 

See the explanatory statement for Amendment 1.

 

Margot James

 

3

 

Clause  3,  page  2,  line  41,  after “83” insert “and see also subsection (14)(c)”

 

Member’s explanatory statement

 

This amendment is consequential on Amendment 6.

 

Margot James

 

4

 

Clause  3,  page  3,  line  27,  at end insert —

 

“(aa)    

references to Chapter 2 of Part 2, or to a provision of that Chapter, include

 

that Chapter or that provision as applied by Chapter 3 of Part 2;”

 

Member’s explanatory statement

 

This amendment makes clear that references to Chapter 2 of Part 2 in Parts 5 to 7 of the bill

 

include that Chapter as applied by Chapter 3 of Part 2.

 

Margot James

 

5

 

Clause  3,  page  3,  line  28,  leave out “processing and personal data are to processing

 

and personal data” and insert “personal data, and the processing of personal data, are to

 

personal data and processing”

 

Member’s explanatory statement

 

This amendment is consequential on Amendment 1.

 

Margot James

 

6

 

Clause  3,  page  3,  line  29,  at end insert —

 

“(c)    

references to a controller or processor are to a controller or processor in

 

relation to the processing of personal data to which Chapter 2 or 3 of Part

 

2, Part 3 or Part 4 applies.”

 

Member’s explanatory statement

 

This amendment and Amendment 3 make clear that references to controllers and processors in

 

Parts 5 to 7 of the bill are to controllers and processors in relation to processing to which the

 

GDPR, the applied GDPR or Part 3 or 4 of the bill applies.

 



 
 

Notices of Amendments: 8 March 2018                     

3

 

Data Protection Bill-[Lords], continued

 
 

Margot James

 

7

 

Clause  7,  page  5,  line  8,  leave out “a body specified” and insert “body specified or

 

described”

 

Member’s explanatory statement

 

This amendment and Amendment 8 make clear that regulations under Clause 7 may identify an

 

authority or body by describing a type of authority or body, as well as by specifying an authority

 

or body.

 

Margot James

 

8

 

Clause  7,  page  5,  line  13,  after “specified” insert “or described”

 

Member’s explanatory statement

 

See the explanatory statement for Amendment 7.

 


 

Daniel Zeichner

 

140

 

Parliamentary Star    

Clause  8,  page  5,  line  23,  after “includes” insert “but is not limited to,”.

 

Margot James

 

9

 

Clause  8,  page  5,  line  29,  at end insert—

 

“( )    

an activity that supports or promotes democratic engagement.”

 

Member’s explanatory statement

 

This amendment adds a reference to processing of personal data that is necessary for activities

 

that support or promote democratic engagement to Clause 8 (lawfulness of processing: public

 

interest etc).

 

Daniel Zeichner

 

141

 

Parliamentary Star    

Clause  8,  page  5,  line  29,  at end insert “or

 

(e)    

the exercise of research functions by public bodies.”

 

Member’s explanatory statement

 

This amendment would ensure that university researchers and public bodies with a research

 

function are able to use the ‘task in the public interest’ lawful basis for processing personal data,

 

where consent is not a viable lawful basis.

 



 
 

Notices of Amendments: 8 March 2018                     

4

 

Data Protection Bill-[Lords], continued

 
 

Brendan O’Hara

 

Stuart C. McDonald

 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

129

 

Parliamentary Star    

Clause  10,  page  6,  line  19,  leave out subsections (6) and (7).

 

Member’s explanatory statement

 

This amendment would remove delegated powers that would allow the Secretary of State to vary

 

the conditions and safeguards governing the general processing of sensitive personal data.

 


 

Margot James

 

76

 

Schedule  1,  page  123,  line  21,  at beginning insert “Except as otherwise provided,”

 

Member’s explanatory statement

 

This amendment is consequential on Amendments 79, 82 and 90.

 

Margot James

 

77

 

Schedule  1,  page  124,  line  24,  leave out from “subject” to end of line 25

 

Member’s explanatory statement

 

In paragraph 8 of Schedule 1, sub-paragraph (3) contains an exception from the condition in sub-

 

paragraph (1). This amendment would remove from the exception the requirement that the

 

processing is carried out without the data subject’s consent.

