§ Order for Second Reading read.
§ 4.8 pm
§ The Secretary of State for the Home Department (Mr. Leon Brittan)I beg to move, That the Bill be now read a Second time.
This is, in fact, the second occasion within a year that the Second Reading of a Data Protection Bill has been moved in this House. I do not deny that it is a fairly formidable Bill. It deals with an intrinsically difficult subject which is further complicated by technical matters with which many of us will not be familiar. If I may say so, however, we should not be put off by that. The aims of the Bill are, I think, clear and straightforward and indeed common ground to hon. Members on both sides of the House. We do not have to be experts in computer technology, or fluent in the jargon of mainframes and minis and micros and optical character readers, to understand the implications of the Bill for the protection of the individual and the enhancement of his rights. I hope, therefore, that hon. Members will not allow the apparently technical nature of the subject matter to obscure the importance of the Bill as a protection both for individuals and for the business community.
First, I should put the Bill in context. Within the last decade — indeed, within the last couple of years — technology has advanced in ways which are bewildering to the layman. Yet it is increasingly coming to have a direct effect on all of us. Developments which, until recently, were in the realms of remote scientific theory are now of clear practical application. More and more office workers operate what is known as the "electronic office". Employees are now used to their personnel departments holding staff records on computer. Hon. Members will be familiar with the facilities of the computerised information system run by the Library. Commerce, industry and the Government are performing an ever-increasing number of tasks with the use of information technology of some kind or other. Wherever we look its impact can be seen, and it is clearly here to stay.
This is an area in which Britain is in the vanguard of technical developments and application and one in which, with demand ever increasing, there are great opportunities. Inevitably, however, with the benefits come also disadvantages and dangers. Above all, developments in information technology have revealed how easily and rapidly information can be manipulated, collated, transferred and retrieved, and that information may include sensitive personal information. It is entirely understandable, therefore, that the proliferation of the technology has led to a certain unease and that there is some anxiety that personal information is collected about us all from unknown sources, stored in data banks and used for all sorts of purposes of which we are unaware.
Concern about the potential threat from computers is real but I must stress that the threat is still primarily a potential one. Actual instances of abuse, though not unknown, are still few and far between. In my view, the important thing is to guard against abuse in the future and eliminate the concern that might otherwise grow into a real impediment to the use of the technology.
31 This joint aim of protecting the citizen while actively encouraging the use of the computer has been shared by successive Governments. It was a Labour Government who set up the Lindop committee in 1976 to advise on legislation. Without that committee's acute analysis of the complexities of the problem, legislation would have been well-nigh impossible. In 1981, this Government committed themselves to legislation and followed that up with the first Data Protection Bill published in December 1982.
It is not only in this country, of course, that concern has been felt. As long ago as 1968 the Parliamentary Assembly of the Council of Europe addressed a recommendation to the Committee of Ministers expressing concern about whether, in the context of automated data banks, the European convention on the protection of human rights and the domestic law of member states provided adequate protection for personal privacy. This recommendation led to others and ultimately to the European convention on data protection, which was opened for signature in 1981 and which the the United Kingdom has signed but cannot ratify until we have our own legislation in place. The OECD has also been active in this area, producing a set of guidelines governing the protection of privacy and trans-border flows of personal data which the United Kingdom endorsed in 1981.
This international concern adds a new dimension. Business depends more and more on the free flow of data — often personal data — between countries. This free flow of information must continue if business is to flourish. At the same time, however, the threat to the individual becomes potentially greater when data are used not only at home but in other countries and in circumstances over which the subject, and often the person passing on the information, has little control. In recognition of this, the convention and the guidelines both confirm the right of countries which have introduced data protection safeguards to restrict the flow of personal data to other countries which do not offer comparable protection.
Ratification of the Council of Europe convention is therefore of prime importance on two grounds. First, it will reassure people in this country that when computers are used for the storage and use of personal data there are special safeguards for individual privacy which are well up to the international standard.
§ Mr. Gordon Wilson (Dundee, East)I have been following with interest the Home Secretary's comments about protection of individual privacy, but is not the Bill dangerously deficient in protecting the individual against the ever-increasing power of the state in view of the exemptions built into the Bill freeing the Government from restrictions?
§ Mr. BrittanI do not agree with the hon. Gentleman, but, as he will expect, I shall have a good deal to say about the exemptions later in my speech. I was seeking first to explain the background and purposes of steps which will enable us to ratify the Council of Europe convention.
As I said, ratification is important for two reasons. First, it will reassure people in this country that when computers are used for the storage and use of personal data there are special safeguards for individual privacy which are well up to the international standard. Secondly, 32 ratification will gain us membership of what one might call the European data protection club, thus ensuring a very important commercial interest —that British firms are not placed at a disadvantage in relation to firms in other European countries.
The Bill is therefore aimed at furthering the interests of two groups: on the one hand, the individual about whom data are held, the "data subject" in the jargon, and, on the other hand, the holder of information, the "data user" in the jargon. Yet clearly the interests of the two may not always coincide. Every safeguard for the subject is a potential burden to the user. Throughout our consideration of the Bill, therefore, it will be vital to remember the need to achieve a reasonable balance, ensuring that the rights of individuals as data subjects are properly protected, without imposing unreasonable burdens on the data users who collect and process personal data.
§ Mr. Tony Marlow (Northampton, North)Perhaps my right hon. and learned Friend will clarify certain specific aspects at an early stage. I apologise if he intended to deal with these matters later in his speech, but that may well not be the case.
Many hon. Members and many members of the public have acquired credit cards. That means that details will be in a data bank somewhere. Two bits of information will be available there: first, the value of the spending and thus how wealthy the person is in general; and, secondly, whether the person is a good or a bad credit risk. Under the legislation, will it be possible for a company to pass information to a subsidiary or associated company, or indeed to a completely different company, either about the credit risk, thus preventing someone who is a bad credit risk from doing business with the other company, or about heavy spending, so that other companies can get in on the gravy train? Like Members of Parliament, many members of the public are inundated with vast piles of junk mail which we could well do without. Will my right hon. and learned Friend comment on that?
§ Mr. BrittanI think that the answers will become clear if my hon. Friend will allow me to develop and explain what the Bill does and does not do. I should make it clear that anything that the Bill does is done by way of conferring rights on individuals and placing limitations on data users which at present do not exist. The only question is how wide the rights should be and how severe the limitations—that is to say, what the balance should be. At the moment the field is clear for the transmission of information and rights to protection against this do not exist. The principles about which my hon. Friend is concerned will become clearer as I continue. The Bill aims to strike a reasonable balance within the constraints of the convention, ratification of which must be the central target of the legislation.
At the heart of the scheme established by the Bill lie the data protection principles, the office of the Data Protection Registrar and the public register of data users. Briefly, subject to one or two exceptions, the Bill requires all those who process personal data automatically to register as data users and to set out in the public register certain details of their operation. The role of the Registrar is then to see that they comply with the eight data protection principles which set the standards for the collection, storage and use of personal data.
Already I have touched on two general areas of concern which have been the subject of much debate in the past and 33 will no doubt continue to give rise to controversy. The first point relates to the scope of the Bill, which requires those who process personal data automatically to register as data users. It does not apply to those who keep personal information only in manual form — in old-fashioned paper records. I accept that personal information stored on manual files may pose a threat to the privacy of the individual, but in the Government's view that threat is of a different order from that posed by the automatic processing of personal data.
As I said earlier, it is the ability of computers to handle vast quantities of information, to link together separate pieces of information to build up a picture of an individual, to search for individuals with particular characteristics, and to do that and much else with amazing speed, which give rise to concern. Information held on manual files is simply not capable of such manipulation and does not give rise to the same anxiety. We need only consider the interest which is aroused the moment information previously recorded manually is put into machine-readable form to see how true that is.
The distinction between automated and manual files has been recognised from the beginning within the Council of Europe. The 1968 recommendation to the Committee of Ministers related to the implications of modern science and technology for the right of personal privacy. The response from the Committee of Ministers showed that it was in the area of automated data banks that national legislation appeared to provide inadequate protection for individual privacy. The convention itself requires signatories to apply its provisions only to personal data which are processed automatically, although it does leave open the possibility of extending its provisions to manually processed data if any state so wishes.
I have heard it suggested that elsewhere in Europe the practice has been not to make any distinction between data in automated and manual form—for the law to approach both in the same way—but that is a myth. Throughout Europe automated data have been seen as presenting the principal threat, and national legislation has concentrated therefore on that area, particularly when it comes to enforcement. I could, if necessary, give the House details to support that statement. The Government believe that that is especially necessary in Britain, since we need a scheme which is both practicable and effective. In our view, a system which attempted to cover manual and automatically processed data in the same way would inevitably be cumbersome and bureaucratic in the extreme. It would either be so unworkable that it would be completely ignored, or, if it were applied seriously, it would be very expensive and involve a radical upheaval which would have seriously damaging effects on business.
On the second point of controversy, I explained that, subject to a few exceptions, the Bill will require all data users — that is those who process personal data automatically — to register. Registration has been criticised by some data users for imposing an unnecessary burden on the vast majority of those who process data in a perfectly proper and acceptable manner for quite ordinary, legitimate purposes. It has been suggested that only those who process particular types of data, or who process data for particularly sensitive purposes, should be required to register.
