Data Protection Bill mushrooms as GDPR looms
Analysis: New clauses would give more powers to ICO - and allow more sharing of data between public bodies
Legislation to update data protection law - already running to more than 300 pages - is set to grow substantially as the enabling bill enters the home straight in its passage through Parliament.
The Data Protection Bill, introduced in the Lords, is now awaiting a date for its report stage in the Commons. It will ‘Brexit-proof’ the EU General Data Protection Regulation by implementing its provisions in UK law, and extend them in key areas such as national security and to unstructured records held by public authorities.
In theory, the Opposition backs the measure, one of only a handful granted parliamentary time during the passage of the core Brexit legislation. However, any ministerial hopes that the bill would go through on the nod have been disappointed.
A glance at the current proposed amendments gives a preview of the arguments still to be expected during the bill’s final stages before becoming law.
Government amendments seek to block a loophole that emerged during the row over the alleged misuse of data by Cambridge Analytica. This will enable the Information Commissioner’s Office to seek a court order requiring a person who has failed to comply with an information notice to provide the requisite information.
The amendments would also create an offence of destroying, or otherwise attempting to dispose of, conceal, block or (where relevant) falsify, such data.
Another new clause would help the Government track down members of the reserve forces by providing for HMRC to supply contact details of members of the ex-regular reserve force and former members of the armed forces, so that they may be contacted regarding their liability to be called out or recalled for service under the Reserved Forces Act 1996.
Meanwhile, veteran Labour backbencher Frank Field has proposed a clause which would require the sharing of data on individuals’ eligibility for benefits, as well as the management of their claim, to registered third parties such as advice agencies. Such disclosure would not need the individual’s consent.
On top of that, four senior Labour MPs, including Tom Watson and Liam Byrne, have introduced an amendment that a Bill of Data Rights in the Digital Environment be attached to the bill. The government, which sees this as part of a move to install the EU Charter of Fundamental Rights in UK law, is not impressed, but in the current parliamentary climate, anything is possible.
The Government has one consolation: of all the EU's 28 members, only Austria, Belgium, Germany, Slovakia and Sweden have so far managed to pass legislation localising the GDPR, which takes direct effect from 25 May.