Minor and consequential amendments

Data Protection Bill [Lords] – in the House of Commons at 6:00 pm on 9th May 2018.

Alert me about debates like this

Amendments made: 92, page 216, line 1, leave out sub-paragraph (2) and insert—

“( ) In subsection (2), for ‘issued under section 52B (data-sharing code) of the Data Protection Act 1998” substitute “prepared under section 121 of the Data Protection Act 2018 (data-sharing code) and issued under section 124(4) of that Act’.”

This amendment replaces a consequential amendment of section 19AC of the Registration Service Act 1953. The new wording makes clear that the code referred to is the data-sharing code prepared under Clause 121 and issued under Clause 124(4).

Amendment 93, page 216, line 29, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Parliamentary Commissioner Act 1967 and is consequential on NC15.

Amendment 94, page 217, line 2, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Local Government Act 1974 and is consequential on NC15.

Amendment 95, page 217, line 17, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Local Government Act 1974 and is consequential on NC15.

Amendment 96, page 223, line 38, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Health Service Commissioners Act 1993 and is consequential on NC15.

Amendment 97, page 224, line 12, at end insert—

“, with the exception of section 62 and paragraphs 13, 15, 16, 18 and 19 of Schedule 15 (which amend other enactments)”.

This amendment provides that certain provisions of the Data Protection Act 1998, which amend other enactments, are not to be repealed.

Amendment 98, page 231, line 19, , leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Scottish Public Services Ombudsman Act 2002 and is consequential on NC15.

Amendment 99, page 236, line 2, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Public Services Ombudsman (Wales) Act 2005 and is consequential on NC15.

Amendment 100, page 236, line 36, , leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Commissioner for Older People (Wales) Act 2006 and is consequential on NC15.

Amendment 101, page 239, line 34, leave out sub-paragraph (2) and insert —

“( ) In subsection (6), for ‘issued under section 52B (data-sharing code) of the Data Protection Act 1998” substitute “prepared under section 121 of the Data Protection Act 2018 (data-sharing code) and issued under section 124(4) of that Act’.”

This amendment replaces a consequential amendment of section 45E of the Statistics and Registration Service Act 2007. The new wording makes clear that the code referred to is the data-sharing code prepared under Clause 121 and issued under Clause 124(4).

Amendment 102, page 245, line 2, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the English language text of the Welsh Language (Wales) Measure 2011 and is consequential on NC15.

Amendment 103, page 245, line 6, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Welsh language text of the Welsh Language (Wales) Measure 2011 and is consequential on NC15.

Amendment 104, page 252, line 9, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Public Services Ombudsman Act (Northern Ireland) 2016 and is consequential on NC15.

Amendment 105, page 253, line 9, leave out “160” and insert—

“(Applications in respect of urgent notices)”

This amendment amends a consequential amendment to the Justice Act (Northern Ireland) 2016 and is consequential on NC15.

Amendment 106, page 254, line 23, leave out sub-paragraph (2) and insert—

“( ) In subsection (2), for ‘issued under section 52B (data-sharing code) of the Data Protection Act 1998’ substitute ‘prepared under section 121 of the Data Protection Act 2018 (data-sharing code) and issued under section 124(4) of that Act’.”

This amendment replaces a consequential amendment of section 43 of the Digital Economy Act 2017. The new wording makes clear that the code referred to is the data-sharing code prepared under Clause 121 and issued under Clause 124(4).

Amendment 107, page 254, line 37, leave out sub-paragraph (2) and insert—

“( ) In subsection (2), for ‘issued under section 52B (data-sharing code) of the Data Protection Act 1998’ substitute ‘prepared under section 121 of the Data Protection Act 2018 (data-sharing code) and issued under section 124(4) of that Act’.”

This amendment replaces a consequential amendment of section 52 of the Digital Economy Act 2017. The new wording makes clear that the code referred to is the data-sharing code prepared under Clause 121 and issued under Clause 124(4).

Amendment 108, page 255, line 13, leave out sub-paragraph (2) and insert—

“( ) In subsection (2), for ‘issued under section 52B (data-sharing code) of the Data Protection Act 1998’ substitute ‘prepared under section 121 of the Data Protection Act 2018 (data-sharing code) and issued under section 124(4) of that Act’.”