First, it is remarkably difficult to separate personal information into sensitive and non-sensitive categories. Sensitivity is a subjective concept. What is mundane to 34 one person may be highly private to another. And as Lindop and virtually every other authority on the subject has concluded, even the apparently most unexceptionable information can take on special sensitivity if used in a new context. One's name and address may appear in a telephone directory, but that does not mean one is happy for them to be used by anybody for any purpose.
Moreover, there are positive — indeed essential —purposes served by registration. The Bill must comply with the convention, article 8 of which provides that any person shall be entitled
to establish the existence of an automated personal data file, its main purposes, as well as the identity…of the controller of the file.Here I touch on the points raised by my hon. Friend the Member for Northampton, North (Mr. Marlow). Registration is an obvious, and I think simple, way of meeting the requirements of that article. Any person wishing to find out whether a particular company maintains a file of personal data may do so by the simple expedient of looking up a public register, which will tell him not only of the existence of the file, but also the purpose for which the data are held. To maintain an unregistered file will be an offence.
§ Sir Edward Gardner (Fylde)I am grateful to my right hon. and learned Friend for giving way. Will he recognise that while the Bill is warmly welcomed by business interests, and especially international business interests, in Britain, there is undoubtedly considerable anxiety, as it is believed that the scope of registration is too wide. In the words of the CBI;
It will affect those businesses which were never intended to be or should be the proper targets for this particular kind of legislation.
§ Mr. BrittanI am grateful to my hon. and learned Friend for his comments. There is room for legitimate debate about the exact scope of the registration provisions. He will be aware that, compared with the legislation in its previous form, substantial change has been made exactly in the connection he mentioned to deal with some of the anxieties and to avoid unnecessary registration. If anyone considers that still further changes should be made, obviously the Government will consider them. We have looked long and hard at the necessity for registration and the limitations that can be made. The amendment has been made to deal with the sort of anxiety expressed by my hon. and learned Friend and goes a long way to meet it.
Positive, indeed essential, purposes are served by the legislation. The Bill must comply with the convention, article 8 of which provides that any person shall be entitled to establish the existence of the file. Registration deals with that, and the person can find out what is on the file.
As article of the convention specifically requires, among other things, that personal data shall be stored only for specified and legitimate purposes, it is especially important article 5 also provides—this is also of great significance—that data shall not be used in a way that is incompatible with the purposes for which they are held and that they must be adequate, relevant and not excessive in relation to those purposes. Without some form of prior registration of purposes, therefore, it is difficult to see how these requirements could be met.
Finally, registration imposes an important discipline on users. It will require them to scrutinise the uses to which they put their computers and the purposes for which they hold personal data—to check that they comply with the 35 general data protection principles. This in itself will do much to encourage good data protection practice and will generate a climate in which misuse of data is even rarer than it is now. It will be the first key element in the educative role which it is so important the Bill should perform. Many people believe that, on checking these matters, users will be able to reduce substantially the amount of material kept and that that in itself will be a salutory protest and a saving to those who do it.
§ Mr. Simon Hughes (Southwark and Bermondsey)Are not the purposes so general that without guidelines the Bill will be dangerous because people will not know exactly how to specify an intention when accumulating data? For example, data collected at Swansea for the police dealing with traffic matters might then be used by the police in cases that are totally unrelated to traffic. Would not guidelines considerably solve that problem and help the data user?
§ Mr. BrittanThe hon. Gentleman will no doubt take account of the principles set out in schedule 1. Principle 3 states:
Personal data held for any purpose or purposes shall not be used or disclosed in any manner incompatible with that purpose or those purposes.Principle 4 states:Personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes.Those seem to me to be quite useful guidelines. Given the necessity to register the purposes, and the necessity to comply with the principles, we are going a long way down the road. We should also bear in mind the registrar's considerable powers to intervene should he consider that the principles have not been complied with. In the first instance those powers enable him to specify the action which he thinks is necessary to ensure compliance, and in the last analysis he will be able to take an even more draconian step. That will become clearer when I deal with the Bill's provisions.
§ Mr. MarlowAs my right hon. and learned Friend may know, Barclaycard is located in Northampton. If someone wishes to find out whether he is on a file, I understand that he can go to the registrar to discover how he appeared on it and what information is held. Will that apply to operations such as Barclaycard? If so, will that not place a considerable cost on operations such as Barclaycard?
§ Mr. BrittanYes, Barclaycard will have to register as a data user and people will be able to obtain the information—and a very good thing too, because many people are concerned about that. There must, however, be protection the other way. I do not believe that the action required of those who maintain data banks will be an excessive burden. Indeed, if we did not comply with the convention to the extent that the Bill requires, the damage to British industry would be considerable. Therefore, what we propose is a reasonable balance in view of the principle of the rights of the individual in a world in which concern about automated data has been, and is, expressed, and in view of the need to give assistance to British industry. It is difficult to see how the Bill's requirements can be met without prior registration. Registration would also have the positive benefit of imposing a discipline on users.
36 I wish to concentrate on the changes that have been made since the Bill was last considered. I said at the beginning that one does not need to be familiar with the language of computer technology to understand the Bill. However, one needs to be familiar with the central concepts of the Bill and the expressions used to describe them. Clause 1 therefore defines those concepts and, by doing so, in effect sets the scope of the Bill.
A point discussed in some detail in the Committee on the Bill during the last Parliament was whether the legislation should apply to pure word processing operations—that is, operations performed only for the purpose of preparing the text of documents. The Government accepted that it would be right for such operations to be excluded and an appropriate provision is therefore incorporated in clause 1. I hope that those of my hon. Friends who are concerned about imposing an excessive burden on industry will accept that as an illustration of the way in which the Government have sought to prevent the application of such burdens when no useful purpose is served by imposing them.
Having defined the central concepts, the Bill, in clause 2, introduces the data protection principles, which are set out in full, along with interpretative provisions, in schedule 1. The rest of the Bill is in essence designed to ensure that those principles are complied with.
The agency by which compliance is achieved is the independent Data Protection Registrar, who, along with the specially constituted Data Protection Tribunal, is established under clause 3.
That brings us to part II, which sets out the obligations imposed on data users and the powers of the registrar to ensure that the obligations are met. Clause 4 sets out the requirement for data users to register and to provide certain particulars, including descriptions of the personal data they hold, the purposes for which they hold the data, the sources from which the data are obtained, and the persons to whom the data are to be disclosed.
Clause 5 backs that up by making it an offence to hold personal data without being registered, or to hold, use, obtain or disclose data in a manner inconsistent with the register entry.
The procedure for applying for registration, of for the alteration of registered particulars, is set out in clauses 6 to 9, which also set out the grounds upon which applications may be refused. In the light of comments made on the previous Bill, these provisions have been amended to provide that a user shall be deemed to be registered, and an alteration shall be deemed to be made, from the date on which the application itself is made. This means that users will be able to continue with their operations pending the registrar's final decision and will thus not be faced with unacceptable delays or interruptions to their operations. I hope the House will accept that attempt to meet the concern of data users not to have excessive burdens imposed on them or disruption to their arrangements which are not for the benefit of data subjects.
The registrar's powers to enforce the data protection principles are set out in clauses 10 to 12. The principles are necessarily cast in terms of such generality that they do not lend themselves to direct enforcement through the courts. Instead, clause 10 gives the registrar power, where he is satisfied that there has been a breach of the principles, to issue an enforcement notice specifying the steps that need to be taken to ensure compliance with the principles.
37 Before issuing such a notice, however, he must consider whether the breach in question has caused, or is likely to cause, any person damage or distress. Any person who fails to comply with an enforcement notice commits an offence.
The registrar also has power, by virtue of clause 11, to issue a deregistration notice, the effect of which may be to remove all or part of an entry from the register. He can use this power only when an enforcement notice will not suffice — so clearly it is very much a weapon of last resort. Indeed, we would expect the registrar to issue enforcement or deregistration notices only rarely and when informal consultation and negotiation with the data user have failed to resolve the problem.
The hallmark of this part of the Bill is to give the registrar sufficient flexibility to respond to any case he faces in the way that the circumstances of that case demand, rather than be tied to a particular response in predefined circumstances which in the event may turn out to be wholly indadequate to protect the subject or may be quite arbitrarily punitive for the user. Given the infinite range of cases with which he will deal, flexibility is vital for a sensible and at the same time effective data protection scheme.
§ Mr. Robert Maclennan (Caithness and Sutherland)The Secretary of State emphasised the importance of flexibility, and so did the Lindop committee, but that committee recommended the introduction of agreed codes of practice. When the right hon. and learned Gentleman in answer to the intervention of my hon. Friend the Member for Southwark and Bermondsey (Mr. Hughes), referred to the principles, he did not deal with that matter. Why has he rejected the Lindop committee's proposals for codes of practice?
§ Mr. BrittanIf one were to follow that proposal literally, one would have about 50 codes of practice. I regard that as a cumbersome and burdensome way to achieve the objectives. Lindop identified about 50 general sectors which needed to be covered by codes, and it is possible that developments since then have made the position considerably more complex. Apart from that, it is important to ensure that codes are not elevated above the general principles. That is why, instead of statutory codes, we prefer to use the general principles as a single overall code of practice. In my view, that is much less cumbersome and will achieve the same objective in a more flexible and better way.
