“which appears to the Secretary of State” and insert
“which, on a reasonable enquiry, appears to the Secretary of State”.
This amendment would require the Secretary of State to only share information, acquired in the course of national security reviews, if the Secretary of State has first undertaken reasonable enquiry.
Clause 54 specifies the circumstances in which information may be disclosed. Subsection (1) provides an information gateway for public authorities to disclose information to the Secretary of State for the purpose of facilitating the exercise of his function under the Bill. Subsection (2) permits the Secretary of State to disclose information received under the Bill to any UK or overseas public authority for specified purposes. Subsection (9) states:
“‘overseas public authority’ means a person in any country or territory outside the United Kingdom which appears to the Secretary of State to exercise functions of a public nature”.
The amendment seeks to address the wide definition of the overseas public authorities to which the Secretary of State might disclose information.
The Minister has previously asserted that Labour Members are looking to give more and more powers to the Secretary of State, but here we wish to help the Secretary of State, which is the motive behind all our amendments. We wish to aid the Secretary of State by somewhat subscribing the persons or organisations with which he—in this case, at the moment, the relevant Minister is a “he”—is allowed to share information, by inserting in clause 54 the words
“which, on a reasonable enquiry, appears to the Secretary of State”.
Therefore, the amendment would not simply leave the process open, as it were, to appearances only, without any inquiry.
Again, the reason for tabling the amendment is—returning to a theme that Labour Members constantly refer to, which I fear the Minister still does not recognise or acknowledge—that this is a radical transformation of national security screening, in the case of mergers and acquisitions. As such, the Government must not only hold the confidence, but actually gain the confidence, of businesses and investors, because this is new. Businesses and investors do not have confidence in the Government’s ability to do this thing at the moment, because it is not something that the Government are doing at the moment. So, the Government need to gain that confidence, and sufficient confidence to ensure that those going through a security review feel confident about sharing information that is relevant to that review.
Again, I remind the Committee that it is necessary that the sanctions for providing misleading information, whether unintentionally or not, and those for not providing information, are significant, as we discussed in our previous sitting, on Tuesday. So, it is all the more important that those going through a security review feel confident about sharing information that may be extremely sensitive. In fact, can we agree that this information is likely to be confidential and sensitive, given that it might appertain to national security and also to the capabilities and intentions of the investors in the businesses under consideration?
So, to give confidence to those going through a security review, the Government must provide adequate mechanisms for data sharing, adequate investment security unit capacity for secure data handling, and adequate protections on subsequent data sharing. However, the Bill does not do those things.
Speaking also as shadow Minister with responsibility for digital, I am often at a loss to explain and justify, or even understand, the Government’s approach to data sharing and data protection. The Bill refers to setting up “information gateways”, which is a term that is used simply to say that the Government are allowed to share data. Is the Minister aware of how many of these “information gateways” exist in his Department and across Government? Given the number that existed in the Treasury three years ago—that was the last time I looked at this issue and I think there were about 500 then—I am concerned that the Government have lost track of the different ways in which they, and particularly in this case the Secretary of State for Business, Energy and Industrial Strategy, are allowed to share data.
I know that the consultation on the Government’s national data strategy closed just yesterday. The Government describe that strategy as being unashamedly “pro-growth”. They do not say that it is unashamedly pro-security; indeed, there are few references to national security in that national data strategy. Mission 5, championing the international flow of data, states:
“In our hyper-connected world, the ability to exchange data securely across borders is essential. Economically, it drives global business, supply chains, trade and development; it will also be critical in enabling the global recovery after coronavirus.”
That is very true. It continues:
“On a personal level, people rely on the flow of personal data… Finally, it has a huge impact on international cooperation between countries, including for law enforcement and national security, keeping the public safe.”
It seems that the national data strategy is focused on enabling data sharing for the processes of economic growth, rather than protecting our national interests, and the privacy and security of persons and organisations. That comes back to a theme that we have repeatedly mentioned, which is the potential conflict of interest within the Department between its economic missions and motives for investment and growth, and our national security, which we have agreed should be the foremost responsibility of Government.
