Select Committee on European Communities Report


Letter from Lord Tordoff, Chairman of the Committee, to Barbara Roche MP Parliamentary Under-Secretary of State for Small Firms, Trade and Industry, Department of Trade and Industry

  This proposal has been sifted to Sub-Committee E (Law and Institutions) for further consideration. Your Explanatory Memorandum of 20 July draws attention to the fact that the Directive if adopted would require change in our domestic law. I would be grateful if you would supply a detailed note setting out the present legal position, under both English and Scots law, on electronic signatures, their formal requirements, validity and their legal recognition. I would be pleased if this note could be provided on or before 5 October in order that the Sub-Committee can consider the proposed Directive as soon as possible after the summer recess. In the meantime the document remains under scrutiny.

29 July 1998

Letter from Barbara Roche MP, Parliamentary Under-Secretary of State for Small Firms, Trade and Industry, Department of Trade and Industry, to Lord Tordoff, Chairman of the Committee

  The proposal for a Directive on a common framework on electronic signatures was the subject of Explanatory Memorandum (EM) 9708/98, submitted on 20 July 1998. The House of Commons Select Committee cleared it on 29 July 1998 (Report 36, Session 97/98). Your Committee referred it to Sub-Committee E for further consideration and requested on 29 July further information on the present legal position under both English and Scots law.

  I apologise for the time that has passed since your letter on this complex and difficult issue, but I can now provide an answer (enclosed as Appendix A) that I hope you will find of interest.

  I must however bring another matter to your attention, and this is the fact that the Directive itself is now being tabled by the Commission at the 27 November Telecommunications Council for political agreement. Common Position is unlikely to be given until early in 1999 as the European Parliament has not yet considered the proposal.

  Although we believe it unlikely to be agreed, as there are a number of issues where Member States have still to reach agreement, there is still the possibility that agreement will be reached. I am very well aware of the requirement to provide your Committee with an adequate opportunity to scrutinise measures before agreement in Council, however I hope you will appreciate that if the compromise on offer is of direct benefit to the UK I may have to lift the scrutiny reserve.

  I apologise once more for this course of action. I appreciate your concerns in this area and the need to review the information requested.

24 November 1998

Letter from Lord Tordoff, Chairman of the Committee, to Mrs Barbara Roche MP, Parliamentary Under-Secretary of State for Small Firms, Trade and Industry, Department of Trade and Industry

  At its meeting on 16 December Sub-Committee E (Law and Institutions) considered this document. The Committee thanks you for your letter of 24 November on the subject and, in particular, the Appendix setting out the legal position relating to signatures under England and Scots law.

  The Committee noted that the Government has not conducted a formal consultation on this proposal, though it has informally consulted a number of interested parties. The Committee also noted that the Government has concerns over Article 8, dealing with Data Protection. The Committee wishes to be assured that proper consideration has been given to this Article and its implications for the individual's human rights. The Committee would be pleased to receive details and explanations of any changes which may have been made to the text of Article 8 since your Explanatory Memorandum of 20 July. I would also be grateful if you could tell me whether you have consulted the Data Protection Registrar as well as interested bodies such as Justice and, if so, whether they believe Article 8 is necessary and whether it would provide adequate safeguards for the individual.

  I look forward to your reply. In the meantime, the proposed Directive is held under scrutiny.

16 December 1998

Letter from Barbara Roche MP, Parliamentary Under-Secretary of State for Small Firms, Trade and Industry, Department of Trade and Industry, to Lord Tordoff, Chairman of the Committee

  Thank you very much for your letter of 16 December on the important data protection provisions of this proposed directive. I am glad you found the previous information I supplied on the legal position of signatures under English and Scots law useful.

  On Article 8, I can confirm that the existing text (which I attach to this letter) is somewhat different from that in the directive when it was originally proposed by the Commission, and as described in our Explanatory Memorandum of 20 July. Essentially the text has been significantly shortened to take account of concerns which we, and other member States, had in relation to potential confusion between this directive and the Data Protection Directive itself (95/46/EC). We were concerned that service providers should understand that specific clauses in Article 8 did not override the more comprehensive approach in the main directive. An explanation of the current Article clauses (which have been provisionally agreed by all countries) is as follows:

  Article 8(1): Specifically mandates that accreditation arrangements for service providers fully follow requirements of Data Protection Directive.

  Article 8(2): Has been amended to reflect concerns of UK, and other member States, that data collection (when a certificate is being issued to an applicant) can be made from a third party (ie the applicant's bank) but only with the explicit consent of the applicant. Such a change ensures maximum privacy protection of applicant whilst maintaining consumer protection for those relying on the accuracy of certificate.

  Article 8(3): Has been modified to reflect the right (but not the obligation) of certification service providers (CSPs) to offer "pseudonym" certificates.

  Article 8(4): The previous text (which dealt with certain law enforcement aspects concerning "pseudonym" certificates) has been deleted to reflect the different legal investigation practices in member States. As noted in the EM, it would not have been appropriate (with respect to existing legal arrangements) for the UK to agree to provisions mandating the informing of suspects after information pertaining to them had been legally sought from a CSP.

  I trust you will agree that the above represents a credible outcome. It explicitly links the accreditation process to data protection, mandates member States to allow the provision of pseudonym certificates and tightly defines the procedure for CSPs obtaining information from potential clients.

  In terms of consultation, my officials have been active (within the bounds of the confidentiality of working group discussions) in discussing the changes to Article 8 with a number of different bodies and individuals. These include staff at the Office of the Data Protection Registrar and also representatives of the Foundation for Information Policy Research (whom I understand have links with Liberty). Whilst such consultation has raised concerns on the need for explicit links between this directive and the general data protection provisions (hence Article 8.1) there have been no specific problems raised on the changes noted above.

  I trust you will find the above information useful and that it may enable you to release this measure from scrutiny. The German Presidency will be seeking an early common position on the directive in early February, there being a chance that full approval of this important measure may be forthcoming before the European Parliamentary elections.

22 December 1998


Article 8

  Data Protection

  1.  Member States shall ensure that certification service providers and national bodies responsible for accreditation or supervision comply with the requirements laid down in Directive 95/46/EC of the European Parliament and of the Council.

  2.  Member States shall ensure that a certification service provider which issues certificates to the public may collect personal data only directly from or with the explicit consent of the data subject and only insofar as it is necessary for the purposes of issuing and maintaining the certificate. The data may not be collected or processed for any other purposes without the consent of the data subject.

  3.  Without prejudice to the legal effect given to pseudonym under national law, Member States shall not prevent certification service providers from indicating in the certificate a pseudonym instead of the signatory's name.

  4.  [...]

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries

© Parliamentary copyright 1999