 

Margot James

 

78

 

Schedule  1,  page  124,  line  36,  at end insert—

 

“Racial and ethnic diversity at senior levels of organisations

 

8A  (1)  

This condition is met if the processing—

 

(a)    

is of personal data revealing racial or ethnic origin,

 

(b)    

is carried out as part of a process of identifying suitable individuals to

 

hold senior positions in a particular organisation, a type of

 

organisation or organisations generally,

 

(c)    

is necessary for the purposes of promoting or maintaining diversity in

 

the racial and ethnic origins of individuals who hold senior positions

 

in the organisation or organisations, and

 

(d)    

can reasonably be carried out without the consent of the data subject,

 

            

subject to the exception in sub-paragraph (3).

 

      (2)  

For the purposes of sub-paragraph (1)(d), processing can reasonably be carried

 

out without the consent of the data subject only where—

 

(a)    

the controller cannot reasonably be expected to obtain the consent of

 

the data subject, and

 

(b)    

the controller is not aware of the data subject withholding consent.

 

      (3)  

Processing does not meet the condition in sub-paragraph (1) if it is likely to

 

cause substantial damage or substantial distress to an individual.


 
 

Notices of Amendments: 8 March 2018                     

5

 

Data Protection Bill-[Lords], continued

 
 

      (4)  

For the purposes of this paragraph, an individual holds a senior position in an

 

organisation if the individual—

 

(a)    

holds a position listed in sub-paragraph (5), or

 

(b)    

does not hold such a position but is a senior manager of the

 

organisation.

 

      (5)  

Those positions are—

 

(a)    

a director, secretary or other similar officer of a body corporate;

 

(b)    

a member of a limited liability partnership;

 

(c)    

a partner in a partnership within the Partnership Act 1890, a limited

 

partnership registered under the Limited Partnerships Act 1907 or an

 

entity of a similar character formed under the law of a country or

 

territory outside the United Kingdom.

 

      (6)  

In this paragraph, “senior manager”, in relation to an organisation, means a

 

person who plays a significant role in—

 

(a)    

the making of decisions about how the whole or a substantial part of

 

the organisation’s activities are to be managed or organised, or

 

(b)    

the actual managing or organising of the whole or a substantial part of

 

those activities.

 

      (7)  

The reference in sub-paragraph (2)(b) to a data subject withholding consent

 

does not include a data subject merely failing to respond to a request for

 

consent.”

 

Member’s explanatory statement

 

Part 2 of Schedule 1 describes types of processing of special categories of personal data which

 

meet the requirement in Article 9(2)(g) of the GDPR (processing necessary for reasons of

 

substantial public interest) for a basis in UK law (see Clause 10(3)). This amendment adds to Part

 

2 of Schedule 1 certain processing of personal data for the purposes of promoting or maintaining

 

diversity in the racial and ethnic origins of individuals who hold senior positions in organisations.

 

Margot James

 

79

 

Schedule  1,  page  125,  line  3,  at end insert—

 

    “( )  

If the processing consists of the disclosure of personal data to a competent

 

authority, or is carried out in preparation for such disclosure, the condition in

 

sub-paragraph (1) is met even if, when the processing is carried out, the

 

controller does not have an appropriate policy document in place (see

 

paragraph 5 of this Schedule).

 

Member’s explanatory statement

 

This amendment, and Amendment 80, provide that where processing falling within paragraph 9 of

 

Part 2 of Schedule 1 (preventing or detecting unlawful acts) consists of, or is carried out in

 

preparation for, the disclosure of personal data to a competent authority, the condition in that

 

paragraph is met even if the controller does not have an appropriate policy document in place

 

when the processing is carried out.

 

Margot James

 

80

 

Schedule  1,  page  125,  line  4,  at end insert—

 

““competent authority” has the same meaning as in Part 3 of this Act (see

 

section 30).”

 

Member’s explanatory statement

 

See the explanatory statement for Amendment 79.


 
 

Notices of Amendments: 8 March 2018                     

6

 

Data Protection Bill-[Lords], continued

 
 

Margot James

 

81

 

Schedule  1,  page  125,  line  16,  at end insert—

 

“Regulatory requirements relating to unlawful acts and dishonesty etc

 

10A(1)  

This condition is met if—

 

(a)    

the processing is necessary for the purposes of complying with, or

 

assisting other persons to comply with, a regulatory requirement

 

which involves a person taking steps to establish whether another

 

person has—

 

(i)    

committed an unlawful act, or

 

(ii)    

been involved in dishonesty, malpractice or other seriously

 

improper conduct,

 

(b)    

in the circumstances, the controller cannot reasonably be expected to

 

obtain the consent of the data subject to the processing, and

 

(c)    

the processing is necessary for reasons of substantial public interest.

