Session 2017-19
Internet Publications
Other Bills before Parliament


 
 

Notices of Amendments: 15 March 2018                  

78

 

Data Protection Bill-[Lords], continued

 
 

(5)    

An employment tribunal shall not consider a complaint presented under

 

subsection (3) in a case where the decision to which the reference relates was

 

made—

 

(a)    

before the end of the period of 3 months, or

 

(b)    

within such further period as the employment tribunal considers

 

reasonable in a case where it is satisfied that it was not reasonably

 

practicable for the application to be made before the end of that period of

 

3 months.

 

(6)    

Nothing in this section detracts from other rights, freedoms or legitimate interests

 

in this Bill or any other primary or secondary legislation relating to P’s personal

 

data, employment, social security or social protection.”

 

Member’s explanatory statement

 

This new clause would create a right to an explanation in writing from an employer, prospective

 

employer or agent giving the particulars of a decision to which the Right to algorithmic fairness

 

at work applies.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

NC12

 

To move the following Clause—

 

         

“Right to protection of personal data

 

(1)    

A person (“P”) has the right to protection of personal data concerning him or her.

 

(2)    

Personal data must be processed fairly for specified purposes as set out in the

 

GDPR, and in accordance with the provisions, exceptions and derogations of this

 

Act; and on the basis of the consent of P or some other legitimate basis.

 

(3)    

The Information Commissioner shall be responsible for ensuring compliance

 

with the rights contained within this section.”

 

Member’s explanatory statement

 

This new clause would incorporate Article 8 of the Charter of Fundamental Rights of the European

 

Union (Protection of personal data) into the Bill.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

NC13

 

To move the following Clause—

 

         

“Review of Electronic Commerce (EC Directive) Regulations

 

(1)    

The Secretary of State shall lay before both Houses of Parliament a review of the

 

application and operation of the Electronic Commerce (EC Directive)

 

Regulations 2002 in relation to the processing of personal data.


 
 

Notices of Amendments: 15 March 2018                  

79

 

Data Protection Bill-[Lords], continued

 
 

(2)    

A review under subsection (1) shall be laid before Parliament by 31 January

 

2019.”

 

Member’s explanatory statement

 

This new clause would order the Secretary of State to review the application and operation of the

 

Electronic Commerce (EC Directive) Regulations 2002 in relation to the processing of data and

 

lay that review before Parliament before 31 January 2019.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

NC14

 

To move the following Clause—

 

         

“Subsequent transfers

 

(1)    

Where personal data is transferred in accordance with section 109, the

 

transferring controller must make it a condition of the transfer that the data is not

 

to be further transferred to a third country or international organisation without

 

the authorisation of the transferring controller.

 

(2)    

A transferring controller may give an authorisation under subsection (1) only

 

where the further transfer is necessary for the purposes in subsection (2).

 

(3)    

In deciding whether to give the authorisation, the transferring controller must take

 

into account (among any other relevant factors)—

 

(a)    

the seriousness of the circumstances leading to the request for

 

authorisation,

 

(b)    

the purpose for which the personal data was originally transferred, and

 

(c)    

the standards for the protection of personal data that apply in the third

 

country or international organisation to which the personal data would be

 

transferred.”

 

Member’s explanatory statement

 

This new clause would place meaningful safeguards on the sharing of data by the intelligence

 

agencies.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

NC15

 

To move the following Clause—

 

         

“Automated number plate recognition

 

(1)    

The Secretary of State shall issue a code of practice in connection with the

 

operation by the police of automated number plate recognition systems.


 
 

Notices of Amendments: 15 March 2018                  

80

 

Data Protection Bill-[Lords], continued

 
 

(2)    

Any code of practice under subsection (1) shall conform to section 67 of the

 

Police and Criminal Evidence Act 1984.”

 

Member’s explanatory statement

 

This new clause requires the Secretary of State to issue a code of practice in connection with the

 

operation by the police of automated number plate recognition systems.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

NC16

 

To move the following Clause—

 

         

“Code on processing personal data in education

 

(1)    

The Commissioner must consult on, prepare and publish a code of practice on

 

standards to be followed in relation to the collection, processing, publication and

 

other dissemination of personal data concerning children and pupils in connection

 

with the provision of education services, which relates to the rights of data

 

subjects, appropriate to their capacity and stage of education.

 

(2)    

Before preparing a code or amendments under this section the Commissioner

 

must consult the Secretary of State and such other persons as the Commissioner

 

considers appropriate as set out in Clause 124 (3).

 

(3)    

In preparing a code or amendments under this section, the Commissioner must

 

have regard—

 

(a)    

that children have different capacity independent of age, including pupils

 

who may be in provision up to the age of 25, and

 

(b)    

to the United Kingdom’s obligations under the United Nations

 

Convention on the Rights of the Child, and United Nations Convention

 

on the Rights of Persons with Disabilities.