This amendment replaces a consequential amendment of section 60 of the Digital Economy Act 2017. The new wording makes clear that the code referred to is the data-sharing code prepared under Clause 121 and issued under Clause 124(4).

Amendment 109, page 255, line 28, leave out sub-paragraph (2) and insert—

“( ) In subsection (2), for ‘issued under section 52B (data-sharing code) of the Data Protection Act 1998’ substitute ‘prepared under section 121 of the Data Protection Act 2018 (data-sharing code) and issued under section 124(4) of that Act’.”

This amendment replaces a consequential amendment of section 70 of the Digital Economy Act 2017. The new wording makes clear that the code referred to is the data-sharing code prepared under Clause 121 and issued under Clause 124(4).

Amendment 110, page 257, line 12, at end insert—

This amendment amends a consequential amendment to the Estate Agents (Specified Offences) (No. 2) Order 1991 to include a reference to the offence in NC14.

Amendment 111, page 260, line 8, at end insert —

“Data Protection (Corporate Finance Exemption) Order 2000 (S.I. 2000/184)

238A The Data Protection (Corporate Finance Exemption) Order 2000 is revoked.

Data Protection (Conditions under Paragraph 3 of Part II of Schedule 1) Order 2000 (S.I. 2000/185)

238B The Data Protection (Conditions under Paragraph 3 of Part II of Schedule 1) Order 2000 is revoked.

Data Protection (Functions of Designated Authority) Order 2000 (S.I. 2000/186)

238C The Data Protection (Functions of Designated Authority) Order 2000 is revoked.

Data Protection (International Co-operation) Order 2000 (S.I. 2000/190)

238D The Data Protection (International Co-operation) Order 2000 is revoked.

Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations 2000 (S.I. 2000/191)

238E The Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations 2000 are revoked.

Consumer Credit (Credit Reference Agency) Regulations 2000 (S.I. 2000/290)

238F In the Consumer Credit (Credit Reference Agency) Regulations 2000, regulation 4(1) and Schedule 1 (statement of rights under section 9(3) of the Data Protection Act 1998) are revoked.

Data Protection (Subject Access Modification) (Health) Order 2000 (S.I. 2000/413)

238G The Data Protection (Subject Access Modification) (Health) Order 2000 is revoked.

Data Protection (Subject Access Modification) (Education) Order 2000 (S.I. 2000/414)

238H The Data Protection (Subject Access Modification) (Education) Order 2000 is revoked.

Data Protection (Subject Access Modification) (Social Work) Order 2000 (S.I. 2000/415)

238I The Data Protection (Subject Access Modification) (Social Work) Order 2000 is revoked.

Data Protection (Crown Appointments) Order 2000 (S.I. 2000/416)

238J The Data Protection (Crown Appointments) Order 2000 is revoked.

Data Protection (Processing of Sensitive Personal Data) Order 2000 (S.I. 2000/417)

238K The Data Protection (Processing of Sensitive Personal Data) Order 2000 is revoked.

Data Protection (Miscellaneous Subject Access Exemptions) Order 2000 (S.I. 2000/419)

238L The Data Protection (Miscellaneous Subject Access Exemptions) Order 2000 is revoked.

Data Protection (Designated Codes of Practice) (No. 2) Order 2000 (S.I. 2000/1864)

238M The Data Protection (Designated Codes of Practice) (No. 2) Order 2000 is revoked.”

This amendment revokes a number of Orders and regulations made under Parts 1, 2, 4 and 6 of the Data Protection Act 1998.

Amendment 112, page 264, line 15, at end insert—

“Data Protection (Processing of Sensitive Personal Data) (Elected Representatives) Order 2002 (S.I. 2002/2905)

276A The Data Protection (Processing of Sensitive Personal Data) (Elected Representatives) Order 2002 is revoked.

Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426)

276B The Privacy and Electronic Communications (EC Directive) Regulations 2003 are amended as follows.

276C In regulation 2(1) (interpretation), in the definition of “the Information Commissioner” and “the Commissioner”, for “section 6 of the Data Protection Act 1998” substitute “the Data Protection Act 2018”.

