House of Commons Hansard Debates for 19 Feb 1990

Column 729

limited in the way in which the powers could be exercised. Perhaps when my hon. Friend the Minister winds up he will comment on that. I was intrigued by the amendments in part II of the schedule. Paragraph 3 contains an interesting change because the words "rules, guidance, arrangements or restrictions"

are to be removed and the words

"rules, statements of principle, regulations, codes of practice, guidance, arrangements or practices"

are to be substituted. It looks as if someone sat down with a lexicon or perhaps "Roget's Thesaurus" and tried to discover all the variations of the word "rules", having previously come up with only four.

Why are "statements of principle" suddenly involved in the legislation? The House has been advised that this is merely a technical order. If so, why is it necessary to introduce something as fundamental as "statements of principle"? The original statement of principle in section 28 of the Data Protection Act 1984 included substantial exclusions. No doubt hon. Members will recall that. Those were exclusions of any information concerning

"(a) the prevention or detection of crime ;

(b) the apprehension or prosecution of offenders ; or

I was on the Committee that examined that Bill in 1984 and for the life of me I could not think what other activity could not be covered by those exclusions, especially in the case of financial services. I am at a loss to understand why it is now necessary to include a new statement of principle in the entry relating to the functions under chapter XIV of part I of the Data Protection Act 1984, in place of the words

"rules, guidance, arrangements or restrictions."

Similarly, I am unsure why codes of practice are to be included. I imagine that that is because codes of practice, whether statutory or non-statutory, may have a binding effect on any regulations that are relevant under the order. Again, an explanation is needed. Even more intriguing is that, whereas in our original assessment, under part II of the Act there appears the word "restrictions", it no longer appears in the new form of words. I am again at a loss to understand why. I hope that my hon. Friend the Minister will deal with those important matters when he winds up.

The overall purpose of the order is to keep up to date the general principle of allowing the Secretary of State to keep secret such information as may be deemed to be sensitive in connection with a prosecution for fraud or a related offence of dishonesty. I take the extremely relevant point made by the hon. Member for Kingston upon Hull, West, when he outlined the delicate balance that must be struck between the general principle of providing access to confidential information on the data subject--which is the cardinal principle, laid down by the European convention--and the convention's recognition of the right to exclude information in certain sensitive categories. It is entirely reasonable to update the 1987 order. Throughout data protection legislation, not only in Australia and the United States but elsewhere, there runs the well- recognised principle that financial services markets and the investigation of fraud or dishonesty should legitimately be an exempted area. I am not sure that the order could not be more narrowly drawn. Whenever such orders are laid before the House, the onus should be

Column 730

on the Government to demonstrate that not one jot of personal information shall be withhld from subject access unless there is concrete justification. I believe that that was the thrust of the argument of the hon. Member for Kingston upon Hull, West, and I agree that that should be the case.

In respect of financial services investigations in particular, secrecy is all. Were the subject of such an investigation to be given any idea that information was held about him, he could take advantage of that knowledge to arrange his affairs so as to gain protection under the umbrella that the order will constitute. In that context, you, Mr. Deputy Speaker, will be aware of the current cases, which are sub judice, in which it is clear that information relating to the availability of knowledge on subject access could have been relevant to persons who have been charged with an offence.

Mr. Randall : We all agree on the principles of the order. As to whether the list is too big or too small, I still contend that there is no way of assessing that and whether the Government have gone too far down the path to secrecy.

Mr. Norris : Given that section 28 of the Data Protection Act 1984 draws exemptions as wide as

"the assessment or collection of any tax or duty",

the hon. Member makes a good point. My hon. Friend the Minister must make it clear that he has examined every detail of the order's applicability to information held about a data subject--and he must assure himself that in no way, and in no particular, does the subject access provision need further modification so as to allow the form of access to which the hon. Gentleman referred.

Clearly, it is important that the order receives the approval of the House, and I am sure that the hon. Member for Kingston upon Hull, West agrees that there is no virtue in legislation that is hamstrung by not being related to other current legislation. To the extent to which the amendments contained in the order bring matters into line with the Companies Act 1989, obviously we cannot refuse to approve it. Nevertheless, the general principles of the European convention, which provide that in all but exceptional circumstances a data subject should have access to information held about him or her, are so important that, whenever such a measure comes before the House, it is vital that the Minister presenting it is assured that it is drawn as narrowly as practicable, to provide necessary confidentiality. I have always believed that, when Governments are in doubt, they should as a general principle be prepared to tell citizens what is done in their name. That principle should particularly guide my right hon. and hon. Friends, and I am grateful for the support for it shown by Opposition Members. That principle ensures that a democracy works to serve the people and is not governed in turn by officials who can hide behind a cloak of secrecy.