 

(4)    

For the purposes of subsection (1), “the rights of data subjects” must include—

 

(a)    

measures related to Articles 24(3) (responsibility of the controller), 25

 

(data protection by design and by default) and 32(3) (security of

 

processing) of the GDPR;

 

(b)    

safeguards and suitable measures with regard to Articles 22(2)(b)

 

(automated individual decision-making, including profiling), Recital 71

 

(data subject rights on profiling as regard a child) and 23 (restrictions) of

 

the GDPR;

 

(c)    

the rights of data subjects to object to or restrict the processing of their

 

personal data collected during their education, under Articles 8 (child’s

 

consent to Information Society Services), 21 (right to object to automated

 

individual decision making, including profiling) and 18(2) (right to

 

restriction of processing) of the GDPR;

 

(d)    

where personal data are biometric or special categories of personal data

 

as described in Article 9(1) of the GDPR, the code should set out

 

obligations on the controller and processor to register processing of this

 

category of data with the Commissioner where it concerns a child, or

 

pupil in education; and


 
 

Notices of Amendments: 15 March 2018                  

81

 

Data Protection Bill-[Lords], continued

 
 

(e)    

matters related to the understanding and exercising of rights relating to

 

personal data and the provision of education services.”

 

Member’s explanatory statement

 

This new clause would require the Information Commissioner to consult on, prepare and publish

 

a code of practice on standards to be followed in relation to the collection, processing, publication

 

and other dissemination of personal data concerning children and pupils in connection with the

 

provision of education services.

 


 

Darren Jones

 

Liam Byrne

 

NC17

 

To move the following Clause—

 

         

“Personal data ethics advisory board and ethics code of practice

 

(1)    

The Secretary of State must appoint an independent Personal Data Ethics

 

Advisory Board (“the board”).

 

(2)    

The board’s functions, in relation to the processing of personal data to which the

 

GDPR and this Act applies, are—

 

(a)    

to monitor further technical advances in the use and management of

 

personal data and their implications for the rights of data subjects;

 

(b)    

to monitor the protection of the individual and collective rights and

 

interests of data subjects in relation to their personal data;

 

(c)    

to ensure that trade-offs between the rights of data subjects and the use of

 

management of personal data are made transparently, inclusively, and

 

with accountability;

 

(d)    

to seek out good practices and learn from successes and failures in the use

 

and management of personal data;

 

(e)    

to enhance the skills of data subjects and controllers in the use and

 

management of personal data.

 

(3)    

The board must work with the Commissioner to prepare a data ethics code of

 

practice for data controllers, which must—

 

(a)    

include a duty of care on the data controller and the processor to the data

 

subject;

 

(b)    

provide best practice for data controllers and processors on measures,

 

which in relation to the processing of personal data—

 

(i)    

reduce vulnerabilities and inequalities;

 

(ii)    

protect human rights;

 

(iii)    

increase the security of personal data; and

 

(iv)    

ensure that the access, use and sharing personal data is

 

transparent, and the purposes of personal data processing are

 

communicated clearly and accessibly to data subjects.

 

(4)    

The code must also include guidance in relation to the processing of personal data

 

in the public interest and the substantial public interest.

 

(5)    

Where a data controller or processor does not follow the code under this section,

 

the data controller or processor is subject to a fine to be determined by the

 

Commissioner.

 

(6)    

The board must report annually to the Secretary of State.

 

(7)    

The report in subsection (6) may contain recommendations to the Secretary of

 

State and the Commissioner relating to how they can improve the processing of


 
 

Notices of Amendments: 15 March 2018                  

82

 

Data Protection Bill-[Lords], continued

 
 

personal data and the protection of data subjects’ rights by improving methods

 

of—

 

(a)    

monitoring and evaluating the use and management of personal data;

 

(b)    

sharing best practice and setting standards for data controllers; and

 

(c)    

clarifying and enforcing data protection rules.

 

(8)    

The Secretary of State must lay the report made under subsection (6) before both

 

Houses of Parliament.

 

(9)    

The Secretary of State must, no later than one year after the day on which this Act

 

receives Royal Assent, lay before both Houses of Parliament draft regulations in

 

relation to the functions of the Personal Data Ethics Advisory Board as listed in

 

subsections (2), (3), (4), (6) and (7) of this section.

 

(10)    

Regulations under this section are subject to the affirmative resolution procedure.

 

Member’s explanatory statement

 

This new clause would establish a statutory basis for a Data Ethics Advisory Board.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

NC18

 

To move the following Clause—

 

         

“Targeted dissemination disclosure notice for third parties and others

 

In Schedule 19B of the Political Parties, Elections and Referendums Act 2000

 

(Power to require disclosure), after paragraph 10 (documents in electronic form)

 

insert—

 

“10A (1)  

This paragraph applies to the following organisations and

 

individuals—

 

(a)    

a recognised third party (within the meaning of Part 6);

 

(b)    

a permitted participant (within the meaning of Part 7);

 

(c)    

a regulated donee (within the meaning of Schedule 7);

 

(d)    

a regulated participant (within the meaning of Schedule 7A);

 

(e)    

a candidate at an election (other than a local government

 

election in Scotland);

 

(f)    

the election agent for such a candidate;

 

(g)    

an organisation or a person notified under subsection 2 of this

 

section;

 

(h)    

an organisation or individual formerly falling within any of

 

paragraphs (a) to (g); or

 

(i)    

the treasurer, director, or another officer of an organisation to

 

which this paragraph applies, or has been at any time in the

 

period of five years ending with the day on which the notice

 

is given.