276D (1) Regulation 4 (relationship between these Regulations and the Data Protection Act 1998) is amended as follows.

(2) The existing text becomes sub-paragraph (1).

(3) In that sub-paragraph, for “the Data Protection Act 1998” substitute “the data protection legislation”.

(4) After that sub-paragraph insert—

“(2) In this regulation—

“the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section3 of that Act);

“personal data” and “processing” have the same meaning as in Parts 5 to 7 of that Act (see section3(2), (4) and (14) of that Act).”

(3) Regulation 2(2) and (3) (meaning of certain expressions) do not apply for the purposes of this regulation.”

(5) In the heading of that regulation, for “the Data Protection Act 1998” substitute “the data protection legislation”.”

This amendment revokes an Order made under paragraph 10 of Schedule 3 to the Data Protection Act 1998. It also makes consequential amendments of the Privacy and Electronic Communications (EC Directive) Regulations 2003. See also the transitional provision in NS3.

Amendment 113, page 265, line 45, at end insert—

“Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 (S.I. 2004/3244)

286A In regulation 3(1) of the Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004, omit “the appropriate limit referred to in section 9A(3) and (4) of the 1998 Act and”.”

This amendment amends provision about the appropriate limit for the purposes of section 9A of the Data Protection Act 1998 and section 12 of the Freedom of Information Act 2000 in consequence of the repeal of the Data Protection Act 1998.

Amendment 114, page 273, line 19, at end insert—

“Data Protection (Processing of Sensitive Personal Data) Order 2006 (S.I. 2006/2068)

302A The Data Protection (Processing of Sensitive Personal Data) Order 2006 is revoked.”

This amendment revokes an Order made under paragraph 10 of Schedule 3 to the Data Protection Act 1998.

Amendment 115, page 279, line 20, at end insert—

“or section (Destroying or falsifying information and documents etc) of that Act (destroying or falsifying information and documents etc);”

This amendment amends a consequential amendment to the Companies (Disclosure of Address) Regulations 2009 to include a reference to the offence in NC14.

Amendment 116, page 280, line 10, at end insert—

“or section (Destroying or falsifying information and documents etc) of that Act (destroying or falsifying information and documents etc);”

This amendment amends a consequential amendment to the Overseas Companies Regulations 2009 to include a reference to the offence in NC14.

Amendment 117, page 280, line 31, at end insert—

“Data Protection (Processing of Sensitive Personal Data) Order 2009 (S.I. 2009/1811)

321A The Data Protection (Processing of Sensitive Personal Data) Order 2009 is revoked.”

This amendment revokes an Order made under paragraph 10 of Schedule 3 to the Data Protection Act 1998.

Amendment 118, page 283, line 7, at end insert—

“Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 (S.I. 2010/31)

329A The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 are revoked.”

This amendment revokes an Order made under sections 55A and 55B of the Data Protection Act 1998.

Amendment 119, page 284, line 43, at end insert—

“Data Protection (Monetary Penalties) Order 2010 (S.I. 2010/910)

338A The Data Protection (Monetary Penalties) Order 2010 is revoked.”

This amendment revokes an Order made under section 55E of the Data Protection Act 1998.

Amendment 120, page 287, line 39, at end insert—

“Data Protection (Processing of Sensitive Personal Data) Order 2012 (S.I. 2012/1978)

347A The Data Protection (Processing of Sensitive Personal Data) Order 2012 is revoked.”

This amendment revokes an Order made under paragraph 10 of Schedule 3 to the Data Protection Act 1998.

Amendment 121, page 289, line 20, at end insert—

“Data Protection (Assessment Notices) (Designation of National Health Service Bodies) Order 2014 (S.I. 2014/3282)

357A The Data Protection (Assessment Notices) (Designation of National Health Service Bodies) Order 2014 is revoked.”

This amendment revokes an Order made under section 41A of the Data Protection Act 1998.

Amendment 122, page 290, line 9, at end insert—

“or section (Destroying or falsifying information and documents etc) of that Act (destroying or falsifying information and documents etc);”

This amendment amends a consequential amendment to the Companies (Disclosure of Date of Birth Information) Regulations 2015 to include a reference to the offence in NC14.

