Data Protection Bill [HL] - Second Reading

Part of the debate – in the House of Lords at 4:26 pm on 10th October 2017.

Alert me about debates like this

Photo of Lord McNally Lord McNally Liberal Democrat 4:26 pm, 10th October 2017

My Lords, I am delighted to follow the noble Lord, Lord Stevenson, in this debate. I am a little puzzled, because some months ago I took part in a rather emotional debate where we said farewell to him on the Front Bench and, since then, they seem to have been working him harder than ever. As the Minister will already have gathered from his intervention, although he can look to the noble Lord’s support for the Bill, in many parts it will be like Lenin’s support for the social democrats: like a rope supports the hanging man. We will look forward to working with the noble Lord, Lord Stevenson, on many of the points that he has raised, not least on part 2 of Leveson.

I open this debate for the Liberal Democrats because, as the Minister has already explained, my noble friend Lord Clement-Jones is chairing the Committee on Artificial Intelligence this afternoon. He will return to the fray later in the Bill’s passage to do a lot of the heavy lifting with my noble friend Lord Paddick.

While wishing the Bill well, our approach will be to try to ensure that individuals have to the maximum extent possible control of their own data and that data are used responsibly and ethically by individuals and by both public and private bodies. This will be of particular concern in law enforcement areas where, for example, the use of algorithms throws up concerns about profiling and related matters.

It is clear that the Brexit decision and timetable will cast a long shadow as we debate the Bill. The Information Commissioner, Elizabeth Denham, has already warned that data adequacy status with the EU will be difficult to achieve within the Government’s Brexit timetable and a major obstacle has been erected by the Government themselves. The European withdrawal Bill makes it clear that the EU Charter of Fundamental Rights will not become part of UK law as part of the replication process, yet Article 8 of the charter relating to personal data underpins the GDPR. How then will we secure adequacy without adhering to the charter?

As the noble Lord, Lord Stevenson, indicated, there are many other issues relating to the GDPR and Brexit, particularly the need to examine and test the derogations in the Bill, which I am sure will be raised by colleagues and others and which we will probe further in Committee.

While referring to the Information Commissioner, I put on record our view that the Information Commissioner’s Office must continue to be adequately funded and staffed during this period of great uncertainty. The biggest changes since our debates on the Data Protection Act 1998, or even the early stages of the GDPR, which I was involved in as a Minister at the MoJ from 2010 to 2013, is that the threat to civil liberties and personal freedoms now comes not only from agencies of the state but from corporate power as well.

A week today, on 17 October, the Royal Society of Arts will host a discussion entitled “The Existential Threat of Big Tech”. The promotion for this event says:

“The early 21st century has seen a revolution in terms of who controls knowledge and information. This rapid change has profound consequences for the way we think. Within a few short decades the world has rushed to embrace the products and services of four giant corporations: Amazon, Facebook, Apple and Google. But at what cost?”.

That question prompts an even more fundamental question. We have become accustomed to the idea that some financial institutions are too big to fail. Are we approaching a situation where these global tech giants are too big to regulate? As a parliamentarian and democrat, every fibre of my being tells me that that cannot be so. We have to devise legislation and have the political courage to bring the global tech giants within the compass of the rule of law, not least in their roles as media operators, as the noble Lord, Lord Stevenson, indicated.

These modern tech giants operate in a world where the sense of privacy which was almost part of the DNA of my own and my parents’ generation is ignored with gay abandon by a generation quite willing to trade their privacy for the benefits, material and social, that the new technology provides. That is why we are so indebted to the noble Baroness, Lady Lane-Fox. Her speech in the debate she initiated in this House on 7 September is required reading in approaching the Bill. That speech contains her oft-repeated warning about sleepwalking to digital disaster, but it also robustly champions the opportunities open to a digitally literate society. I know that she will have an ally in my noble friend Lord Storey in championing better and earlier digital education in schools. The noble Lord, Lord Puttnam, recently pointed out that Ofcom already has an existing statutory duty to promote digital education. It will be interesting to learn how Ofcom intends to fulfil that obligation.

The elephant in the room always in discussing a Bill such as this is how we get the balance right between protecting the freedoms and civil liberties that underpin our functioning liberal democracy while protecting that democracy from the various threats to our safety and well-being. The sophisticated use of new technologies by terrorist groups and organised crime means that we have to make a sober assessment of exactly what powers our police and security services need to combat the terrorist attack and disrupt the drug or people trafficker or the money launderer. The fact that those threats are often overlapping and interconnected makes granting powers and achieving appropriate checks and balances ever more difficult.

On the issue of crime fighting, I recently attended a conference in the Guildhall, sponsored by the City of London Corporation, the Atlantic Council and Thomson Reuters. Its title was “Big Data: A Twenty-First Century Arms Race”. It could have been called “Apocalypse Now”, as the threat to business, the state and the individual was outlined, from existing technologies and from those fast approaching and identified. I was encouraged that there seemed to be an appetite in the private sector to co-operate with the police and government to ensure that big data can be effectively tamed to ensure better compliance, improve monitoring and reporting and prevent illicit financial flows. I will be interested to know whether the Government have a similar appetite for public/private co-operation in this area.

One point was made with particular vigour by Thomson Reuters. With offerings such as World-Check, it plays a key role in Europe and globally in helping many private sector firms and public authorities identify potential risks in their supply chains, customers and business relationships. It made it clear that it will be needing a number of clarifications in the Bill so that it will be able to continue to provide its important services, and we will probe those concerns and the concerns of others in the private sector in Committee.

In Committee we will also seek to raise concerns brought to us by Imperial College London and others about the efficacy of Clause 162 on the re-identification of de-identified personal data. We will need to probe whether the clause is the best way of dealing with the problem it seeks to address. I notice that the noble Lord, Lord Stevenson, gave it his approval, as did the Information Commissioner, but it is a legitimate question.

There is no doubt that the greater transparency and availability of data provided by government has contributed to citizens’ better understanding of and access to government information and services, but public concerns remain about the use of data in certain sectors. For example, although there are clear benefits to medical research from giving researchers access to anonymised medical data, it remains a matter of concern to the public, the media and the profession itself. Your Lordships will have received a briefing from the BMA on the matter and I am sure probing amendments will be required in Committee.

I am by nature an optimist, so I believe the noble Baroness, Lady Lane-Fox, when she tells us, as she did in this House a month ago, that,

“we can harness the power of these technologies to address the other great challenges we face”.—[Official Report, 7/9/17; col. 2110.]

In my youth I read Robert Tressell’s The Ragged Trousered Philanthropists, a parable about how working men were complicit in their own exploitation. We are in danger of becoming the 21st century’s ragged trousered philanthropists if we do not have a framework of law by which we can constrain big data from misusing the information we so profligately provide every day in every way.

I do not believe that sprinkling Bills with Henry VIII clauses is an answer to the challenge of future-proofing. Perhaps there is a case for expanding the remit of the National Data Guardian to act as an early warning system on wider data abuse—or that of the Information Commissioner or our own Select Committee—but there is a need. I fear that without some permanent mechanism in place, we will be for ever running up the down escalator trying to match legal protections to technical capacity. But that is no excuse for not trying to improve the Bill before us. We will work with others so to do. Looking at the speaking list, the Minister is not going to be short of good and expert advice on how to do that.