 

      (2)  

An organisation or a person may also be notified in writing by the

 

Electoral Commission that they are subject to an investigation under

 

this paragraph if both—

 

(a)    

the Commission has determined that their activities were

 

intended to have the effect, or were likely to have the effect,


 
 

Notices of Amendments: 15 March 2018                  

83

 

Data Protection Bill-[Lords], continued

 
 

of influencing public opinion in any part of the United

 

Kingdom ahead of a specific election or referendum; and

 

(b)    

the Secretary of State for Foreign and Commonwealth Affairs

 

has notified the Commission in writing that that organisation

 

or person may reasonably supposed be in receipt of funds

 

intended to have such effect, directly or indirectly, from

 

companies domiciled outside the United Kingdom or from the

 

government of any other country.

 

      (3)  

The power to notify a person or organisation under subparagraph 2

 

shall not be available in respect of registered parties or their officers,

 

save where they separately and independently fall into one or more of

 

categories (a) to (i) of subparagraph (1).

 

      (4)  

The Commission may under this paragraph issue at any time a targeted

 

dissemination disclosure notice, requiring disclosure of any settings

 

used to disseminate material which it believes were intended to have

 

the effect, or were likely to have the effect, of influencing public

 

opinion in any part of the United Kingdom, ahead of a specific election

 

or referendum, where the platform for dissemination allows for

 

targeting based on demographic or other information about

 

individuals, including information gathered by information society

 

services.

 

      (5)  

The Commission may supply to the Information Commissioner a copy

 

of any settings disclosed as a result of a targeted dissemination

 

disclosure notice made under subparagraph (4), and the Information

 

Commissioner shall, in relation to any such material, have recourse to

 

the powers available to him or her under Part 6 of the Data Protection

 

Act 2018.

 

      (6)  

A person or organisation to whom such a targeted dissemination

 

disclosure notice is given shall comply with it within such time as is

 

specified in the notice.””

 

Member’s explanatory statement

 

This new clause would amend the Political Parties, Elections and Referendums Act 2000 to allow

 

the Electoral Commission to require disclosure of settings used to disseminate material where the

 

platform for dissemination allows for targeting based on demographic or other information about

 

individuals.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

NC19

 

To move the following Clause—

 

         

“Use of personal data to identify recipients of electoral material

 

In section 143 of the Political Parties, Elections and Referendums Act 2000

 

(Details to appear on electoral material), leave out subsection (6) and insert—

 

“(6)    

The Secretary of State shall, after consulting the Commission, by

 

regulations make provision for and in connection with the imposition of


 
 

Notices of Amendments: 15 March 2018                  

84

 

Data Protection Bill-[Lords], continued

 
 

requirements as to the inclusion in material falling within subsection

 

(1)(b) of the following details, namely—

 

(a)    

the name and address of the promoter of the material; and

 

(b)    

the name and address of any person on behalf of whom the

 

material is being published (and who is not the promoter).””

 

Member’s explanatory statement

 

This new clause amends the Political Parties, Elections and Referendums Act 2000 to empower the

 

Secretary of State to require the inclusion of the name and address of any person on behalf of

 

whom electoral material is being published and who is not the promoter.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

Darren Jones

 

NC20

 

Parliamentary Star    

To move the following Clause—

 

         

“Automated number plate recognition (No. 2)

 

(1)    

Vehicle registration marks captured by automated number plate recognition

 

systems are personal data.

 

(2)    

The Secretary of State shall issue a code of practice in connection with the

 

operation by the police of automated number plate recognition systems.

 

(3)    

Any code of practice under subsection (1) shall conform to section 67 of the

 

Police and Criminal Evidence Act 1984.”

 

Member’s explanatory statement

 

This new clause requires the Secretary of State to issue a code of practice in connection with the

 

operation by the police of automated number plate recognition systems, vehicle registration marks

 

captured by which are to be considered personal data in line with the opinion of the Information

 

Commissioner.

 


 

Liam Byrne

 

Louise Haigh

 

Chris Elmore

 

NC21

 

Parliamentary Star    

To move the following Clause—

 

         

“Targeted dissemination disclosure notice for third parties and others (No. 2)

 

In Schedule 19B of the Political Parties, Elections and Referendums Act 2000

 

(Power to require disclosure), after paragraph 10 (documents in electronic form)

 

insert—

 

“10A (1)  

This paragraph applies to the following organisations and

 

individuals—

 

(a)    

a recognised third party (within the meaning of Part 6);

 

(b)    

a permitted participant (within the meaning of Part 7);

 

(c)    

a regulated donee (within the meaning of Schedule 7);


 
PreviousBack to StartNext
 

Revised 15 March 2018