Amendment 123, page 293, line 11, leave out “; or”

See the explanatory statement for Amendment 124.

Amendment 124, page 293, line 14, after “notice);” insert—

“or section (Destroying or falsifying information and documents etc) of that Act (destroying or falsifying information and documents etc);””

(i) section (Destroying or falsifying information and documents etc) of that Act (destroying or falsifying information and documents etc);””

This amendment makes a further consequential amendment to the Register of People with Significant Control Regulations 2016 to include a reference to the offence in NC14.

Amendment 125, page 294, line 16, at end insert—

“(ea) section (Information orders) (information orders);”

This amendment and Amendment 131 apply new Clause NC13, with a modification, for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 126, page 294, line 18, at end insert—

“(ga) section (Destroying or falsifying information and documents etc) (destroying or falsifying information and documents etc);”

This amendment applies new Clause NC14 for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 127, page 294, line 34, at end insert—

“(ta) section (Applications in respect of urgent notices) (applications in respect of urgent notices);

(tb) section 173 (jurisdiction);”

This amendment and Amendment 135 apply new Clause NC15 and Clause 173, with modifications, for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 128, page 295, line 16, at end insert—

“(3) In that section, subsection (2) has effect as if paragraph (a) were omitted.”

This amendment is consequential on Amendment 28. It amends consequential provision applying Clause 141 of the Bill, with modifications, for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 129, page 295, line 24, after “143” insert—

“or (Destroying or falsifying information and documents etc)”

This amendment is consequential on NC14 and Amendment 126. It amends consequential provision applying Clause 142(7) of the Bill, with modifications, for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 130, page 295, line 27, at beginning insert—

“section (Destroying or falsifying information and documents etc) or”

This amendment is consequential on NC14 and Amendment 126. It amends consequential provision applying Clause 142(8) of the Bill, with modifications, for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 131, page 295, line 27, at end insert—

“Modification of section (Information orders) (information orders)

4A Section (Information orders)(2)(b) has effect as if for “section141(2)(b)” there were substituted “section141(2)”.”

See the explanatory statement for Amendment 125.

Amendment 132, page 295, line 38, after “(8)” insert “, (8A)”.

This amendment is consequential on Amendment 38. It amends consequential provision applying Clause 144 of the Bill, with modifications, for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 133, page 295, line 40, at end insert—

“(d) subsection (8A)(a) has effect as if for “as described in section146(2) or that an offence under this Act” there were substituted “to comply with the eIDAS requirements or that an offence under section 143 or (Destroying or falsifying information and documents etc) or paragraph 15 of Schedule15”.”

This amendment is consequential on Amendment 38. It amends consequential provision applying Clause 144 of the Bill for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 134, page 297, line 18, after “143” insert—

“or (Destroying or falsifying information and documents etc)”

This amendment is consequential on NC14 and Amendment 126. It amends consequential provision applying paragraph 1 of Schedule 15 to the Bill, with modifications, for the purposes of enforcing the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the eIDAS Regulation (defined in the 2016 Regulations).

Amendment 135, page 298, line 38, at end insert—

“Modification of section173 (jurisdiction)

18A (1) Section 173 has effect as if subsections (2)(c) and (d) and (3) were omitted.

(2) Subsection (1) of that section has effect as if for “subsections (3) and (4)” there were substituted “subsection (4)”.”

See the explanatory statement for Amendment 127.

Amendment 136, page 299, line 9, after “143,” insert—

“(Destroying or falsifying information and documents etc),”

See the explanatory statement for Amendment 126.

Amendment 137, page 299, line 10, after “143” insert—

“or (Destroying or falsifying information and documents etc)”

See the explanatory statement for Amendment 126.

Amendment 138, page 302, line 39, at end insert—

“Data Protection (Charges and Information) Regulations 2018 (S.I. 2018/480)

396A In regulation 1(2) of the Data Protection (Charges and Information) Regulations 2018 (interpretation), at the appropriate places insert—

““data controller” means a person who is a controller for the purposes of Parts 5 to 7 of the Data Protection Act 2018 (see section3(6) and (14) of that Act);”;

““personal data” has the same meaning as in Parts 5 to 7 of the Data Protection Act 2018 (see section3(2) and (14) of that Act);”.” .—(Margot James.)