Clause 12 also deals with the registrar's powers to issue notices— this time transfer prohibition notices, which relate to the transfer of personal data abroad.
The remaining clauses in part II deal with a variety of matters, notably the rights of appeal to the tribunal, the registrar's power of entry, inspection and seizure —considerably refined since the original Bill— and the penalties for offences.
This brings us then to part III, which sets out data subjects' rights and the various remedies available to them. Clause 21 introduces the important new right of subject access—that is, the right of an individual to be informed by a data user if he holds information about him and to have a copy of any relevant information. A data subject who is denied his right of access may go to the court requiring the user to grant access.
It sometimes seems to me that those who criticise the Bill for not doing enough for data subjects have 38 underestimated the importance and novelty of this new right of subject access. Every individual will be entitled to access to information stored about him on computer. I may say that that entitlement is in some respects more comprehensive both than that which might have emerged from the literal implementation of the Lindop committee recommendations, and than that provided in the legislation of some of those countries which are commended to us as being in the forefront of data protection.
§ Mr. WilsonI was interested, when I read the Bill, to see the new legal right that is to be given to data subjects for right of access. However, let us take the example of a housing scheme where there is much deprivation and which for credit purposes, will probably be blacklisted, even though the people who live in those houses do not have any credit records. Would it not be virtually impossible for a person, say, on supplementary benefit or on a marginal wage, with a large family, to go to a court to get an order to see the record of an item which may refer to him? Would it not be better, at least in the first instance, for some power to be given to the registrar to instruct the data user to produce some information and then have the right of access to the court as a fallback provision if there were any problem over ascertainment of compensation or refusal to rectify the entry?
§ Mr. BrittanI do not believe that it would make any practical difference whatever, apart from adding a further complexity. The position is that the right of the user to resist the registrar's requirement would depend on whether the Bill was being properly applied in requiring the information, in the same way as with an application direct to the court. The same issues would arise, and a data user who thought that he was entitled to deny access would refuse it to the registrar and would be entitled to do that, just as much as when the issue was raised before the court. I do not believe, therefore, that what the hon. Gentleman proposes would assist in any meaningful way.
Clauses 22 and 23 provide a right to compensation where a data subject is damaged through inaccurate data or as a result of inadequate security leading to the destruction or disclosure of data, while clause 24 provides for the rectification or erasure of inaccurate data. This right to rectification or erasure does not depend, as it did in the previous Bill, upon damage having been caused to the subject. That again is a change made in the light of earlier debate and a change made for the benefit of the subject.
The result is that the Bill enables the individual, first, to have access to data held about him, and, secondly, if access reveals inaccuracy, to go either to the court—or to the registrar, if he prefers — to have the data corrected. These are fundamental and significant new rights.
Finally, in part III, clause 25 deals with technical questions of jurisdiction and procedure.
We come now to part IV. This part deals with various exemptions, and its provisions have inevitably aroused more interest than any others. Since the predecessor to this Bill was last before the House, a number of changes have been made involving both additions to and deletions from the list of exemptions. I hope that as a result hon. Members will feel that this part of the Bill now achieves a better balance.
I shall briefly run through the principal exemptions in this part of the Bill and mention the main changes which 39 have been made. First, there are the exemptions from all the operative provisions of the Bill—that is, the data which neither have to be registered nor are subject to the data protection principles, nor to the registrar's supervision.
Such wholly exempt data are severely limited to three groups. First, there are data relating to national security, which are dealt with in clause 27. That clause was tightened up as a result of the debate in another place last year. Then there are the data covered by clause 33(1)—data which under existing law must be made public—and, by clause 31, data held for payroll and accounting purposes, provided that they are not used or disclosed save in the very limited circumstances specified in the clause. That is a further amendment since the first Bill appeared and it was inserted—again for the benefit of industry—in response to requests for exemption for certain routine and well-understood uses of personal data, particularly when held by small businesses. That is important. The final group of wholly exempt data come in clause 32—data held for domestic and other strictly limited purposes. That exemption was contained in the previous Bill, although some of the conditions in the clause have been modified.
Those, then, are the only data wholly exempt from the Bill. All other data—including data held by the police —have to be registered, and the registrar can generally demand that they comply with the data protection principles. However, in certain circumstances specified in the rest of part IV, exemptions from particular provisions apply — notably from subject access and from the prohibitions on disclosure of data to others.
Thus, clause 28 provides exemption from the subject access and non-disclosure provisions for certain categories of data. This clause has attracted a great deal of attention. It has even been represented by some as, in some extraordinary way, eroding individual rights and personal privacy and increasing police powers. It does none of those things and cannot possibly properly be interpreted as doing them. As I said, the Bill creates, for the first time, a general right for an individual to have access to information held about him on a computer and introduces certain controls—again for the first time—over the use of such information. It is thus a positive measure which enhances the rights of individuals and the protection afforded to them.
Like the European convention, however, the Bill recognises that there must be certain limited exceptions to this right of access if vital functions are not to be prejudiced. Clause 28(1) therefore provides an exemption from the subject access provisions for data held for the purpose of law enforcement or for revenue purposes—but only if granting subject access would prejudice those purposes. Those exemptions are clearly permissible under the convention. Equally clearly, they are not an erosion of existing individual rights. They are a necessary limitation on the newly introduced rights of individuals in order to avoid prejudicing effective law enforcement.
The same applies to clause 28(2), which places limits on the extent of the new prohibitions on disclosure of personal data. At present data users are at liberty, subject to any obligations of confidence or any professional or ethical restraints, to disclose personal information at will.
40 As a result of the Bill, however, a data user will be prevented from disclosing data unless he has registered in advance the person to whom he is making the disclosure.
Clause 28(2) qualifies that new prohibition where the disclosure is for purposes such as crime prevention or tax collection. In those cases, the status quo is preserved. At present, data users may on occasions disclose information to, say, the police if they believe that they have a public duty to do so and if they believe that that duty outweighs any obligations they may have to the subject of the information. On other occasions they may feel that they should not pass certain information to the police. The decision, however, rests with them, and that is what clause 28(2) allows to continue to happen. It recognises that few data users are likely to foresee the need to disclose data to the police and therefore ensures that they should not be prevented from doing so if the need arises and if complying with the requirement to register in advance would prejudice law enforcement or revenue purposes.
Clause 28(2), therefore, is merely permissive and allows data users to reach their own decisions on whether to disclose information in certain circumstances; it does not give the police any right to demand the production of information, nor does it place users under any obligation to disclose information. For a proper understanding of the balance and the civil liberties position, it is important to understand and stress that point.
§ Mr. Simon HughesOne defect of linking the rights of the data subject with the exemption provisions is that if there is unauthorised use and disclosure of data with the user's authority, there is nothing to ensure that the subject gives his authority. If data are disclosed without the authority of the subject, there is no right to compensation. There are rights under clause 24 to rectification or erasure, but there is no right to compensation.
§ Mr. BrittanIf I have understood correctly the hypothetical circumstances envisaged by the hon. Gentleman, I believe that the action he describes would be a criminal offence. We can examine that in Committee.
§ Mrs. Renée Short (Wolverhampton, North-East)Will the Home Secretary give way?
§ Mr. BrittanNo. I must make progress.
Hon. Members will not expect me to pass on from clause 28 without, mentioning the amendment that was made to it in another place. It is important, because it shows the balance that the Government are seeking to maintain. The Bill originally contained an exemption in clause 28 for personal data relating to immigration control. That exemption was widely perceived, rightly or wrongly, as being discriminatory, and anxieties were expressed that that perception could affect good race relations. I will not repeat all the arguments. Suffice it to say that although the Government did not accept the basis on which the criticisms were made, we were persuaded that, in the interests of good race relations, to which we all attach the greatest importance, it would be right to drop the exemption. An appropriate amendment was therefore moved and accepted in another place.
Clauses 29 and 30 deal with exemptions from the subject access provisions—and from those provisions alone—for health and social work data, for data relating to judicial appointments and for legally privileged data.
41 I have already dealt with clauses 31 and 32. Clause 33 brings part IV to a close with an assortment of exemptions—either from subject access or nondisclosure—in particular circumstances.
Finally, part V contains various general provisions dealing, among other things, with the duties of the registrar, the application of the Bill to Government Departments and the police and the territorial application of the Bill.
The Bill is designed with an eye to the future. We have tried to anticipate the ways in which personal data may be used and to provide appropriate controls and safeguards. Technology is, of course, developing all the time. That is why we have concentrated on the uses to which data may be put, rather than on the equipment which is used.
Some have suggested that the Bill will impede progress by prolonging the use of manual records, which are outside its scope. I do not think that that will happen. The force of technological progress is so strong that it is ridiculous to believe that the Bill will stop the advance. Besides, I am sure that users will quickly realise that the benefits to be obtained from computerisation far outweigh any apparent inconvenience caused as a result of the Bill. Indeed, I believe that the Bill will, in the longer term, positively encourage the use of information technology. It will reassure the individual citizen that computers can be used without risk of abuse and so remove the fears which can at times impede the process of computerisation where it can proceed only on a voluntary basis.