We have concerns regarding the current data-sharing environment and the intention of the Government in promoting data sharing specifically. Therefore, the wide range that the clause gives the Secretary of State in sharing data with overseas public authorities on appearances only does not facilitate the good working of the Bill. Businesses and investors will be expected to share their most critical information relevant to security, criminality and commercial confidentiality, yet the Secretary of State will have the power to share that information with overseas public authorities on what can best be described as a flimsy test.
The Secretary of State will be able to share that information with persons who appear to be exercising a public function. Can the Minister give some indication of how one appears to be exercising a public function? We seek to add “on a reasonable enquiry”, which would ensure that there was at least some evidence for that decision.
I am conscious, Mr Twigg, that similar language appears in section 243 of the Enterprise Act 2002.
I hope the Minister also agrees that we are moving to a much expanded national security screening regime. In 2002, Facebook was a year old or just being born. We are no longer in the place we were in 2002 when it comes to the issues of importance, volume, security and privacy associated with data and data sharing. I hope he will not rely on the 2002 Act as a justification, particularly as we are moving to an expanded national security screening issue and we are in a different data environment.
The strategy says that data is the economic engine, and we must be much better in assuring businesses and investors of their data protection. Instead of relying on appearances, the amendment holds up the standard of reason. Under it, the Secretary of State would have all the relevant powers of data sharing with relevant persons so long as the Secretary of State had reason, based “on a reasonable enquiry”, to think the person to be a relevant public authority.
It is critical that the UK has a national security regime that is grounded in national, competent exercise of state power to protect our security. The amendment would help to build success in that direction by removing a reliance on the use of appearance and instinct, by successive Secretaries of State, and grounding decisions in “reasonable enquiry” instead.
“There is so much around any investment process and the acquisition process that has to remain entirely confidential, that investors would require and would be looking for reassurance that these conversations could be held in the strictest of confidence and that nothing would appear until the right time.”––[Official Report, National Security and Investment Public Bill Committee,
I ask the Committee to consider whether sharing data on the basis of appearances gives that reassurance.
The clause will give information-sharing powers to the Secretary of State. We recognise the importance of that, and we do not want to hinder it unduly, but we expect that the Secretary of State should, and importantly, should be seen to, exercise those powers on the basis of evidence. It is only right that we have clear evidential requirements. Although the 2002 Act uses similar language, it is right that we in this Committee clean up that language based on 19 further years of experience.
I wonder whether my hon. Friend might be tempted to use a bank manager comparison here as well. If I was summoned by my bank manager to the bank, and he or she said, “It appears you’re overdrawn,” and I said, “Why do you think I’m overdrawn?” and he or she said, “I don’t know. It just appears to me that you’re overdrawn,” I might say, “Could you pursue reasonable inquiries to find out whether my account is actually overdrawn or not?” Does she agree that that is an example of the appropriate use of ordinary language, and that the Bill could be put into that state?
I commend my hon. Friend on the extent to which he has used engagement with a bank manager to illuminate much of our discussion. He is absolutely right. To be honest, if any bank invited you to consider an overdraft on such a flimsy pretext, you would, I hope, change your bank, because you could not feel confident in it.
The serious point is that small and medium businesses and start-ups—our great innovation ecosystem in this country—can move, but we do not want them to move. We want them to stay in this country within the legislative framework. We want the new Bill to provide them with the reassurance and confidence that they need to help to implement the Bill effectively and to protect national security. My hon. Friend’s elegant example highlights the failings of the clause.
I anticipate that the Minister will talk about the language in the Enterprise Act. Not only is that 18 or 19 years old, which is one reason that this Bill has been needed for so long, but the person exercising the functions and powers in the Competition and Markets Authority is not a political appointee or political figure. The Bill refers to a political figure, the Secretary of State, so it is all the more important that he or she should be seen to act on the basis of evidence, not on the basis of appearance or instinct.