This amendment makes consequential amendments to the Data Protection (Charges and Information) Regulations 2018.

Photo of Rosie Winterton Rosie Winterton Deputy Speaker (Second Deputy Chairman of Ways and Means)

I will now suspend the House for no more than five minutes in order to make a decision about certification. The Division bells will be rung two minutes before the House resumes. Following certification, a Minister will move the appropriate consent motion, copies of which will be available in the Vote Office and will be distributed by Doorkeepers.

Sitting suspended.

On resuming—

Photo of Rosie Winterton Rosie Winterton Deputy Speaker (Second Deputy Chairman of Ways and Means) 6:43 pm, 9th May 2018

I can now inform the House that I have completed certification of the Bill, as required by the Standing Order. I have confirmed the view expressed in the Speaker’s provisional certificate issued on 8 May. Copies of the final certificate will be made available in the Vote Office and on the parliamentary website.

Under Standing Order No. 83M, a consent motion is therefore required for the Bill to proceed. Copies of the motion are available in the Vote Office and on the parliamentary website, and have been made available to Members in the Chamber. Does the Minister intend to move the consent motion?

Photo of Margot James Margot James The Minister of State, Department for Culture, Media and Sport

indicated assent.

The House forthwith resolved itself into the Legislative Grand Committee (England and Wales) (Standing Order No. 83M).

[Dame Rosie Winterton in the Chair]

Photo of Rosie Winterton Rosie Winterton Deputy Speaker (Second Deputy Chairman of Ways and Means) 6:44 pm, 9th May 2018

I remind hon. Members that if there is a Division, only Members representing constituencies in England and Wales may vote. As the knife has fallen, there can be no debate.

Motion made, and Question put forthwith (Standing Order No. 83M(5)),

That the Committee consents to the following certified clauses of the Data Protection Bill [Lords]

Clauses certified under SO No. 83L(2) as relating exclusively to England and Wales and being within devolved legislative competence

Clause 190 of the Bill, as amended in Public Bill Committee (Bill 190).—(Margot James.)

Question agreed to.

The occupant of the Chair left the Chair to report the decision of the Committee (Standing Order No. 83M(6)).

The Deputy Speaker resumed the Chair; decision reported.

Photo of Pete Wishart Pete Wishart Shadow SNP Spokesperson (Constitution), Shadow SNP Leader of the House of Commons, Chair, Scottish Affairs Committee

On a point of order, Madam Deputy Speaker. I hope the House takes the time to consider very seriously the fact that once again English Members have not had the opportunity to debate the critical issues in clause 190, which has been certified. What can you do, Madam Deputy Speaker, to ensure that English Members in the English Parliament get the opportunity to debate those critical English-only issues?

Photo of Rosie Winterton Rosie Winterton Deputy Speaker (Second Deputy Chairman of Ways and Means)

That is not a point of order.

Third Reading

Queen’s and Prince of Wales’s consent signified.

Photo of Matthew Hancock Matthew Hancock The Secretary of State for Digital, Culture, Media and Sport 6:46 pm, 9th May 2018

I beg to move, That the Bill be now read the Third time.

What a great pleasure this is. The Bill gives people more power and control over their lives online while supporting innovation and entrepreneurship in the digital age. It will deliver real benefits across the country and help our businesses to compete and trade abroad. Strong data protection laws give customers confidence in the products and services that they buy, and that is good for business. The Bill provides a full data protection framework as we leave the EU, consistent with the general data protection regulation.

We have heard many things during our debates in the Chamber and in Committee, including concerns about small businesses. I reassure colleagues that the Information Commissioner’s Office has produced specific advice for them, as well as detailed advice for charities and local government.

The Bill provides a bespoke tech framework that is tailored to the needs of our criminal justice agencies and the intelligence services. That will protect the rights of victims, witnesses and suspects while making sure that we can tackle the changing nature of the global threats that the UK faces.