Over and above that, the Bill, by encouraging good practice in the general use and protection of personal data, will lead to more efficient and cost-effective data handling generally, which will also be of direct advantage to data users. More and more users whom we have consulted are coming to realise that data protection, if approached in a positive light, can be of real benefit to them as well as to the data subjects about whom they hold information.
This is the fourth time in little more than a year that a Data Protection Bill has been presented for a Second Reading—twice in another place, and twice now in this House. We always foresaw that the parliamentary debate —and the extra-parliamentary debate stimulated by the introduction of legislation— would prompt us to look again at some of the provisions of the legislation as originally proposed. I think that any fair-minded person would concede that the amendments made since the original Bill first appeared a year ago are evidence both of the Government's willingness to listen and of improvements made to the Bill. It is already a better Bill than it was — and there may well be further improvements still to come. But I hope that it is now on the last lap of what has proved a longer than usual parliamentary voyage.
§ Mr. Gerald Kaufman (Manchester, Gorton)In one sense, the Government certainly mean what they say when they declare that they are in favour of data protection. They have taken the most strenuous steps to keep private the data that would provide Parliament with explanations of the contents of the Bill that are more adequate than those provided by the Home Secretary today.
Before the debate, we asked the Government to refer the Bill to a Special Standing Committee so that hon. Members could have the opportunity to examine witnesses. Far from agreeing to that reasonable request, 42 the Government have refused even to move the necessary sessional order so that we could put such a proposal before the House. What do they have to hide? What data are they seeking to protect? Fortunately, the resources of civilisation are not exhausted and after the vote on Second Reading, we shall move that the Bill be referred to a Select Committee.
§ Mr. BrittanIf the right hon. Gentleman is so keen on that procedure, will he explain why it is only now, many moons later and after considerable further consultation, that his party has suddenly conceived the idea of the Special Standing Committee procedure? Last year, the Social Democrats were the only hon. Members who asked for it.
§ Mr. KaufmanThe Home Secretary has referred to discussions that have taken place about the Bill since it was introduced last year. Those discussions, far from elucidating matters, have obscured them and the Home Secretary did not always seem sure of the answers to the questions put by hon. Members during his speech. We wanted to give the House the opportunity of using a procedure which has not been tested for a little while, on a Bill which is almost ideally suited to it.
We have heard great claims from the Government—we heard some again today from the Home Secretary—about their allegedly liberal motives in bringing forward the Bill. We have been told how keen the Government are to protect the privacy of the individual, and individual privacy is certainly at risk. All of us now are collections of digits on so many computers that it is beyond the scope of the citizen to keep track of them—national insurance, National Health Service, Inland Revenue, vehicle licensing, television licensing, local councils, banks, housing departments, police, gas board, electricity board, British Telecom, water authorities, airlines, credit cards, mail order organisations, and so many more that they are literally innumerable. Many of them are at liberty to invade our privacy by sharing information about us with one another. We are victims of a degrading process that turns us all into numbers.
The Bill makes it far worse. For the purpose of legislation, we are no longer people. In the words of clause 1(4) we have become "data subjects". The Minister used that ugly piece of phraseology nine times in his speech. In the view of the Government we have ceased to be women, men or even persons. We are all data subjects now. That will mean some changes. We shall have to alter Genesis 1.27 so that it says that God created the data subject in his own image. Wordsworth will in future tell us that the child is father of the data subject. We shall learn from Robert Burns that a data subject is a data subject for a' that. In the nursery rhyme the giant will chant, "Fee, fi, foh, fum, I smell the blood of an English data subject," if a data subject has any blood. In the ditty, "Frankie and Johnnie," Johnnie will be saying, "He was her data subject, but she done him wrong." One of our most famous national mottoes will in future be: "An English data subject's accommodation unit is his national security installation." I hope the Standing Committee will strike out this dehumanising jargon wherever it occurs in the Bill.
The principal objective of the Bill is not to protect the privacy of the data subject. As one might expect from this Government, the Bill is all about trade and money, as the White Paper on which the Bill is based admits. The White Paper says:
43
without legislation firms operating in the United Kingdom may be at a disadvantage compared with those based in countries which have data protection legislation. When the Council of Europe Data Protection Convention comes into force it will confirm the right of countries with data protection legislation to refuse to allow personal income to be sent to other countries which do not have comparable safeguards. This could threaten firms with international interests operating in this country and the activities of British computer bureaux which increasingly process data for customers in many different countries. Accordingly, in order to conform with international standards of privacy protection and to avoid possible barriers to trade, the Government has decided to introduce legislation which will apply throughout the United Kingdom and will enable the United Kingdom to ratify the Convention.The previous Home Secretary, Viscount Whitelaw, was refreshingly clear and open about this when on 11 April last year he moved the Second Reading of the Bill that fell with the general election. He said:
We must ensure that the information technology industry flourishes. And that is the purpose of the Bill."—[Official Report, 11 April 1983; Vol. 40, c. 555.]He described that as imperative.Without the need to conform to the Council of Europe convention, the Government would never have introduced a data protection Bill at all, yet there are even misgivings about whether the Bill satisfies the requirements of the convention. A Special Standing Committee could have investigated that, and established it to the satisfaction of the House one way or the other. Having had to introduce the Bill, the Government have drafted it to ensure that it contains the very minimum that they can get away with. For example, article 13 of the convention calls on the Government to set up a data protection authority, and the Lindop report, which the Secretary of State praised today quite extravagantly, regarded such an authority as essential, and assigned it a number of important duties, but the Government have rejected the recommendations, and there will be no authority. Instead they are simply to appoint a registrar, and in clause 35 they deem him the designated authority for the purposes of the convention.
Many different kinds of organisation will have to conform to the system of registration laid down by the Bill. All will be operating such a system for the first time. Some will have little or no experience of complying with central Government regulation. Again, the Lindop committee regarded legally enforceable codes of practice as an integral feature of its proposals, yet the Government have refused to provide codes of practice or an advisory committee, and I must say that I found unconvincing the Home Secretary's attempted explanation of why they had not done so. There could indeed be chaos when the legislation comes into operation because of the lack of experience of operating Bills of this kind.
The Bill takes credit for giving citizens access to material about them that is held on file, yet, as the Minister frankly told the House today, that access is restricted to material on a computer. A great deal of personal information is not computerised, and individuals will have no right of access to it, even though article 3 of the convention enables any subscribing country to enforce access to such manually compiled information. Although the Secretary of State dismissed that matter today, it was put into the convention not idly, but to enable any willing Government to do it if they so wished. Many important files will as a result be withheld from people who would like to learn what is in them. Organisations could even be 44 impelled, in order to escape the legislation, to withhold, or remove, from their computers information that they would rather not disclose.
The Government also give themselves a blank cheque to withhold any other information that they choose under clause 29(2):
The Secretary of State may by order exempt from the subject access provisions, or modify those provisions in relation to, personal data of such other descriptions as may be specified in the order, being information—Even when the law in theory gives individuals access to their files, it provides them with inadequate remedy when such access is illegally obstructed. Under clause 21(8) such people have to go through the whole rigmarole of a court hearing in order to obtain their rights. This will deter many who have no stomach for such a cumbersome, protracted and possibly expensive process. The Lindop committee proposed that the data protection authority which it proposed should be set up should employ inspectors to investigate complaints. That proposal, if adopted, would have provided protection through its deterrent effect, but, of course, no authority means no inspectors. Even so, under the Government's own proposals, why cannot a much simpler procedure be laid down, perhaps through the Data Protection Tribunal that is to be set up? Furthermore, an individual also has to go to court to obtain correction of inaccurate data about him, and must again do so to remedy unauthorised disclosure.
- (a) held by government departments or local authorities or by voluntary organisations or other bodies designated by or under the order; and
- (b) appearing to him to be held for, or acquired in the course of, carrying out social work in relation to the data subject or other individuals."
It is in its disclosure provisions that the Bill is at its most unsatisfactory. It makes little sense to prevent us from seeing some of this material. Why, except in rare cases, may we not examine our own tax files, for example? What about our police files? We were assured by the former Minister of State, the right hon. Member for Aylesbury (Mr. Raison):
Much of the information held on the Police National Computer System will be fully within the scheme. fully accessible by the Registrar and fully accessible by data subjects.But if such material is so innocuous that potential criminals may be told about it without concern, what is it doing on the computer in the first place?What about the information that will not be accessible? Such material may not be accurate. As the Lindop committee put it, criminal intelligence is
speculative, suppositional, hearsay and unverified, such as notes about places frequented, known associates, suspected activities.The police national computer holds such speculative, suppositional, hearsay and unverified information about 5 million of us. Much of that information may be wrong and could cause damage to innocent people, who will not have the chance to get it put right, when it may be passed from agency to agency, blackening their characters as it moves. This is the experience in the United States of America with FBI records.It is not only information about an individual in the hands of the police that may be withheld from him. The Home Secretary can withhold a great deal of other information under clause 33(2):
The Secretary of State may by order exempt from the subject access provisions personal data consisting of information—Again, some of the most important safeguards in the Bill are those which it is claimed protect citizens from disclosure of sensitive information about them.
- (a) the disclosure of which is prohibited or restricted by or under any enactment; and
45 - (b) which appears to him to he of such a nature that its confidentiality ought to be preserved or that the provisons prohibiting or restricting its disclosure ought for any other reason to prevail over the subject access provisions."