In that context, my hon. Friend the Minister has some further explaining to do. However, in terms of the order's general principles and of the necessity to ensure that existing measures are updated in line with the Companies Act 1989, I commend it to the House. I trust that, when my hon. Friend winds up, he will give the officials in the Box something to do this evening and answer the points that I raised.

I recall being invited to serve on the Committee considering the Data Protection Bill after my hon. Friend the Member for Watford (Mr. Garel- Jones) approached

Column 731

me in the Lobby and asked, "What do you know about data protection?" When I replied, "Nothing," I found myself instantly on the Committee. That was the first on which I served on entering the House in 1983, and the principle of knowing nothing initially has stood me in good stead. I have applied it in respect of every other Committee on which I have served. However, aware as I am of the detailed nature of the order, I commend to my hon. Friend the Minister a thorough review of all the options available to him. 8.27 pm

Mr. Harry Cohen (Leyton) : I congratulate the hon. Member for Epping Forest (Mr. Norris) on a very good speech. He is one of the few right hon. and hon. Members to make sense of data protection legislation. As he said, his experience goes back to the Committee that considered the Data Protection Bill. He played an honourable role then and has done so since in respect of data protection matters, in ensuring that orders such as this are not so widely drawn that they make it impossible for individuals to be certain of their rights. Exemptions may be allowable in cases of fraud, but they should be clearly spelt out. I am sure that the hon. Member for Epping Forest agrees that there should be a role for the Data Protection Registrar.

The Minister said that the order is not controversial. That may be true on the surface, because its wording is bland and vague--I suspect, deliberately so. However, the denial of access rights is not so non- controversial to the subject concerned. Last Tuesday, the Under-Secretary of State for Education and Science, the hon. Member for Wantage (Mr. Jackson), said of the Data Protection Act 1984 : "The Act--which was passed under the present Government--provides valuable protection for the individual, while recognising the need for controlled exchange in the use of personal data. The Government are wholly committed to the enforcement of the Act through the Office of the Data Protection Registrar."-- [Official Report, 15 February 1990 ; Vol. 167, c.470.]

The Government claim it as a credit, but the Data Protection Act 1984 is one of the worst in Europe. The Data Protection Registrar is powerless over enforcement of exemptions. Within four days of that statement, we are debating the order, and we can see the true nature of the Government's thinking on the Data Protection Act. They have put before the House an order which does the complete opposite of what the Minister said they would do.

The order is just what it seems. First, it removes protection from the individual. Secondly, it removes any enforcement powers from the Data Protection Registrar. The Minister shakes his head, but the DPR is powerless over subject access exemptions. Thirdly, it provides no real information to the House concerning details of the orders. The Minister made a comment about the purpose of the order in relation to fraud. The order amends another order--the Data Protection (Regulation of Financial Services etc.) (Subject Access Exemptions) Order 1987. Together, both orders list more than 230 statements about withholding rights of access to personal data from data subjects. When SI 1987/1905 was debated in the House, very little information was provided about it, even though some of the statements in the statutory instrument seemed quite broad. For example, in the middle of page 5, we find the words :

Column 732

"Any functions of making available information for purposes or otherwise in connection with any functions specified in this Schedule in relation to Acts".

Apart from being gobbledegook, when one considers that paragraph closely, one sees that the schedule to which it refers was a very broad schedule which became virtually open-ended when the exemptions were made. The order before us is exactly similar, and it is equally generous with its wording. For example, paragraph 4 would insert : "Functions of Secretary of State or designated agency under Chapter XV of Part I."

I understand that to mean all functions of all designated agencies. That is a very broad order.

The hon. Member for Epping Forest quite rightly said that orders about access exemptions should be drawn very narrowly, so that the House and the public can see exactly what is being allowed, and will know what exemptions will affect the right of individuals to see personal data, and when the DPR cannot get involved.

