Orders of the Day — Data Protection Bill

Part of the debate – in the House of Commons at 9:33 pm on 30 January 1984.

Alert me about debates like this

Photo of Mr David Waddington Mr David Waddington , Ribble Valley 9:33, 30 January 1984

I do not understand the hon. Gentleman's argument. The best way of enabling an individual to discover whether information is held about him is by the system of universal registration, the system which he is attacking.

The right hon. Member for Gorton asked, "Why cannot we inspect our own tax files and our own police files?" We shall be able to do so unless the user brings himself within the exemption in clause 28(2). Information held about a person on a police file which amounts only to his criminal record will not come within the exemption in clause 28(2), as he will see if he reads that provision.

The right hon. Member for Gorton addressed himself to the national security exemption. Clause 27 has been toughened up since the Bill's predecessor was introduced in the previous Parliament. An exemption is allowed by the convention. Most European countries, except for Sweden and France, have wholly exempted national security data. It is well precedented that matters of national security should be left to the certificate of a Minister. That is because only Ministers can be in a position to determine when national security needs to be safeguarded, taking their decision in the light of all the circumstances of the case on the advice available to them. Neither the courts nor the registrar would be able to make that judgment.

My hon. Friend the Member for Thanet, North (Mr. Gale) said that a subject would not be able to go to the tribunal. I remind my hon. Friend that a subject cannot be adversely affected by the registrar's actions. The registrar will be there to act on the subject's behalf, and it is to him that the person will turn for assistance. If he is not satisfied with the action taken by the registrar, he may go to court as a last resort for an order for subject access or for the erasure of any inaccurate data. I remind the House that the tribunal will have a person on it to represent the interests of the data subject. That provision appears in clause 3(5)(b).

My hon. Friend the Member for Thanet, North referred to clause 27 and said that the exemption for national security should be signed only by the Prime Minister or the Home Secretary. That change would not really make very much difference. It certainly would not meet the point made by the Opposition.

The hon. Member for Dundee, East (Mr. Wilson) said that the Bill would enshrine in statute the right of Government Departments to pass on information. It will do nothing of the sort. It will enshrine in statute for the first time the right of an individual to interrogate a Government Department to find out whether it is holding information about him and, if so, what that information comprises.

There is no complete exemption in the Bill for the prevention or detection of crime. Indeed, the police, like other data users, will have to register. We may have made that part of the Bill tougher than it had to be to comply with article 9 of the convention.

My hon. Friend the Member for Ilford, South (Mr. Thorne) was anxious that the scheme should not impose too heavy a burden on industry. We are confident that it will not do so. The explanatory and financial memorandum states that the scheme may cost about £650,000. If that is about right, and if the number of people who have to register is very much lower than has been forecast by some Opposition Members, it should be possible to cover costs with a registration fee as low as £10.

My hon. Friend the Member for Ilford, South mentioned the need to duplicate information in the interests of civil defence. It is common practice in the private sector for users to have a computer available on a separate site which is able to take over if there should be a failure in the main system. Within the Government it is the practice for there to be mutual back-up arrangements whereby individual Government users provide emergency facilities for other users.

My hon. Friend also mentioned the use of codes. He suggested that it would be possible in a computer entry to show whether a man was creditworthy by placing his initials either before or after his surname. However, in clause 21(1) states that if a code is used on a computer, a subject who asks for access must not just be told that there is an asterisk against his name. He must be told what the asterisk connotes. The data subject would have to be told why in some cases the initials appeared in front of the name and, in other cases, after it.

My hon. Friend said that the Bill would allow the transmission of information from one branch of the Home Office to another. If, as is likely, the Home Office continues to have a number of computers, and the entry for each computer states that the intention is to transmit information to the other computers, that will be perfectly proper. The subject will know what is happening, which is the object of the Bill.

The hon. Member for Stretford (Mr. Lloyd) talked about the transfer of information to a third party. That brings us to the kernel of the Bill. Anyone can transfer information to a third party so long as, in his registration particulars, he has said that he intends to do so. If he has not done so, he will be liable to penalties under clause 5.

The hon. Gentleman wondered why expressions of intention were not included in the Bill. They are not included because it is considered that expressions of intention are more personal to the user than to the subject. Opinions, on the other hand, are clearly—