§ Mr. MaclennanThe right hon. Gentleman made specific mention of clause 33(2). Does he agree that it appears on the face of it that this is such a wide exemption that it could apply to literally all information held by the Government under the provisions of section 2 of the Official Secrets Act 1911?
§ Mr. KaufmanI fear that that is the objective of the clause, and again a Special Standing Committee might have elucidated that information from the Government.
Although, under this legislation, the Secretary of State can prevent a patient from learning what is in his or her medical file, such private medical information may be passed on to the police behind the back of the patient and even behind the back of the doctor whom the patient consulted. It is incredible that while the Secretary of State devoted quite a lot of time to clause 28, he did not so much as refer to an issue which is immensely contentious and about which all those involved in medicine, including the British Medical Association, feel very strongly.
Under clause 1(5) the data are not held by the doctor. They are held by the registered user, presumably the health authority. The doctor will have no control over them. The medical profession rightly takes the view that it is quite unacceptable for someone other than a doctor to pass on such information, possibly against the wishes of the doctor or without the doctor even knowing. This is possible under the Bill.
Patients often tell doctors the most intimate and private details about themselves because it is thought that that may help in their treatment. Doctor Shirley Summerskill put it very well during the Second Reading debate on the previous Bill:
A physician who taught me always used to say, 'Listen to what the patient is saying, he is telling you the diagnosis.' The patient tells a doctor not only about the physical complaints, but about his family and his most personal circumstances." —[Official Report, 11 April 1983; Vol. 40, c. 622.]In future, patients may hesitate to tell and doctors may hesitate to ask, or the information, if it is provided, could be withheld from the case notes. This could have a grave effect on the patient's treatment, and the British Medical Association and other organisations involved in health treatment are right in insisting that it is essential that clause 28 be amended.Just as worrying, if not more so, are the provisions of clause 27 which allow any member of the Cabinet quite capriciously to set aside every one of the non-disclosure protections. The clause provides that it may be implemented in any case in which the disclosure of the data is
for the purpose of safeguarding national security.But how is "national security" to be defined? The next subsection tells us:For the purposes of subsection (3) above a certificate signed by a Minister of the Crown certifying that personal data are or have been disclosed for the purpose mentioned in that subsection shall be conclusive evidence of that fact.The Lindop committee made important recommendations to provide a check on Ministers in such circumstances. It proposed: 46
A simple — and we believe satisfactory — solution to this problem would be to ensure that the DPA"—the data protection authority—has at least one senior official with a security clearance sufficiently high for him to be able to operate in effect as a privacy consultant to the Home Office and the security services, and to work out with them the appropriate rules and safeguards for their systems.That is a solution which has been adopted in Sweden, apparently to everyone's satisfaction. The Swedish DIB from time to time sends a designated inspector to the security services to ensure that they comply with mutually agreed standards.Once again this possibility is ruled out because there is to be no data protection authority. There is to be no outside authority which has the right to say whether this power is used properly. Yet it has enormous implications. In a well-informed article in today's Financial Times, Dr. R. N. Savage, principal lecturer at Trent polytechnic, and Dr. C. Edwards, professor at the Cranfield school of management, envisage one dangerous possibility. They give as an example:
a stated purpose of holding data for effective industrial relations may conceal the real purpose of maintaining a blacklist of trade union members.Let us consider a more topical possibility. I take the example of an employee at the Government Communications Headquarters at Cheltenham. Let us postulate that such an employee has accepted the Government's degrading £1,000 bribe to resign from his or her trade union and has signed the repulsive form that accompanies the bribe. Among other requirements, the employee is compelled to sign this undertaking:
I … undertake NOT to join a trade union or to engage in its affairs or to discuss with its officials my terms of employment or conditions of service or in any other matter relating to my employment at GCHQ.If the Foreign and Commonwealth Secretary suspects that some employee has committed the new crime of being a secret member of a trade union, the clause will allow him to obtain membership records of the relevant unions or any other data which he may regard as relevant. The pretext of national security will give the Government the chance to pry into any subject which takes their fancy.Where the Bill purports to be benevolent, it is often inadequate. Where it claims to be innocuous, it is often dangerous. Yet what an opportunity the Government had. Britain lags behind other countries in being without any real freedom of information legislation. Britain is woefully inadequate in its legislation to protect privacy. The Bill, as well as advancing trade, could have been a long-awaited freedom of information Bill and a much needed privacy Bill as well. In far too many ways it is a Big Brother Bill. That is why the Opposition will vote against it.
§ Mr. Roger Gale (Thanet, North)I support the principles of the Bill and believe it to be very necessary and well thought out. I am not in the habit of being seduced by what the Mail on Sunday calls the deep-pile carpet in my office much before 7.30 am, and so this morning I heard my hon. and learned Friend the Member for Ribble Valley (Mr. Waddington), Minister of State, speaking on Radio 4. I endorse his assertion that the Bill relates to information recorded and processed by machine. Indeed, so it should. It is not the Bill's intention to deal with manually held and recorded information. Those who seek to introduce controls over manually stored information, 47 like those Opposition Members who seek to introduce yet another quango in the form of the data protection authority, fail to understand the Bill's purpose.
Nevertheless, some aspects of the Bill give cause for concern, and I shall touch on some of them. The Bill was debated for many hours in the other place, and we should be grateful for the time and effort devoted there to this subject. Lord Elton defined three aims for the Bill: the protection of the individual, the protection of the community and the furtherance of commerce and trade. I do not question the need for this country to sign the European convention and to join what my right hon. and learned Friend the Home Secretary has referred to as the international data club as a full member. But, as Lord Elton outlined, the Bill's first priority is the protection of the individual from the abuse of personal data.
The scale of possible abuse is perhaps best outlined by events in America since the passing of the Privacy Act there in 1974. The following American Government Departments now hold personal information: the Treasury, the Departments of Education, Health and Human Services, Commerce, Defence, Justice, State, Agriculture, Transportation, Housing and Urban Development, Labour, Energy and Interior, the Copyright Office, the Federal Communications Commission, the Office of Personnel Management and many other federal agencies. Each of them has a direct counterpart in Britain. It is estimated that since the passing of the Privacy Act in 1974, American Government Departments on average hold 15 files for each American, exclusive of all records held privately for credit or insurance purposes, clubs and so on.
What are personal data? In seeking a definition, the other place described it as "the hunt for the unicorn". However, the Bill's very first clause defines personal data as information
which relates to a living individual who can be identified from the information".I understand that that means that the recently bereaved — the widow, widower or children—are not afforded any protection under the Bill. That is quite wrong and is worthy of attention in Committee.Clause 1(7) deals with data processing, which it defines as
amending, augmenting, deleting or re-arranging the data or extracting the information constituting the data".Does "extracting" permit the copying of data? The dictionary definition suggests that it does, but if copying is permitted, information could be given or sold to another data user who is not registered under the Bill. That defeats one of the Bill's main objects, which is to deny access to personal data to those who are unauthorised to have such access. That point was left unresolved in the other place. However, I feel strongly that copying should be included in the definition, if only to avoid confusion.
§ Mr. Barry Henderson (Fife, North-East)I am interested in what my hon. Friend says and have great sympathy with his point about copying. Could the term "copying" imply copying machine-readable data or copying by putting the file on to a printer? From my hon. Friend's study of the matter, does he believe that putting the file on a printer would take it out of the Bill's scope?
§ Mr. GaleAt present the legislation is not clear. That is the precise point that I am seeking to have defined. I am 48 sure that my hon. and learned Friend the Minister will touch on it in his reply. However, I strongly feel that a provision about copying should be inserted into the Bill.
I turn to the rights of appeal, because the Bill is apparently loaded in favour of the data user and against the data subject. The data user has the right of appeal to a registrar, to a tribunal and to the courts. An aggrieved data subject may appeal to the registrar, but then he may seek redress only through the courts. The question of that procedure was raised in the other place, and Lord Elton simply reiterated the Bill's provisions. We know that the data subject has recourse to courts of law. However, Lord Elton's reply begs the question. If the tribunal is to be cheaper and simpler than the courts—which it is—why cannot the data subject take advantage of its services? No doubt my hon. and learned Friend the Minister will respond to that point.
The main bone of contention in the Bill is clause 27, which my right hon. and learned Friend the Home Secretary mentioned. I repeat that the first aim of the Bill is to protect the individual from the abuse of mechanically-stored personal information. If the net of exemptions from the protection of the Bill is flung too wide, there will be no point in having the Bill at all. As it stands, the certificate of exemption may be signed by any Cabinet Minister, the Attorney-General or the Lord Advocate. I am not suggesting that my right hon. Friends will abuse that power, but I know of no good reason for them to have it. It makes accountability to the House much more difficult to enforce. Clearly, for security purposes, there must be a certificate of exemption. But it is entirely reasonable that that power should rest only in the hands of the Prime Minister or the Home Secretary, who are answerable to the House.
I also share some of the misgivings expressed about the definition of the prevention of crime. In the United States of America legislation has used the definition "criminal law enforcement." If the words "by a statutory authority" are added to that, one has a definition which excludes the cowboy or fly-by-night detective agency, for example, which could reasonably claim to be engaged in the "prevention or detection of crime." One could also then exclude a firm of accountants which was seeking information ostensibly for the "assessment or collection of any tax or duty." However, even with that safeguard, we are authorising a level of intrusion with apparently no safeguard other than the expression of good or righteous intent. We do not permit such intrusion elsewhere.