I also note that, as with SI 1905, the Government have not provided any detailed reason that I can see why an individual's rights are being removed. Although the orders contain 230 statements or functions, they contain little detail about why we should refuse an individual access to personal data. The House is in the dark about how the exemptions will apply in practice. The only light that has been shed on the matter was in the Minister's statement tonight, at the beginning of the debate. This situation should be unacceptable to the House. Each subject access exemption represents a significant diminution of an individual's rights. Consequently, each exemption should be considered most carefully. Once allowed, an exemption is total, and once it is applied, the individual is powerless to do anything about it.

In paragraph 220 of his fifth annual report, the Data Protection Registrar summarises what a subject access exemption means, saying : "The individual does not know that the data user has applied a subject access exemption and is in no position to make an appeal to test whether the data user has been properly applied or not." Mr. Butterfill : Will the hon. Gentleman tell me to which of the functions under section 30 he considers that this should not apply? Does he exclude dishonesty or incompetence, malpractice or the investigation of bankruptcy? Does he not agree that other people need protection, as well as the person who is being investigated?

Mr. Cohen : Of course. I also think that exemption should be clearly defined ; but we do not need 230 different statements of where they should apply. In a moment, I shall come to a particular example where I think subject access exemption may be applied, but let me finish the paragraph that I was talking about.

I cannot understand why it is not possible for the Government to produce clear explanatory notes, such as notes on clauses, before they put a whole range of personal data into an information black hole. The notes would explain why a subject access exemption was necessary, so that we could judge the validity of the Minister's arguments in every one of the 230 cases.

One case in which the exemptions could be misused is in the use of black lists. We know from debates in Committee on the Employment Bill that companies are using blacklists. They adversely affect individuals, perhaps because they are in a trade union or are involved in politics--which is their democratic right. Companies keep that

Column 733

sort of information about people on their computers. An individual might want to get access to that information, but if it conveniently comes under one of those 230 statements, and so has become a subject access exemption, the individual will not even know that he is on a blacklist, judging from what the DPR said in his report. If he finds out, he will not get access to data because the law will have been changed by the broad wording in the order to make blacklists exempt.

Mr. Butterfill : I am puzzled by what the hon. Gentleman is saying. It seems to me that we are considering an order that is limited to data protection for the regulation of financial services. I cannot see that a blacklist against an individual could have any connection with the regulation of financial services in the way that he suggests. Surely it has more to do with protection of the public from fraud and other undesirable practices, and I am sure that even the hon. Gentleman would not object to that.

Mr. Cohen : The Financial Services Act 1986 was a thick Act and took a lot of time and consideration in the House. It had many clauses that could relate to blacklisting.

A trade unionist might want information about a takeover because it affected the jobs of union members. The company could say that the union was affecting financial services and its stock market quote, and therefore it would use its subject access exemption to stop them getting the information. That could easily happen, because the Financial Services Act was so broadly drawn.

I wish to raise further questions concerning the statements on the first page of the order that it was made

"after consultation with the Data Protection Registrar". The Minister quoted that. I wish to enlarge on the subject of those consultations. Did the registrar agree with the Minister's wording of the order? Did he have any advice for the Minister, and was any of that advice ignored? I think that the House should know exactly what the DPR said.

For example, did the DPR draw the Minister's attention to paragraph 232 on page 87 of his fifth annual report :

"Exemptions from subject access right should be strictly limited and very carefully defined"?

If the DPR was being consistent, he would give such advice. I should be interested to hear whether he did, and what the Minister's response was. As the Government have had two full years of operation to report on how the exemptions in SI 1905 have worked in practice, will the Minister say how many times subject access has been refused under the 1987 order?

Did the registrar raise during the consultation process his advice in paragraph 221 of the fifth annual report :

"I recommend that data users should be required to keep a log of the cases in which subject access exemption is relied upon and the reasons for using the exemption"?

Has the Minister any views on that advice, which I should have thought the House would regard as reasonable?

Such questions are important, especially considering the Minister who will exercise the power and control the many functions that facilitate subject access exemptions. That Minister will be the Secretary of State for Trade and Industry, who is better known for his work in pursuit of privatisation than for his work to protect privacy. Privacy

Column 734

comes very low on his list of priorities. He was the one who introduced the poll tax, which has smashed privacy to smithereens, yet we are to give him powers over it under the order. That hardly inspires confidence.