On clause 54, for this regime to function effectively, the Secretary of State needs access to the right information at the right time to make decisions with the fullest range of evidence available. All relevant information required by the Secretary of State to make a decision might not be obtainable from the parties to the acquisition, but rather might be stored by other public authorities, both in the UK and overseas. The hon. Member for Newcastle upon Tyne Central referred to the speed at which deals have changed; she mentioned Facebook and others. I agree that modern deals are structured in an increasingly complex manner and often across borders and continents. There is a need to work with allies at home and abroad to ensure that we are making well-aligned, timely and correct decisions.
Therefore, the clause provides that public authorities may disclose information to the Secretary of State for the purpose of facilitating the exercise of his functions under the Bill. Equally, it permits the Secretary of State to disclose information to UK and overseas public authorities for the purpose of facilitating his functions under the Bill, but also for a limited number of other purposes, including crime prevention and the protection of national security. I absolutely agree with those who say that businesses do not want slow decisions made by multiple public authorities working in silos. We all want to see an efficient regime in place. Businesses want public authorities that can talk to each other and give a quick and efficient answer that is right first time. Being able to share information is the first step in Government making fast and informed decisions without having to burden businesses unduly, which I know the hon. Lady cares about.
I of course recognise, though, that some hon. Members will feel uneasy about the Government being able to share potentially very sensitive information both within the UK and overseas. The clause includes a number of safeguards relating to the disclosure of information by the Secretary of State. First, the clause prohibits onward disclosure of information shared by the Secretary of State or use for an alternative purpose without his consent. Secondly, when disclosing information, the Secretary of State must consider whether the disclosure would prejudice, to an unreasonable degree, the commercial interests of any person concerned.
I fully support the principle that we should share this kind of information with friendly overseas authorities—subject to appropriate precautions to prevent it from being used for the wrong purposes. However, somebody in the UK who breaks this law will get prosecuted, but an overseas public authority cannot be prosecuted in the UK courts, so can the Minister explain why, under clause 54(7), which lists the factors that the Secretary of State has to consider before deciding whether to release information to an overseas public authority, there is no requirement to assess the rule of law in that other place and to consider whether it has equivalent legislation to prohibit the misuse of information? There is no requirement for the Secretary of State to consider whether they have been given guarantees or assurances by a Government whose word we would expect to be able to take. There is not even a requirement to consider whether the request for information itself might be an attempt to undermine national security.
If the Secretary of State is looking at a potential Chinese takeover of a sensitive undertaking in the UK and a public authority in China says, “We need this information for an inquiry that we are doing,” there is no requirement for the Secretary of State to take that into account. Can the Minister explain why none of those things is built into this clause now, and are the Government willing to consider amending the clause at a later stage to give the further protection that we may need?
I am grateful to the hon. Member. I hope that in my further remarks, if I can make some headway, I will be able to reassure him on those points.
Thirdly, when disclosing information to an overseas public authority, the Secretary of State must have particular regard to whether the law of the country or territory to whose authority the information is being disclosed provides protection against self-incrimination in criminal proceedings corresponding to the protection provided in the UK, and whether the matter is sufficiently serious to justify disclosure. I hope that addresses the hon. Member’s point.
I am sorry to intervene again so quickly, but the precautions in subsection (7) do not address any of the matters that I raised. Subsection (7)(a) in particular is vital and necessary, but it is nowhere near sufficient and does not address any of the points that I raised.
I am grateful. If the drive of the hon. Member’s probing is to ensure that the Secretary of State, when he considers disclosing information to a foreign country, takes into account protecting people being caught in the regime who come from that country, I think I have just made it clear that the clause provides protection against self-incrimination in criminal proceedings corresponding to the protection provided in the United Kingdom. I hope that the hon. Member will be satisfied with that.