If I understand my right hon. and learned Friend the Home Secretary correctly, he does not concur with my understanding of the Bill — that by exempting those engaged in the enforcement or detection of crime, or those engaged in the investigation of tax matters from the protections given in the rights of access, we are by implication providing a right of access. If I am correct, that right of access should be subject to exactly the same sort of search warrant as the authorities now require if they desire access to someone's home.
I wish briefly to touch upon two further issues. The two-year period of grace between enactment and registration is too long. It would be possible, and quite fair to the data user, to shorten that period to one year. I also believe that the maximum penalties on conviction are far too low.
Having said that, it is necessary for the House to have a sense of proportion about the Bill—something that has 49 been lacking in some of the comments from Opposition Members. Two countries which have similar legislation, and two companies in those countries, have been surveyed. It was discovered that the most frequent applicants for information were journalists testing the system. Norway and Sweden have had similar legislation in force for some time, but both countries are now revising it because they have found it to be unnecessarily complicated. I cannot help but feel that, in due course, we shall come back to the House to do the same.
I return to the third point of the Bill, as defined in another place. The "furtherance of commerce and trade" will undoubtedly come about with the passing of the Bill, and that is entirely proper. The passage of the Bill will be eased if attention is paid to the items that I have mentioned.
§ Mr. Gordon Wilson (Dundee, East)I approve of the general aim of the Bill but unfortunately it is so flawed that it cannot be accepted in its present form. I have considerable doubts about the powers of enforcement available to the registrar. I fear that his discretion is so limited that he will be unable to pay attention to the changes in technology that might take place.
As I said in a recent question to the Home Secretary, I am concerned about the rights of the data subject—if I may use such a term, despite the horror expressed by the right hon. Member for Manchester, Gorton (Mr. Kaufman). The problem facing someone who may be on file is that to go to court is a formidable and expensive business—unlike going to a tribunal, which is usually inexpensive. If that person lost his application at the court he would have to pay the expenses of both sides in the action. I fear that the ordinary citizen will find the Bill's provisions insufficient to protect his rights.
If someone residing in Scotland had a complaint about a firm in England which may hold data about him, he would have to engage two sets of lawyers before the matter could be brought before a court. That is why I urge the Home Secretary to consider, at least in the first instance, allowing an application to the registrar so that the information requested can be made available. I accept the Opposition's argument that the powers of the registrar are insufficient compared with the powers which would be available to the commission or the authority which has been suggested.
I wish to deal with the parts of the Bill which, I fear, make it a dangerous piece of legislation. In January 1984 it is of doubtful legality whether public bodies can hold certain personal data which they have not acquired as a result of statute. It is even more doubtful whether it is legal to pass on those data to other bodies. Indeed, the Office of Population Censuses and Surveys and the Inland Revenue are specifically enjoined by statute not to release any data, other than under very strictly controlled conditions. There is also a convention, referred to in the Government White Paper of 1975 "Computers: Safeguards for Privacy" that Departments will not pass such information to other Departments unless a warrant is outstanding.
By the end of 1984 — or before then if the Bill receives Royal Assent—the House will have given the Government, and all subsequent Governments, the right to do all those things that are currently of doubtful legality. The Home Secretary may say that he is not breaching 50 current practices, but the Bill may hallow the current malpractices. It will be enshrined in statute that private bodies and individuals cannot use personal data in computer systems other than within the workings of the data protection principle. But clauses 27 and 28 will give the Government the right to decide whether, and to what extent, if at all, they will bring themselves and the Departments they control within the principles laid down for the remainder of the community — notwithstanding that if there is a danger, or potential danger, of abuse of personal data computer systems, it lies much more in the public than in the private sector.
Democracy is a delicate plant which requires vigilance. We should note how the infringements of liberty developed as a result of the passing of the Defence of the Realm legislation during the first world war and the way in which it managed to stick in certain important essentials thereafter, leading to the various Official Secrets measures. Therefore, we must be careful. The Bill, with the exemptions conferred under it, is a Trojan horse by which state power can be augmented at risk to the private citizen.
I am not criticising the Government, although I may do so stringently in other debates. The Bill will apply in its form and its exemptions to any successive Government. Therefore we must be careful about the rights that we give and those that we withhold. The Department of Health and Social Security holds files of personal data on 26 million people; the Inland Revenue on 24 million; the Driver and Vehicle Licensing Centre at Swansea on 14 million and the various police forces probably on 20 million, most of whom have no criminal records other than some motoring misdemeanour.
The power of the computer today is such that all of the data on individuals can be put together. On the largest of the files there are probably no more than 2,000 records belonging to people born on the same day, but by a process known as file inversion it becomes simple to correlate that data on a number of files belonging to one or more citizens. That power of correlation represents at once the strength and the danger of the computer in the hands of malign bodies.
Although all of those files, with the exception of police files, are covered to some degree by the Bill, they can all be brought under the control of a police or security service under the auspices of clause 28(1)(a) and 28(2) if the security service believes that it is in the furtherance of the prevention of crime. That phrase could cover a multitude of aims. Although no one here would doubt the need to give the police adequate powers to ensure that criminals are caught, law enforcement, detection of crime and conviction are entirely different matters from the prevention of crime where the authorities have the power to interfere in the unexceptional and innocent lives of citizens.
Indeed, the police may not even require that clause if its whole system, like the large machine in Curzon street, Mayfair, is exempted by one of the most junior Cabinet Ministers. I agree with the point made by the hon. Member for Thanet, North (Mr. Gale) that it is strange that the right to sign exemptions is available virtually to every Cabinet Minister, however junior. There must be some restriction on that in the interests of proper control.
If the definition of "processing" in clause 1 does not cover the copying of files and the passing of such copies to other bodies, the whole objection that could be taken 51 to the practice could lie outside the workings of the Bill, and therefore I, too, would like to see "copying" included in the Bill.
It is to the principle of the measure that we should be addressing ourselves today, and the principles laid down in the explanatory and financial memorandum and described in detail in schedule 1 are such that we can agree with them. However, the fundamental question still remains whether the Bill in its present form, and given the changes made to it in another place—but, even more, given the resistance of the Government to changes to clauses 27 and 28—carries out these principles or even gives hope that, with changes, it might do so. My answer to that question is a decided no.
The Bill may not seem to many to be a great constitutional matter. Indeed, considering the poor turnout of hon. Members—there are almost as many people in the Home Office Box as there are in the Chamber—it might be said that we are diminishing a measure of considerable importance. If I were to say that instead of passing a Data Protection Bill we were introducing legislative provision for some kind of super police authority and were giving that authority power to hold records on every facet of life of every citizen —including every member of both Houses of Parliament, every activist in every political party, every trade union leader and shop steward, every director of every limited company and public corporation, every doctor and dentist; in other words, of the whole population—the House would be up in arms.
We must take on board the computer power that exists to correlate all the information, correct and incorrect, that exists in the files. Taking my suggestion further, if no one had any right or authority, under such a measure, to check what was going on and to examine whether it was accurate, the House would reject the Bill out of hand.
With the exception of the national police authority, or super police force of the type that I have mentioned, this measure will do what I have otherwise described. It merely needs a certificate, signed by a Minister of the Crown, saying that such a system is required for the safeguarding of national security, and under the Bill no one need even know that such a certificate and system exist. It is by methods such as those that we can find our liberties supressed.
It was stated in a White Paper on the subject that if there were material changes in the handling of these matters, any exemptions should be minimal. Indeed, in the Government's White Paper, "Data Protection: The Government's Proposals for Legislation," it was stated on page 6:
The use of certain other data relating to matters referred to…will be exempt from legislation. These exemptions will include some data needed by the police and other law enforcement agencies for the prevention and detection of crime. But the intention will be to keep exemptions from registration to the minimum that is consistent with the proper functioning of the agencies concerned. Similarly, registered data users who make information available to the authorities in connection with these matters will not be required to register such disclosures of information. To register them would tend to defeat the purpose for which they are made.The major exemptions contained in the Bill, which give rights to central Government which are not available to commercial and individual operators, make the measure extremely dangerous.52 I am delighted to learn that the Official Opposition intend to oppose the Bill. I considered tabling a reasoned amendment against the Second Reading. My hon. Friends and I will join Labour Members in voting against the Bill, in the hope that the Minister will redraft it, even if for the third time.
§ The Minister of State, Home Office (Mr. David Waddington)I understand the hon. Gentleman's view. Has he engaged in any consultations with the Official Opposition? Can he give any information about why there has been a sudden change on the part of the Labour party? The Bill contains many changes made to meet points voiced by the Official Opposition the last time round. They did not vote against it when it was introduced in the last Parliament, yet apparently they have now suddenly come to the conclusion that they should oppose it. We would be much obliged if the hon. Gentleman could help us on that.
§ Mr. WilsonAs the Minister knows, the official channels are extremely murky and it is not always possible to describe exactly what goes on in them. I must leave it to the Labour party spokesman, the hon. Member for Knowsley, North (Mr. Kilroy-Silk), to answer the Minister's question.