Mr. Butterfill : Does the hon. Gentleman agree that my right hon. Friend the Secretary of State for Trade and Industry is also known for his rigorous pursuit of wrongdoers and that his action in trying to eliminate fraud and in dealing sympathetically with investors in Barlow Clowes shows him in a rather different light from that in which the hon. Gentleman seeks to portray him?

Mr. Cohen : I shall not go into the issues surrounding Barlow Clowes

Madam Deputy Speaker (Miss Betty Boothroyd) : That is a good thing.

Mr. Cohen : But deeds speak louder than words, and we have not had great actions from the Secretary of State to tackle the wrongdoers. The multi-billion pound fraudsters have not been dragged through the courts by the Secretary of State. Recently, the right hon. Gentleman took to court a case for which his Department was so badly prepared that the procedings collapsed in a shambles. The hon. Gentleman is on the wrong tack in saying that the Secretary of State for Trade and Industry has a good reputation in this matter ; the right hon. Gentleman's actions do not support that claim.

Mr. Michael Stern (Bristol, North-West) : Does the hon. Gentleman agree that much of the work of the Department of Trade and Industry--under whomever happens to be the Secretary of State--leads to major trials? I am not allowed to name the trial that started last week but, with his known fairness, the hon. Gentleman will agree that that trial could not have started and could not be expected, as it is, to last about six months--

Madam Deputy Speaker : Order. The hon. Member for Leyton (Mr. Cohen) has stuck perfectly to the motion, and I am sure that he will continue to do so.

Mr. Cohen : I shall not pursue that line, Madam Deputy Speaker. My response to the hon. Member for Bournemouth, West (Mr. Butterfill) emphasised my view : many of the trials collapse in a shambles, and the wrongdoers have not been hauled before the courts and made to pay back the money of which they have robbed shareholders and the public.

Mr. Butterfill : Will the hon. Gentleman give way?

Mr. Cohen : No, I shall not give way ; you, Madam Deputy Speaker, have asked me not to pursue these matters, but to stick to the order.

Mr. Butterfill : My point relates specifically to the order.

Mr. Cohen : In that case, I give way to the hon. Gentleman.

Mr. Butterfill : Does the hon. Gentleman accept that the order extends the ability of the Secretary of State to co-operate with investigators and regulators overseas? In view of the increasingly international nature of fraud, does the hon. Gentleman agree that the order represents a valuable contribution to the investigation of fraud?

Column 735

Mr. Cohen : Of course we need links with overseas crimebusters to bust crime internationally, and I support that, but I do not think that the order will necessarily contribute greatly to that task. It is more likely to affect the individual's rights of privacy, which should be preserved. Such rights may be just as much affected by a bland and vague order such as this as big criminals may be affected by it. That is what concerns me, and that is why the order should be more tightly drawn, as the hon. Member for Epping Forest said.

Mr. Gary Waller (Keighley) : I have listened with great care to what the hon. Gentleman has said, and so far it has been very theoretical. He has had access to the reports of the Data Protection Registrar. The key question that we must all ask ourselves concerning the alteration is whether there are data to which the subject would previously have had access and which would have been useful to him which he is now to be denied. Can the hon. Gentleman give practical examples from the reports to which he has had access to demonstrate that fact?

Mr. Cohen : Yes, my speech has been theoretical, but when the order is passed, a number of individuals will be denied the right to information that companies hold about them. At the moment, individuals have the right to information, and we are denying them that right. The examples will come after the order has been passed. I gave the House one example--that of a trade unionist trying to get information in a blacklisting case. Practical problems will arise when people are denied their subject access rights.

All that the House can say about the order is this : first, we do not have enough information about how it will work in practice ; secondly, we cannot tell whether it is drawn too widely, although in my view it is. We should ask the Minister for clearer information, and further detail should be given to the House on how the exemptions will apply in practice. Otherwise, abuses will occur and the House will be sending out the message that we do not really care about individuals' rights.

I am getting rather tired of the Government's boasting, as the Under- Secretary of State for Education and Science boasted last Tuesday, that the Data Protection Act provides valuable protection for the individual, only to undermine that Act by orders such as this. I advise hon. Members that, when they read words like "valuable protection for the individual" in Hansard, they should immediately understand them as having the same meaning when used by Ministers as if they had been used by Al Capone.

8.48 pm

Mr. John Butterfill (Bournemouth, West) : I support the objectives of the order but I must join some of my Friends and Opposition Members in saying that the explanatory memorandum that accompanies the order is somewhat less than helpful--and nor is the English in which it is couched particularly easy to follow.

