|
|
| |
| |
|
| |
| given up to and including |
|
| |
| New Amendments handed in are marked thus  |
|
| Amendments which will comply with the required notice period at their next appearance
|
|
| Amendments tabled since the last publication: 179 to 229 |
|
| |
| Data Protection Bill [Lords]
|
|
| |
| | This document includes all amendments remaining before the Committee and |
|
| | includes any withdrawn amendments at the end. The amendments have been |
|
| | arranged in accordance with the Order of the Committee 13 March 2018.
|
|
| | |
| |
| |
| | |
| Schedule 6, page 179, line 17, leave out paragraph 2 (as inserted by paragraph 49) |
|
| |
| | “2 | The Commissioner must, in carrying out the Commissioner’s functions under |
|
| | this Regulation, incorporate with any modifications which he or she considers |
|
| | necessary in any guidance or code of practice which the Commissioner issues, |
|
| | decisions, advice, guidelines, recommendations and best practices issued by |
|
| | the European Data Protection Board established under Article 68 of the GDPR. |
|
| | 2A | The Commissioner must, in carrying out the Commissioner’s functions under |
|
| | this Regulation, have regard to any implementing acts adopted by the |
|
| | Commission under Article 67 of the GDPR (exchange of information).” |
|
| |
| | |
| Schedule 6, page 180, line 2, leave out sub-paragraph (b) and insert— |
|
| | “(b) | in paragraph 2, for “Member States” substitute “The Secretary of State”; |
|
|
|
| |
| |
|
| | (c) | after that paragraph insert— |
|
| | ““33 | The power under paragraph 2 may only be exercised by |
|
| | making regulations under section (Duty to review provision |
|
| | for representation of data subjects) of the 2018 Act.” |
|
| | Member’s explanatory statement
|
|
| | This amendment is consequential on NC2. |
|
| |
| |
| | |
| Clause 25, page 15, line 40, leave out “individual” and insert “data subject” |
|
| | Member’s explanatory statement
|
|
| | Clause 25 makes provision about the processing of manual unstructured data used in longstanding |
|
| | historical research. This amendment aligns Clause 25(1)(b)(i) with similar provision in Clause |
|
| | |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, line 2, leave out subsection (1) and insert— |
|
| | | “A Minister of the Crown must apply to a Judicial Commissioner for a certificate, |
|
| | if exemptions are sought from specified provisions in relation to any personal |
|
| | data for the purpose of safeguarding national security.” |
|
| | Member’s explanatory statement
|
|
| | This amendment would introduce a procedure for a Minister of the Crown to apply to a Judicial |
|
| | Commissioner for a National Security Certificate. |
|
| |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, line 5, at end insert— |
|
| | “(1A) | The decision to issue the certificate must be— |
|
| | (a) | approved by a Judicial Commissioner, |
|
| | (b) | laid before Parliament, |
|
| | (c) | published and publicly accessible on the Information Commissioner’s |
|
| | |
| | (1B) | In deciding whether to approve an application under subsection (1), a Judicial |
|
| | Commissioner must review the Minister’s conclusions as to the following |
|
| | |
| | (a) | whether the certificate is necessary on relevant grounds, |
|
| | (b) | whether the conduct that would be authorised by the certificate is |
|
| | proportionate to what it sought to be achieved by that conduct, and |
|
|
|
| |
| |
|
| | (c) | whether it is necessary and proportionate to exempt all provisions |
|
| | specified in the certificate.” |
|
| | Member’s explanatory statement
|
|
| | This amendment would ensure that oversight and safeguarding in the application for a National |
|
| | Security Certificate are effective, requiring sufficient detail in the application process. |
|
| |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, leave out lines 6 to 8 and insert— |
|
| | “(2) | An application for a certificate under subsection (1)— |
|
| | (a) | must identify the personal data to which it applies by means of a detailed |
|
| | |
| | Member’s explanatory statement
|
|
| | This amendment would require a National Security Certificate to identify the personal data to |
|
| | which the Certificate applies by means of a detailed description. |
|
| |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, line 9, leave out subsection (2)(b) |
|