The Bill has received coverage from around the world, including Australia, the Philippines and, indeed, Suffolk. Let me be clear: the Bill is about preparing Britain for the future. As we leave the EU, the Bill sets out full spectrum data protection legislation, and I hope that the House will give it its Third Reading.

I am very grateful for the way in which the House has engaged with the Bill. I want to put on record my thanks to many people: my hon. Friend the Minister for Digital and the Creative Industries, in particular, for her sterling work day in, day out; my predecessor, who is now Northern Ireland Secretary, who worked hard with me on the Bill before her promotion; the Under-Secretary of State for the Home Department, my hon. Friend Victoria Atkins, for grappling with the Bill in a brand new brief; the Digital, Culture, Media and Sport Committee, whose members made many contributions; the Public Bill Committee; the Information Commissioner herself, with whom we have worked very closely on the Bill and who is a great star; and the Whips, Clerks, Committee Chairs, Mr Speaker and the Deputy Speakers. They have all been of great assistance. I also thank the Front-Bench teams of Her Majesty’s loyal Opposition, the Scottish National party and other parties for, on the whole, their highly constructive attitude to this important legislation.

The Bill that we send back to the other place has been improved in three key respects. First, we have made good on the promises made by Lord Ashton in the other place. For instance, we have delivered certainty for patient support groups—a cause passionately championed by my noble Friend Baroness Neville-Jones. We have provided reassurance for those on the frontline, safeguarding the emotional, physical and mental health of some of our most vulnerable citizens. We have legislated for a statutory review of the private enforcement provisions of the Bill, which will ensure that we leave no stone unturned in our search for strong and effective oversight of data controllers, particularly where children are concerned.

Secondly, the House has ensured that we have learned the lessons from the Cambridge Analytica scandal, which exploded during the passage of the Bill. The ongoing investigation into that is unprecedented in its scale and importance. We have increased the powers of the Information Commissioner to ensure she has enough resources. Some say that that scandal put data protection at the top of the news. Some even say it made data protection sexy. With the Bill, we can be assured that the Information Commissioner will have the powers that she needs to ensure that those who flout the law are held to account for their actions. I want particularly to thank the Digital, Culture, Media and Sport Committee for its proposals, which we took on board to strengthen the Bill in response to that scandal. Finally, we have ensured that when it comes to the freedom of the press, we are prepared for the future, not stuck in the past.

The Bill will give people more control over their data, support businesses in their use of data and prepare Britain for Brexit. Over a generation, the Data Protection Act 1998, which this Bill replaces, has commanded broad public consensus and cross-party support. That has been one of its strengths. I hope that this Bill will gain cross-party support on Third Reading so that no matter the debate on some of the points of detail, we will have a broad consensus behind our data protection approach here in the UK for the years to come, because that is one of the strengths of our digital economy—a digital economy that is powering ahead. I hope that the Bill can add to the fundamental underpinnings of the strength of our economy and our society for the future. I commend it to the House.

Photo of Tom Watson Tom Watson Deputy Leader of the Labour Party, Shadow Secretary of State for Digital, Culture, Media and Sport 6:52 pm, 9th May 2018

I refer hon. Members to my entry in the Register of Members’ Financial Interests. I want to thank all the individuals and organisations that submitted evidence and participated in the discussions about what we all know to be a fiendishly complicated Bill. I am grateful to the Clerks, the Hansard reporters and the Doorkeepers for making the passage of the Bill possible.

Given that this is a fiendishly complicated Bill, we put forward our best team on the Public Bill Committee. I particularly thank my Labour Front-Bench colleagues—my right hon. Friend Liam Byrne and my hon. Friend Louise Haigh—who are both the brightest of their generation. I would also like to thank my hon. Friends the Members for Ogmore (Chris Elmore), for Bristol North West (Darren Jones) and for Cambridge (Daniel Zeichner), and Members of other Opposition parties, who made great contributions to the Bill. The contributions in today’s debate from my right hon. Friend Edward Miliband, Mr Clarke and Christine Jardine were intelligent, wise and moving.