The order would amend a large number of existing Acts and previous orders, and perhaps it would help if I ran through them. We are amending not only the Data Protection Act 1984 but the Companies Acts 1985 and 1989 and the Financial Services Act 1986.

Mr. Randall : They are consequential amendments.

Column 736

Mr. Butterfill : I agree that they are consequential amendments, but they are amendments nevertheless. The interrelationship of the Acts and the other orders that we are amending is complex. It would have been much more helpful if the explanatory note had contained more information so that we could understand how the legislation interacts. Instead, hon. Members have been left to work it out for themselves--in my case, by a somewhat convoluted process. I am not an expert in such matters. However, I have done my best.

Mr. Stern : May I underline my hon. Friend's point by saying that, when hon. Members are presented with an explanatory note, it always seems to be couched in a form of English in which "explanatory" is the exact reverse of the truth. With your permission, Madam Deputy Speaker, I shall put the first sentence on the record so that those who read Hansard can appreciate in all their beauty the triple convolutions of the so-called prose that is supposed to explain what the order means. The explanatory note reads :

"Section 30 of the Data Protection Act 1984 provides that personal data"--

subject--

"held for the purpose of discharging statutory functions"-- "functions" becomes a subsidiary subject--

"which are designated by the Secretary of State"--

new subject--

"by an order"--

further new subject--

"made under that section"--

further new subject, although we have now forgotten which section is being referred to--

"shall be exempt from the subject access provisions"--

a triple noun--

"of the Act in any case in which the application of those provisions to the data"--

by now we have completely forgotten what data we are talking about--

"would be likely to prejudice the proper discharge of those functions."

Whoever wrote that sentence should enrol immediately in a course on clear English, because the one thing that that sentence is not is explanatory.

Mr. Butterfill : My hon. Friend anticipates precisely the point that I intended to make. If he reads the second part of the explanatory note, the abuse of English and the defeat of the vaulting imagination of hon. Members will become even more apparent. It says :

"Schedule 1 to the Data Protection (Regulation of Financial Services etc.) (Subject Access Exemption) Order 1987 ( the 1987 Order') designates functions for the purposes of section 30. The Schedule to this Order"--

if my hon. Friends can follow which order we are now talking about--

"contains amendments to the 1987 Order"--

if we can remember which order we are talking about--

"which are consequential upon the implementation of the Companies Act 1989 ( the 1989 Act'). Part I of the Schedule, which comes into force on 21st February 1990, amends the entry relating to section 447 of the Companies Act 1985 (Secretary of State's powers to require production of documents) and designates functions under sections 83, 84 and 88 of the 1989 Act"--

I defy, you, Madam Deputy Speaker, or anybody else to remember which 1989 Act we are now talking about--

"(powers exercisable to assist overseas regulatory authorities). Part II of the Schedule to this Order, which comes into force on 15th March 1990, contains amendments relating to functions under the Financial Services Act 1986."

Column 737

If that is supposed to be an explanatory note, we need to send some of our officials on a course in plain English.

Mr. Cohen : Does the hon. Gentleman realise that he and the hon. Member for Bristol, North-West (Mr. Stern) may be on dangerous ground by criticising the explanatory note? I was a member of a Statutory Instruments Committee, with my hon. Friend the Member for Kingston upon Hull, West (Mr. Randall), that considered official secrets. When we criticised the explanatory note, the Home Office Minister said that he had written it himself. Perhaps we could be told whether the Under-Secretary of State for the Home Department wrote this explanatory note which, as the hon. Members for Bournemouth, West (Mr. Butterfill) and for Bristol, North-West have said, is gobbledegook. If the Minister wrote it, they will be on dangerous ground for having criticised the grammatical efforts of their own Minister.

Mr. Butterfill : At the risk of being proved wrong, my hon. Friend the Minister's command of the English language is a model of clarity and eloquence. Therefore, I am confident that the explanatory note was not drafted by him personally. No doubt he will confirm that when he responds to the debate.

Mr. Stern : To pursue this line of argument, does my hon. Friend agree that we shall soon be demanding an explanatory note to the explanatory note of instruments of this nature? I am not sure that either my hon. Friend or I would wish public expenditure to be increased to such an extent.

Next Section

Home Page