Data Protection Bill [HL] - Commons Amendments

Part of the debate – in the House of Lords at 6:45 pm on 14th May 2018.

Alert me about debates like this

Photo of Lord Ashton of Hyde Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport 6:45 pm, 14th May 2018

My Lords, this group of amendments covers issues that will be familiar to many noble Lords, as it primarily addresses concerns and issues raised in this House last autumn. The Government have remained committed to listening and to improving the Bill. I owe thanks to many noble Lords who brought these issues to our attention.

Commons Amendment 155 would help businesses and other organisations ensure that their boardrooms and senior management levels are truly representative of the workforces they manage and the communities they serve. In November 2016, Sir John Parker published a report which showed that while 14% of the population identified as black, Asian or minority ethnic, only 1.5% of directors in FTSE 100 boardrooms are UK citizens from a minority background. More than half of the FTSE 100 boards are exclusively white. While significant progress has been made in recent years to improve the gender balance in the boardrooms of such companies, the severe underrepresentation of people from minority backgrounds needs to be addressed.

Sir John’s report included a series of recommendations to improve racial and ethnic diversity in the boardroom. He encouraged companies to make better use of executive search firms to identify potential candidates and invite them to be interviewed for managerial vacancies. This amendment would therefore add a new processing condition to Schedule 1 to allow organisations to process personal data about potential candidates’ racial or ethnic origin in identifying suitable candidates for potential managerial positions.

Previously when we discussed the Bill in this House, Thomson Reuters provided a very helpful briefing note setting out how it compiles reports on persons suspected of terrorism, bribery, money laundering, modern slavery and other illegal activities. It then shares this information with the banks to help them avoid engaging with such people and allow them to comply with their regulatory obligations and other internationally recognised guidelines. In response to support for the proposal on all sides, the Government committed to work with Thomson Reuters to bring forward amendments at a later stage of the Bill’s passage. Commons Amendment 158 is the culmination of this work.

I am also pleased to introduce Commons Amendment 160, which would provide for processing by patient support groups, a concern well put by my noble friend Lady Neville-Jones. She spoke movingly on behalf of the patient support group Unique, which manages a register of patients suffering from very rare and sometimes life-limiting chromosomal disorders. Amendment 160 would add a new processing condition to Schedule 1 to provide Unique and groups like it with the legal certainty required for their vital work to continue. I am most grateful to her for her advocacy.

Commons Amendments 162 and 163 relate to data processing for safeguarding purposes. These amendments respond to one tabled on the same issue by the noble Lord, Lord Stevenson, on Report in December. In response to that amendment, I made it clear that the Government were sympathetic to the points raised. These amendments would ensure that sensitive data could be processed without consent in certain circumstances for legitimate safeguarding activities which are in the substantial public interest. The unfortunate reality is that there still exists a great deal of uncertainty under current law about which personal data can be processed for safeguarding purposes. This has resulted, for example, in some organisations withholding information from the police and other law enforcement agencies for fear of breaching data protection law. With these amendments, the Government intend to address this uncertainty by providing relevant organisations with a specific processing condition for processing the most sensitive personal data for safeguarding purposes.

Similarly, a number of other amendments in this group would extend necessary exemptions to certain regulators to ensure that data subjects cannot use data protection laws to undermine their regulatory work. Commons Amendment 178 would provide the Comptroller and Auditor-General of the United Kingdom, and his counterpart in each of the devolved nations, with an exemption from certain provisions of the GDPR where these would be likely to prejudice his statutory functions. Likewise, Amendment 179 would provide an exemption for the Bank of England from the listed GDPR provisions where these could inhibit its ability to exercise its functions. Amendment 183 would provide an exemption for the Scottish Information Commissioner, who regulates freedom of information rather than data protection. Amendment 185 would protect the work of the Financial Conduct Authority and the Prudential Regulation Authority. Amendment 186 would extend the exemptions in Schedule 2 to the Charity Commission’s functions under the Charities Acts of 1992, 2006 and 2011.

The remaining amendments in this group would address more technical issues, ensuring consistency across the Bill. I beg to move.