Our position has always been that we do not oppose the Bill. We recognise that it contains a number of measures that need to be passed into law by the end of this month, and we have never had any interest in standing in the way of the broad thrust of the Bill or most of its contents. However, we have had a number of specific concerns, and we have sought to improve some parts of the Bill. We have little time to dwell on those issues, but I would like to mention a couple.

We believe that the proposals for a data bill of rights were strong and had merit. They would have created a statutory code of enforceable rights, including the right of the individual to access all their data held or controlled by organisations and large social media companies. With our SNP colleagues, we have also debated how the Home Office will receive a wide exemption when processing the data of newcomers to this country. Given its recent record, the Home Office is not a Department to which we want to give new sweeping powers over personal data. Keeping this exemption is a continuation of the hostile environment, and we should be ashamed that it remains in the Bill.

Our biggest disappointment, however, is that we did not convince enough Members to commence part 2 of the Leveson inquiry. The victims were solemnly promised that this inquiry would be completed, and today this House has let them down. However, we consider this unfinished business, and I have to say to the Secretary of State that when he is in the twilight of his political career—careers in this place always end in such a way—he will come to regret his decision to side so stridently with the press barons against the victims.

To conclude, the Bill is necessary, but there have been missed opportunities. There has been a missed opportunity to correct the sins of the past on Leveson, and also a failure to look at how we should begin to deal with the future of data capitalism and its impact on people in the new digital age. I hope that the Government will continue to engage on these issues in the coming weeks and months, and we will continue to press them on the subject of citizens’ data rights.

Photo of Peter Heaton-Jones Peter Heaton-Jones Conservative, North Devon 6:56 pm, 9th May 2018

It is a pleasure to be able to speak briefly at the conclusion of our proceedings on the Bill. I have followed it with interest throughout all its stages, and I had the pleasure of sitting on the Public Bill Committee. I echo what has been said about the fine contributions made by Members on both sides of the House at all stages, and I thought that the Committee was extraordinarily well conducted. I particular enjoyed my light-hearted sparring with Liam Byrne, and the people at BBC Radio Essex will have been delighted that they got a disproportionate amount of airtime as a result.

This is a good Bill. Data protection is incredibly important—and increasingly so. The Bill has successfully navigated the choppy waters that are coming towards us, created by the need for the GDPR to be implemented in only about 14 days’ time. If I may say so, the Secretary of State and his entire team have navigated those waters with skill and elegance to ensure that we in the UK now have legislation that does what it needs to do as far as the GDPR is concerned, on which I congratulate them. The Government, the House and the other place have looked into this matter very carefully and rigorously, and they have arrived at what I think is a good package of measures that will do what it needs to do as far as data protection is concerned.

My interest has been on the amendments concerning press regulation, as Members on both sides of the House will remember. I believe that the House has reached the right decision on what started off as an amendment in the other place and what was set out in new clause 18 today. Not to go ahead with Leveson 2 is the right decision. However, I agree with the sentiment that we must keep the victims of what will undoubtedly still be a difficult press environment at the centre of our thinking. It is important that we have not lost the opportunity to do that, and I know the Secretary of State and his team will continue to do so, but I think we have got the balance right today.

I congratulate the whole ministerial team and all those who have taken part in these deliberations. I have followed with interest the arguments made by Members on both sides.

Photo of Matthew Hancock Matthew Hancock The Secretary of State for Digital, Culture, Media and Sport

My hon. Friend mentioned some people he wanted to thank, and there is one other person I want to thank: my hon. Friend Vicky Ford. She was involved with the development of the GDPR in the European Parliament right from the start, and I want to put on the record our thanks, and my personal thanks, for her guidance. She has lived with the Bill for far longer than anybody else in the Chamber.

Photo of Peter Heaton-Jones Peter Heaton-Jones Conservative, North Devon

Yet another mention for Essex, where people will be absolutely delighted.

This is the Government getting on with business. We promised that we would do this in our manifesto, on which we were elected, and we have got on with and delivered it. I will be delighted to see the Bill reaching the statute book. This is the Government delivering what they need to deliver, and doing it in a very rigorous, elegant and clever way. This is a digital Bill for the digital age, and I am pleased to support it.

Question put and agreed to.

Bill accordingly read the Third time and passed, with amendments.