I take root and branch objection to clauses 27 and 28 in particular, and we in the SNP will vote against the Bill as drafted. We have said that we approve of necessary data protection requirements—those that are needed for our adherence to the relevant international convention—and if the Government had not included dangerous exemptions in the Bill we should not be opposing it.
Even if the Government succeed in the vote on Second Reading tonight, I hope that they will still be prepared to consider some of the points that have been made so that the damaging proposals to which I have referred may be removed. Otherwise, I fear that successive generations may regret the way in which the Bill has been drafted. Who can tell what will happen in the future? All we can do in the light of the tremendous power of data processing and computers is to include precautions in our legislation so as to make our law beneficial to society, rather than a potential enemy.
§ Mr. Neil Thorne (Ilford, South)I had the pleasure on 11 April 1983 of speaking on this subject in the last Parliament. At that time a number of Opposition Members said that one needed to be highly qualified technically to participate in the debate. I said that was not necessarily true, because it was a fundamental issue that should be understood and grasped by the man in the street.
The hon. Member for Dundee, East (Mr. Wilson) made some valuable points, and his remarks on whether complaints should be dealt with by a tribunal or a court were of particular relevance. The whole question of dealing with complaints of this nature must receive our careful attention. I suggest that having a tribunal to deal with such matters would encourage aggrieved people to take up issues at a lower tempo than would be the case if they had to go to court.
There would be obvious disadvantages. For example, some people who delight in taking up issues of this sort might make complaints of a trivial nature, knowing that they would not face considerable costs because they could 53 act as their own advocates. That, I appreciate, is a danger, but if complaints could go only to court, we should find a substantial number of cases going there, possibly adding to the already heavy legal aid bill, and, as usual, the lawyers would benefit substantially. I am not in favour of that, and that is why the hon. Gentleman's suggestion appealed to me.
The Bill is considerably improved in its new form, for a number of deficiencies have been put right. The main problem is that we are at some disadvantage compared with the international business community and we must approach the Bill with that in mind. We have received representations from the CBI, which has urged us to consider the issue as a matter of urgency. It observes that it is of overriding importance to international business interests, British industry and commerce that the United Kingdom Government should ratify the Council of Europe data protection convention at the earliest possible moment. I agree with that.
Consequently, the Bill must be dealt with urgently. There are always excuses for putting off a proposed measure so that it can be submitted in a more perfect form; but we must get on with the Bill, even if the result is not 100 per cent. what we would have wished. There will be opportunities later to put things right.
We should go for the minimum requirements that are set out in the convention. It would be foolish to try to be too ambitious. We must look for a free flow of business information within and across international frontiers. The advantages to be gained from the computer age would be seriously affected if that wre not so. The legislation should not impose any greater use of resources of Government or industry in achieving its objective than can possibly be helped, for the simple reason that there are excellent opportunities for slowing down the whole business process. In reply to an intervention, my right hon. and learned Friend said that it was right and proper that the business community should readily respond. He felt that in so doing it need not adversely affect the use of computer technology which we enjoy and which, I hope, will considerably aid and expand our standard of living.
Registration is one of the most important issues to bear in mind when considering the Bill. It might be possible for a company to be established under a limited liability umbrella, to operate and to flout the law. It will be possible promptly to take action against such a company, but, before that action could be effective, the company could set up a second company to act in parallel with it and to continue to operate from that second company.
The measures to which my right hon. and learned Friend referred cover that possibility and ensure that this will not happen. I am pleased that there is an emergency procedure to deal with such an eventually. I hope so, for I imagine that those who would be ruthless in taking advantage of technology would be up to all sorts of tricks. We must ensure that they cannot get round legislation as soon as it is introduced. There is great merit in permitting registration immediately and not requiring companies to wait a long time.
Most of the business complaints that I receive from constituents are based on the time that they have to wait for authority or approval. This often arises following a minor change to their business name. Having submitted an application in the course of arranging finance for their business, they sometimes find that it is necessary to make a minor modification to their name or to their 54 memorandum and articles of association. They then often find that the entire registration process has to start afresh as a result. They become upset because, having made an investment which to them is a considerable sum, they suffer considerably while waiting for authority to come through from a Government Department. I understood my right hon. and learned Friend to say that that would not happen as a result of this measure, and that it would he possible for a company to start up almost straight away. Nevertheless, he has wisely reserved to himself the opportunity of putting a stop to such an arrangement if it is seen to be taken advantage of by those who are especially unscrupulous.
The advantages of proceeding with the Bill are great, but I ask my hon. and learned Friend to advise me on a matter which is dear to my heart—civil defence. Over recent months I have been trying to get information from Government Departments on how they would provide adequate protection to important data in the event of hostilities.
We all appreciate the need for the back-up facilities of large companies. Such facilities mean that if there is an emergency—for example, a fire—at their premises, they have an alternative means of recording all the information that is needed in their computer network.
Recently someone was caught acting dishonestly because a secret device in a computer alerted a bank to what was being done by certain computer operators, who believed that, by wiping off certain evidence, they would be able successfully to transfer $7 million from an American bank to an Israeli bank, and thereby avoid detection. I understand that the case has now been heard in the courts. The computer contained a device which disclosed what was going on to the management of the bank, which was able to stop what otherwise would have been a major crime.
I hope that Government Departments will have some effective means of protecting data. This I understand is done in certain circumstances abroad. I think that the Americans are turning their attention to this important issue. A location for the collection and protection of such information for banks would not necessarily cover major catastrophes, for example. The process is designed to provide an alternative record in other premises, on the basis that a fire in two similar buildings at the same time is unlikely. Consequently, it is unnecessary to have what amounts to military quality protection for their records. That is not necessarily the case with Government records. We must give serious consideration to how Government records are kept and where they are stored, and examine what we are doing effectively to meet such eventualities.
The question of civil defence at the moment requires much more attention, and not only on the part of the Opposition. In the coming months the Government will need to pay much more attention to this subject in order to satisfy the population that it is being taken seriously. The question of the collection and protection of all data on this subject would be a good area in which to start. Perhaps my hon. and learned Friend could advise me whether he has given any consideration to that point, and, if so, what the Government propose to do.
The legislation will, of course, contain reference to the penalties that one is likely to suffer if one does not abide by its provisions. My hon. and learned Friend will be aware that there are various ways of incorporating information in a computer record in coded form. It is not 55 necessary to spell out everything in detail in the record. One can incorporate information in a more subtle way. Has my hon. and learned Friend given any thought to this point? For example, if one were suspicious about the credit-worthiness of a customer, it would be feasible so to arrange the display of his address, or even his initials—for instance, by placing the initials before instead of after the name — as to make that clear. The information would not be immediately apparent to anybody who received an extract from the document. There are, of course, other much more sophisticated ways of introducing coded messages into computer records. The Government should look into this matter. As soon as a Government introduce any legislation, people start working hard to find ways round it. This is one area in which people could certainly circumvent the provisions of the Bill.
I did not clearly understand from my right hon. and learned Friend's remarks today whether any charge was to be levied upon the person seeking access to entries held about them.
§ Mr. Simon HughesYes.
§ Mr. ThorneAre there to be regulations about such charges? The matter was discussed in the previous Parliament, but I am not sure what the provisions were for limiting the size of the charge and making sure that it was fair and reasonable. People could easily be scared off if they were charged too much, but, if the charge were too low, some vexatious applicants would make a point of inquiring frivolously and making life difficult for the community. Although the institution in question — a bank, for example—might be well off, it is ultimately the customer who pays. If considerable extra charges are levied upon an insurance company, it is the insured who will ultimately have to meet the bill. Their premiums must cover all the costs, and their benefits will come out of what is left.
One wants to ensure that the charge is fair and reasonable to the applicant, but one must also be fair to the rest of the community and to make sure that one is not over-generous to some and therefore likely to impose a heavier burden on the remainder by unnecessarily adding to the total cost.
I should be grateful if my hon. Friend would consider these matters and further advise me about the points that remain to be answered. I am sure that the Bill is right and necessary. I look forward to watching its progress towards the statute book. I do not wish to inhibit its progress, but there are certain ways in which it could be improved. I hope that the opportunity to continue to improve it will be taken in the near future.
§ 6.5 pm
§ Mr. Tony Lloyd (Stretford)The Bill represents a tremendous loss of opportunity. It should have been a significant measure for the protection of civil liberties in an area where there is currently no such protection. However, the Bill is very incomplete and, as my right hon. Friend the Member for Manchester, Gorton (Mr. Kaufman) has said, where the Bill claims to be innocuous it is in many places downright harmful. The Bill is not simply a lost opportunity in the sense that we are not grasping the nettles; it is dangerous because, once it has 56 been passed, we will find it far more difficult to bring in adequate legislation later on for the protection of the individual.
Of all the reasons given for introducing the Bill, by far the most important in the mind of the Government is the need to ratify the European convention, as the hon. Member for Dundee (Mr. Wilson) has said. The need to protect the individual either from the use of erroneous information of from the misuse of correct information is totally ignored in the Bill. Because of the loopholes and exemptions, and indeed its totally flawed nature, the Bill does not give adequate protection even where it claims to do so.
