|Previous Section||Back to Table of Contents||Lords Hansard Home Page|
Lord Grabiner: This amendment gives rise to a classic "chicken-and-egg" debate. One should always be wary of such a debate because there may not be a solution readily to hand. The origin of the debate in this context lies in the second paragraph of Article 8 of the convention. That provides:
The point about the Bill is that, if it were to become the law, that would be the law which permits the interference contemplated by paragraph 2 of Article 8. So the result will be that you have in place the Data Protection Act--which ultimately has its origins in these provisions in the human rights convention--and you have the Human Rights Act, both being statutes. In addition, you would then have this Act, if passed, which would be, on this hypothesis, the law.
The practical consequence of this is that the powers under this new Act will have to be exercised in accordance with the requirements of the Data Protection Act, the Human Rights Act and this Act, if passed. I would therefore conclude that it is certainly not necessary to have the safeguards suggested by the noble Lord, Lord Higgins. At the end of the day, if the powers granted under this Act are not properly complied with, there will be a breach of the Data Protection Act. We certainly do not need a provision in this Bill--and ultimately in this Act--to confirm the fact that the Data Protection Act is binding and effective in accordance with its terms. That is why I respectfully suggest that the amendment is not necessary.
Lord Higgins: I am sure that the noble Earl, Lord Russell, is right to say that it is sensible to clear up the data protection points at this stage of the proceedings. That is not to say that we will necessarily have dealt with all the human rights points, although the human rights aspect is part of the data protection argument. Some human rights points will arise later which we could more conveniently raise in detail on clause stand part--we have had detailed representations on the issue--but certainly let us get the Data Protection Act out of the way now.
The noble Earl touched a sensitive point when he referred to confusion over names. I have suffered for many years through confusion with the Terrence Higgins Trust-- although the Terrence is not spelt the same way. While it does excellent work, I am afraid it has over time caused considerable confusion--although I occasionally get contributions, which I duly pass on. It is a sensitive point. I have had to live with
The noble Earl has rightly said that an Act of Parliament can, in one way, do whatever it likes. But clearly it would be undesirable to do something in one Act of Parliament which is in conflict or in dispute with another. I bear in mind the point made by the noble Lord, Lord Grabiner.
Perhaps I may pose one question to the Minister, which she may be able to clarify. If I understood him correctly, the noble Lord seemed to be saying that so far as concerns the doubts about the Data Protection Commission and whether something is done in accordance with law--that if you pass this Act then whatever it says is in accordance with law--as I understand it, that is not the position so far as concerns the Human Rights Act. It has to be in accordance with law in a much broader sense. You cannot simply pass a piece of legislation and that makes it in accordance with law.
It is an important point. We need to be clear whether there is any genuine conflict between what is now proposed by the Government and what is in the Data Protection Act. Perhaps the Minister can enlighten us.
Baroness Hollis of Heigham: As to the question of mistaken identity, I was required to be "of Heigham"--which is my former ward in the city of Norwich--otherwise I was assured, very emphatically, by we all know who, that I would be confused with a certain Lord Holles, I think of the late 17th century--I look to the noble Earl, Lord Russell--who was both illegitimate and died of an unmentionable disease with no heirs. I was told that without being "of Heigham" I would certainly, and regularly, be receiving his correspondence.
We must also ensure that what can be done with personal information is transparent. To this end, we shall ensure that benefit claim forms inform people that the information they give us may be checked with other organisations.
The DSS is also under a duty to tell a person what information we hold about that person, including what we have obtained from other organisations, if he or she makes a subject access request under the Data Protection Act. The only time we should not provide these details is when to do so would jeopardise an ongoing investigation.
In addition, information received from organisations included in the Bill can be passed on to third parties only in circumstances allowed for in the Data Protection Act. Unless we have statutory authority to divulge information, we may do so only if it would help prevent or detect crime. The reference, which was made by my noble friend Lord Grabiner, is to Section 29 of the Data Protection Act, which makes clear that that information may be divulged in those circumstances. In the debate on Amendment No. 1, I sought to make clear that benefit fraud is regarded as high-level fraud for these purposes. Any breach of the Data Protection Act's provisions regarding disclosure could leave an individual subject to criminal proceedings.
I should mention also that the Data Protection Commissioner, or information commissioner as she is now known, could serve us with an enforcement notice if she felt that we had breached our duties under the Data Protection Act. The Data Protection Act is not breached by this Bill. It will govern the way in which we operate our powers under the Bill and is enforceable via an enforcement notice. There is a lot of protection in the system.
The noble Earl, Lord Russell, thought that we needed additional penalties for the misuse of information. Existing legislation already provides very heavy penalties--and rightly so. For example, the Data Protection Act makes it an offence knowingly or recklessly to obtain or disclose information. It is subject to an unlimited fine in a Crown Court, so up to £5,000 in a magistrates' court. The Computer Misuse Act 1990 contains offences relating explicitly to the misuse of computers in order to obtain information.
I assure the Committee that my understanding is that the Bill will not infringe the Data Protection Act. The Data Protection Act will govern the way we operate our powers under this Bill. Should we trespass, then it is enforceable by an enforcement notice. With those assurances, I hope that the noble Lord will feel able to withdraw his amendment.
Lord Higgins: I am grateful to the noble Baroness for such a reassuring response, although I shall need to study what she said. I have just one point requiring clarification. As I understand it, the noble Baroness said that, under the Data Protection Act, anyone drawing social security benefit could serve a form of notice--I have forgotten the Minister's exact form of words--requesting the department to reveal what information it holds on him. Presumably, that would cover the information already available if one wanted to know what one's credit rating was, and so on. But does that mean that an individual can ask to see absolutely everything that the department has obtained with regard to his personal affairs?
Back to Table of Contents
Lords Hansard Home Page