| | Member’s explanatory statement
|
|
| | This amendment would ensure that a National Security Certificate cannot be expressed to have |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, line 9, at end insert— |
|
| | “(c) | must specify each provision of this Act which it seeks to exempt, and |
|
| | (d) | must provide a justification for both (a) and (b).” |
|
| | Member’s explanatory statement
|
|
| | This amendment would ensure effective oversight of exemptions of this Act from the application for |
|
| | a National Security Certificate. |
|
| |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, line 10, leave out “directly” and insert “who believes they are |
|
|
|
| |
| |
|
| |
| | Member’s explanatory statement
|
|
| | This amendment would broaden the application of subsection (3) so that any person who believes |
|
| | they are directly affected by a National Security Certificate may appeal to the Tribunal against the |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, line 12, leave out “, applying the principles applied by a court |
|
| on an application for judicial review,” |
|
| | Member’s explanatory statement
|
|
| | This amendment removes the application to the appeal against a National Security Certificate of |
|
| | the principles applied by a court on an application for judicial review. |
|
| |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, line 13, leave out “the Minister did not have reasonable |
|
| grounds for issuing” and insert “it was not necessary or proportionate to issue” |
|
| | Member’s explanatory statement
|
|
| | These amendments would reflect that the Minister would not be the only authority involved in the |
|
| | process of applying for a National Security Certificate. |
|
| |
| |
| |
| |
| |
| |
| | |
| Clause 27, page 17, line 16, at end insert— |
|
| | “(4A) | Where a Judicial Commissioner refuses to approve a Minister’s application for a |
|
| | certificate under this Chapter, the Judicial Commissioner must give the Minister |
|
| | of the Crown reasons in writing for the refusal. |
|
| | (4B) | Where a Judicial Commissioner refuses to approve a Minister’s application for a |
|
| | certificate under this Chapter, the Minister may apply to the Information |
|
| | Commissioner for a review of the decision. |
|
| | (4C) | It is not permissible for exemptions to be specified in relation to— |
|
| | (a) | Chapter II of the applied GDPR (principles)— |
|
| | (i) | Article 5 (lawful, fair and transparent processing), |
|
| | (ii) | Article 6 (lawfulness of processing), |
|
| | (iii) | Article 9 (processing of special categories of personal data), |
|
| | (b) | Chapter IV of the applied GDPR— |
|
| | (i) | GDPR Articles 24 – 32 inclusive, |
|
| | (ii) | GDPR Articles 35 – 43 inclusive, |
|
|
|
| |
| |
|
| | (c) | Chapter VIII of the applied GDPR (remedies, liabilities and penalties)— |
|
| | (i) | GDPR Article 83 (general conditions for imposing |
|
| | |
| | (ii) | GDPR Article 84 (penalties), |
|
| | (d) | Part 5 of this Act, or |
|
| | |
| | Member’s explanatory statement
|
|
| | This amendment would require a Judicial Commissioner to intimate in writing to the Minister |
|
| | reasons for refusing the Minister’s application for a National Security Certificate and allows the |
|
| | Minister to apply for a review by the Information Commissioner of such a refusal. |
|
| |
| |
| | |
| Clause 30, page 19, line 4, after “specified” insert “or described” |
|
| | Member’s explanatory statement
|
|
| | This amendment changes a reference to persons specified in Schedule 7 into a reference to persons |
|
| | specified or described there. |
|
| |
| | |
| Clause 30, page 19, line 10, leave out from “add” to end of line and insert “or |
|
| remove a person or description of person” |
|
| | Member’s explanatory statement
|
|
| | This amendment makes clear that regulations under Clause 30 may identify a person by describing |
|
| | a type of person, as well as by specifying a person. |
|
| |
| |
| |
| |
| |
| |
| |
| | |
| Clause 35, page 21, line 29, leave out subsections (6) and (7). |
|
| | Member’s explanatory statement
|
|
| | This amendment would remove delegated powers that would allow the Secretary of State to vary |
|
| | the conditions and safeguards governing the general processing of sensitive personal data. |
|
| |
| |
| | |
| Schedule 8, page 184, line 32, at end insert— |
|
|
|
| |
| |
|