Finally, the disclosure is subject to data protection legislation, which provides additional safeguards in relation to the disclosure of personal data. I hope that the hon. Member for Newcastle upon Tyne Central will feel reassured that the Secretary of State may request only the information that he requires in order to exercise his function under the Bill, and that such information will be treated securely.
Amendment 30 aims to increase the scrutiny that the Secretary of State undertakes in deciding whether a person constitutes an overseas public authority for the purposes of disclosing information under clause 54. It is of course important to ensure that any person believed to be a public authority for the purposes of seeking information from, or disclosing information to, is a public authority. I am therefore pleased to reassure the hon. Lady that the Bill does that as it stands. The approach that we have taken mirrors that—I know that she does not like this—in section 243(11) of the Enterprise Act 2002, which includes a similar definition of an overseas public authority for the purposes of disclosure of specified information to overseas public authorities under the Act.
The Minister is generous in giving way. On his rebuttal of my argument on the CMA, it is not about whether I like it. The whole point of the amendment is to take it away from likes, preferences or appearances, and base it on evidence, and the evidence is that the environment has changed dramatically since 2002 in terms of data. Also, the Secretary of State is a political figure.
I am grateful to the hon. Lady. I remind her that the legislation requires the Secretary of State to act in a quasi-judicial way, not as a political figure. I appreciate that by a normal reading, “appears” may appear unduly casual, but that is merely a question of the form of legislative drafting, which is consistent, I remind her, with previous relevant legislation.
In addition, I reassure the hon. Lady that the principles of public law apply in any case. The Secretary of State therefore needs to act reasonably in fulfilling his functions under the Bill. That includes having a reasonable basis, supported by sufficient evidence, for coming to the conclusion that a person appears to be an overseas public authority prior to disclosing information. I hope I have provided the Committee with sufficient reassurances, and I therefore hope that the Opposition will withdraw the amendment.
It is not a strange concept that a Minister acts in a quasi-judicial way in making such decisions.
I will now briefly turn to clause 55, which makes provision for specific restrictions in respect of information received under clause 54 from Her Majesty’s Revenue and Customs. For the regime to function effectively, the Secretary of State needs access to the right information at the right time in order to make decisions with the fullest range of evidence available. One such source of information that might be invaluable to the Secretary of State is HMRC. Although the Government expect that the Secretary of State would seek first to secure the information he needs from the parties, it is important that such information can also be provided from elsewhere in Government, if it is held there.
Clause 55 provides that where information is received by the Secretary of State from HMRC or an onward recipient pursuant to clause 54, it may not be used for purposes other than the Secretary of State’s function under the Bill, and nor may it be further disclosed without HMRC’s consent. Clause 35 provides that disclosing information in contravention of clause 55(1) is an offence, as is appropriate.
I would like to address a question to the Minister. In his remarks on these clauses, he has highlighted a concern. I might have missed it, but I do not see where the Bill sets out the information gateway through which the Secretary of State will receive information from HMRC in order to exercise his functions under the Bill. Clauses 54 and 55 are grouped together under the title of “Information gateways”. They discuss information gateways from the Secretary of State to public authorities and others, but I would really appreciate it if the Minister could write to me to set out how HMRC will disclose information to BEIS for the functions of the Bill. I am sure I do not need to remind the Committee that information held by HMRC is generally considered very sensitive by businesses and individuals alike, and there are generally clear restrictions on its sharing.
To return to the clauses and amendment more generally, part of the Minister’s argument missed what our argument was. We recognise the importance of disclosing some information, and we also recognise that clause 55 sets out tests with regard to the purposes of disclosing the information, and even to how the information can be shared onwards and to what information should be disclosed. What it does not do is test the nature of the public authority. Although we have had an interesting and, indeed, lively debate about the difference between legal language and casual language, I think we can all agree that it is in the interests of our democracy that our legislation can be read and understood by ordinary people. If the term “appears” is to be understood as it is commonly understood, the clause requires the support of our amendment.