 

      (2)  

In this paragraph—

 

“act” includes a failure to act;

 

“regulatory requirement” means—

 

(a)    

a requirement imposed by legislation or by a person in exercise

 

of a function conferred by legislation, or

 

(b)    

a requirement forming part of generally accepted principles of

 

good practice relating to a type of body or an activity.”

 

Member’s explanatory statement

 

Part 2 of Schedule 1 describes types of processing of special categories of personal data which

 

meet the requirement in Article 9(2)(g) of the GDPR (processing necessary for reasons of

 

substantial public interest) for a basis in UK law (see Clause 10(3)). This amendment adds to Part

 

2 of Schedule 1 certain processing of personal data for the purposes of complying with, or assisting

 

others to comply with, a regulatory requirement.

 

Margot James

 

82

 

Schedule  1,  page  125,  line  35,  at end insert—

 

    “( )  

The condition in sub-paragraph (1) is met even if, when the processing is

 

carried out, the controller does not have an appropriate policy document in

 

place (see paragraph 5 of this Schedule).”

 

Member’s explanatory statement

 

This amendment provides that the condition in paragraph 11 of Part 2 of Schedule 1 (journalism

 

etc in connection with unlawful acts and dishonesty etc) is met even if the controller does not have

 

an appropriate policy document in place when the processing is carried out.

 

Margot James

 

83

 

Schedule  1,  page  126,  line  22,  at end insert—

 

“Support for individuals with a particular disability or medical condition

 

13A(1)  

This condition is met if the processing—

 

(a)    

is carried out by a not-for-profit body which provides support to

 

individuals with a particular disability or medical condition,

 

(b)    

is of a type of personal data falling within sub-paragraph (2) which

 

relates to an individual falling within sub-paragraph (3),


 
 

Notices of Amendments: 8 March 2018                     

7

 

Data Protection Bill-[Lords], continued

 
 

(c)    

is necessary for the purposes of—

 

(i)    

raising awareness of the disability or medical condition, or

 

(ii)    

providing support to individuals falling within sub-paragraph

 

(3) or enabling such individuals to provide support to each

 

other,

 

(d)    

can reasonably be carried out without the consent of the data subject,

 

and

 

(e)    

is necessary for reasons of substantial public interest.

 

      (2)  

The following types of personal data fall within this sub-paragraph—

 

(a)    

personal data revealing racial or ethnic origin;

 

(b)    

genetic data or biometric data;

 

(c)    

data concerning health;

 

(d)    

personal data concerning an individual’s sex life or sexual orientation.

 

      (3)  

An individual falls within this sub-paragraph if the individual is or has been a

 

member of the body mentioned in sub-paragraph (1)(a) and—

 

(a)    

has the disability or condition mentioned there, has had that disability

 

or condition or has a significant risk of developing that disability or

 

condition, or

 

(b)    

is a relative or carer of an individual who satisfies paragraph (a) of this

 

sub-paragraph.

 

      (4)  

For the purposes of sub-paragraph (1)(d), processing can reasonably be carried

 

out without the consent of the data subject only where—

 

(a)    

the controller cannot reasonably be expected to obtain the consent of

 

the data subject, and

 

(b)    

the controller is not aware of the data subject withholding consent.

 

      (5)  

In this paragraph—

 

“carer” means an individual who provides or intends to provide care for

 

another individual other than—

 

(a)    

under or by virtue of a contract, or

 

(b)    

as voluntary work;

 

“disability” has the same meaning as in the Equality Act 2010 (see

 

section 6 of, and Schedule 1 to, that Act).

 

      (6)  

The reference in sub-paragraph (4)(b) to a data subject withholding consent

 

does not include a data subject merely failing to respond to a request for

 

consent.”

 

Member’s explanatory statement

 

Part 2 of Schedule 1 describes types of processing of special categories of personal data which

 

meet the requirement in Article 9(2)(g) of the GDPR (processing necessary for reasons of

 

substantial public interest) for a basis in UK law (see Clause 10(3)). This amendment adds to Part

 

2 of Schedule 1 certain processing of personal data by not-for-profit bodies involved in supporting

 

individuals with a particular disability or medical condition.

 

Margot James

 

84

 

Schedule  1,  page  126,  line  27,  leave out “a reason” and insert “one of the reasons”

 

Member’s explanatory statement

 

This amendment amends paragraph 14(1)(b) of Schedule 1 for consistency with paragraphs 18(2)

 

and 19(2) of that Schedule.


 
Back to StartNext
 

Revised 08 March 2018