| | “Safeguarding of children and of individuals at risk |
|
| | 3A (1) | This condition is met if— |
|
| | (a) | the processing is necessary for the purposes of— |
|
| | (i) | protecting an individual from neglect or physical, mental or |
|
| | |
| | (ii) | protecting the physical, mental or emotional well-being of an |
|
| | |
| | |
| | |
| | (ii) | aged 18 or over and at risk, |
|
| | (c) | the processing is carried out without the consent of the data subject for |
|
| | one of the reasons listed in sub-paragraph (2), and |
|
| | (d) | the processing is necessary for reasons of substantial public interest. |
|
| | (2) | The reasons mentioned in sub-paragraph (1)(c) are— |
|
| | (a) | in the circumstances, consent to the processing cannot be given by the |
|
| | |
| | (b) | in the circumstances, the controller cannot reasonably be expected to |
|
| | obtain the consent of the data subject to the processing; |
|
| | (c) | the processing must be carried out without the consent of the data |
|
| | subject because obtaining the consent of the data subject would |
|
| | prejudice the provision of the protection mentioned in sub-paragraph |
|
| | |
| | (3) | For the purposes of this paragraph, an individual aged 18 or over is “at risk” if |
|
| | the controller has reasonable cause to suspect that the individual— |
|
| | (a) | has needs for care and support, |
|
| | (b) | is experiencing, or at risk of, neglect or physical, mental or emotional |
|
| | |
| | (c) | as a result of those needs is unable to protect himself or herself against |
|
| | the neglect or harm or the risk of it. |
|
| | (4) | In sub-paragraph (1)(a), the reference to the protection of an individual or of |
|
| | the well-being of an individual includes both protection relating to a particular |
|
| | individual and protection relating to a type of individual.” |
|
| | Member’s explanatory statement
|
|
| | Schedule 8 makes provision about the circumstances in which the processing of special categories |
|
| | of personal data is permitted. This amendment adds to that Schedule certain processing of |
|
| | personal data which is necessary for the protection of children or of adults at risk. See also |
|
| | |
| |
| |
| | |
| Clause 41, page 23, line 34, leave out “an individual” and insert “a data subject” |
|
| | Member’s explanatory statement
|
|
| | Clause 41 makes provision about the processing of personal data for archiving purposes, for |
|
| | scientific or historical research purposes or for statistical purposes. This amendment aligns |
|
| | Clause 41(2)(b) with similar provision in Clause 19(2). |
|
| |
|
|
| |
| |
|
| |
| | |
| Clause 42, page 24, line 29, leave out “with the day” and insert “when” |
|
| | Member’s explanatory statement
|
|
| | This amendment is consequential on Amendment 71. |
|
| |
| |
| | |
| Clause 47, page 28, line 20, leave out second “data” |
|
| | Member’s explanatory statement
|
|
| | This amendment changes a reference to a “data controller” into a reference to a “controller” (as |
|
| | defined in Clauses 3 and 32). |
|
| |
| |
| |
| |
| |
| |
| |
| | |
| Clause 50, page 30, line 5, at end insert “, and |
|
| | (c) | it does not engage the rights of the data subject under the Human Rights |
|
| | |
| | Member’s explanatory statement
|
|
| | This amendment would ensure that automated decisions should not be authorised by law if they |
|
| | engage an individual’s human rights. |
|
| |
| | |
| Clause 50, page 30, line 11, leave out “21 days” and insert “1 month” |
|
| | Member’s explanatory statement
|
|
| | Clause 50(2)(b) provides that where a controller notifies a data subject under Clause 50(2)(a) that |
|
| | the controller has taken a “qualifying significant decision” in relation to the data subject based |
|
| | solely on automated processing, the data subject has 21 days to request the controller to |
|
| | reconsider or take a new decision not based solely on automated processing. This amendment |
|
| | extends that period to one month. |
|
| |
| | |
| Clause 50, page 30, line 17, leave out “21 days” and insert “1 month” |
|
| | Member’s explanatory statement
|
|
| | Clause 50(3) provides that where a data subject makes a request to a controller under Clause |
|
| | 50(2)(b) to reconsider or retake a decision based solely on automated processing, the controller |
|
| | has 21 days to respond. This amendment extends that period to one month. |
|
| |
|