In many cases where the Bill fails to accept the recommendations of the Lindop committee, that failure has resulted in a weakness in the Bill. One fundamental flaw concerns the concentration on data used for automatic processing at the expense of data held on manual systems, which is totally ignored. Hon. Members on both sides have asked whether it would be possible for a database user to copy off his existing automatic processing system and so avoid the trap laid for him by the Bill. However, the situation is even worse than that. It takes no great ingenuity to offload controversial or illegal data held initially on an automatic processing system and to transmit it to someone in simple written form. Such an action would be totally outside the scope of the Bill.
There is no reference in the Bill to manually processed systems, and that is a fundamental defect. If we were seriously discussing the need to protect the individual—I fear that we are not— against the use of erroneous information or the misuse of correct information, we would have to consider the necessity to legislate about information stored on manual systems.
A constituent of mine has complained because he feels that his previous employer is deliberately making it difficult for him to be re-employed by giving him an unsatisfactory reference. Nothing in the Bill would allow my constituent any remedy for that.
If we accept international practice, Great Britain will be almost unique in excluding manual sources of data. International experience suggests that most complaints result from manually kept data. If we accept that medical, school and most other records that interest us are stored manually, then one realises that the Bill omits these things. It concentrates solely on data held on automatic processing systems.
Another fundamental weakness is that there is no statutorily defined code of conduct. Schedule 1 lays down the principles on which we hope the Bill will operate. It is clear that some of them need clarifying before they can be operated. Some are too imprecise, however well—meaning and desirable they are. What does the Bill mean when it states:
Personal data held for any purpose or purposes shall be adequate, relevant and not excessive"?How do we define "adequate, relevant and not excessive"? Those points need to be clarified by an independent but statutory, code of conduct. That brings us to the subject of an independent data protection authority which could act in this and other spheres in the interests of the registrar and the individual.Hon. Members have commented considerably about the alarming exemptions in the Bill, specifically the one contained in clause 33(2). That subsection gives the Secretary of State power to exclude any data held by the 57 Government from the operation of the Act. He can therefore deprive any individual of any information held by the Government. The present Government may not intend to use the Bill in that way but who knows? It is potentially disastrous to give such power to the Secretary of State. It must be unacceptable unless adequate checks on the use of that power are provided. They are not given to the registrar or his staff.
There is little effective control over the Secretary of State should he decide to invoke national security. The Lindop committee made some specific recommendations about that. As my right hon. Friend the Member for Gorton said, the registrar's organisation should have someone who has a level of security clearance which would allow him to vet the operation of that provision. It is not included in the Bill, and its omission represents a fundamental challenge to civil liberties. It cannot be argued that we are not eroding any present powers. If we accept that we should be improving and strengthening civil liberties within the private sector, the Minister should tell us why we should not be doing the same thing in areas of national security.
Similar considerations apply to clause 28 which, as hon. Members have said, seems to give carte blanche to the police and the tax authorities. There is no adequate regulation to prevent them from abusing that power. I hope that when he replies the Minister will justify those powers.
The Bill is grossly inadequate in the protection that it affords the individual and the measures that it gives him to seek protection. Hon. Members have said that fees will be a disincentive to some individuals. I note that in another place an unsuccessful attempt was made to exempt those in receipt of social security. However small the fee, it will discourage some from pursuing their rights under this legislation.
Hon. Members have said that a multilateral tribunal would be more satisfactory than a unilateral one. It could then deal with the interests of the complainant and not solely those of the data user. If the individual has to go to court he could be faced with expense, and he will not accept that. It will be a deterrent. The data user knows that, should it be expensive to pursue the matter through the courts, people will not use the Bill to seek information or to seek to remedy the abuse of the information held by the data user. There will therefore be no effective control over the data user.
There is almost no control over the transfer of data to a third party. The individual is left in a weak position in that respect. I should be grateful if the Minister would comment on that point.
In another place, the distinction has been made between information held as a matter of intention and that held as a matter of opinion. It was argued that if the information expressed the data user's intentions, it was exempt from the law. In other words, an employer who wished to sack an unruly, militant trade unionist would say that it was his intention at some time to dismiss him because he was a Communist, a subversive, or a danger to the company or the state. The individual could not therefore discover that information. However, if those matters were expressed as an opinion, the individual would be able to discover them. That weakens the Bill's provisions.
My right hon. Friend the Member for Gorton has already talked about the BMA. Clause 28(2) means that there is a fundamental change in the relationship between the medical profession and the police. At the moment, the 58 medical profession is governed by the BMA's handbook on ethics which makes it clear that the authorisation for passing information should come from the clinician who initiates any information. Under the Bill, the initiative will pass from the initiating clinician to those who are considered to be the data users. That will almost certainly not be the relevant clinician or doctor but someone employed by the health authority. In a modern hospital it would be impractical for each clinician to register as a data user. It would frustrate the hospital's medical needs. It is necessary for the Minister to say how those problems would be overcome.
While it may be fanciful to talk about the automatic processing of the confessional, worries similar to those expressed by the medical profession might be expressed by clergymen and others involved in religion. Even Members of Parliament could find themselves in a similar position.
The Bill is a lost opportunity. Far from strengthening civil liberties, we are weakening them. Far from giving protection to the individual, we are eroding his position. The sole reason for the Bill is that it allows the Government to ratify the European convention.
There are other problems. The Home Office has access to different data. There is a distinction between the Home Office being registered as a data user in its different parts or being simply a data bank. That causes considerable problems. In theory it would allow the Home Office to link up its data and the transmission of information between, for example, the immigration service and the department dealing with criminal records. There is nothing that would prevent the Home Secretary from allowing that. It seems that he has the power to be the ultimate arbiter of what is or what is not acceptable conduct without recourse to the House and certainly not to an independent person such as the registrar.
If the Bill receives its Second reading, it will be a retrograde step. I hope that right hon. and hon. Members will take the obvious course of voting against it. It should be defeated.
§ Mr. David Atkinson (Bournemouth, East)I congratulate the Government on reintroducing the Bill so early in their second term of office. I spoke in last year's Second Reading debate. I was one of several hon. Members who regretted the time that it took to bring it before the House, particularly as the computer revolution had been under way for more than two decades and we were talking about the fifth generation of computers. Therefore, we can all regard the Bill as overdue. When we take into account the fact that the Younger report on privacy was published over 12 years ago and the White Paper was published about nine years ago, we cannot blame the Government for the delay.
I accept that there appears to be little tangible evidence of information kept in a computer in this country being misused and threatening personal privacy, but that is not so in the United States where the computer revolution is much more advanced. Abuse of the computer system in the United States is fast becoming a popular theme for Hollywood films such as "Superman III". I imagine that some hon. Members will have seen it with their children. One of the villains discovers the secret of being able to claim for himself the entire fractional statistical shortfall in entitlement to benefit of the entire nation's work force. 59 At least, I think that was the plot. Unusually on this occasion, my 10-year-old daughter and, even more unusually, my six-year-old son were not able to advise me otherwise. Even more frightening was the film "WarGames" in which a schoolboy discovers the secret of the nation's security and defence system and nearly sparks off world war 3.
As has been said, it is difficult not to gain the impression that the Bill would not be before the House but for the impetus of needing to ratify the Council of Europe convention. I am one of those who represent this country in the Parliamentary Assembly of the Council of Europe. I do not agree with all the conventions that come before us, but I accept that as member states we should abide by them. The delay in the preparation of the convention and the general election that intervened should have enabled us to benefit from the considerable number of debates in both Parliamentary Assemblies. It should also have enabled us to anticipate the consequences of the rapid development of equipment and the use of computers in our schools and colleges. I hope that has happened, although I see no reference to it in the Bill. I hope that no reference will prove necessary, otherwise we shall have missed an opportunity after that revolution in our schools and colleges.
One opportunity that has been missed—this criticism was widespread before and has been echoed in the debate —is that we are not also legislating to protect against the abuse of manual records and computer printouts. Last year all the Dorset Members of Parliament received a circular from the Dorset branch of the National and Local Government Officers Association saying that half the complaints received by the European Data Protection Commission resulted from the abuse of manually held files. That fact is obvious. Records such as school reports, employees' references and doctors' files on patients are manual before they can go on to a computer.
Manual records will be with us for a long time. For example, it is estimated that about 95 per cent. of personal medical information will be held as manual records for the foreseeable future. My right hon. and learned Friend the Home Secretary gave assurances about manual records, but excluding them from the Bill may encourage data banks to revert to manual systems for more sensitive personal data. I regret that we are not using the legislation to protect the individual against unauthorised disclosure of information in manual recording systems. After all, the principle is the same.
The Bill does not seem to protect people from being sent unsolicited material through the post simply because their names and addresses are on computer as data which may or may not have a bearing on the material that is being sent. From time to time Members of Parliament receive complaints from constituents who receive unsolicited material. I understand that the Post Office can act only when unsolicited obscene and pornographic material is sent. Although I have not received such material myself, I understand that is difficult to determine if the material is contained in plain brown wrappers.
There should be protection against receiving unsolicited material, which can be sent to a house for several years. For example, unsolicited material is being sent to my address, not just to myself, but to all the 60 previous owners of my house, the first of whom moved about 15 years ago. I do not suppose that his name was held on a computer, but we must protect everyone.
No doubt I shall be referred by my right hon. and learned Friend to the protection afforded by schedule 1, principle 5, which states:
Personal data shall be accurate and, where necessary, kept up to date.Surely the onus should be not on the receiver of such material—the data subject—but on the sender—the data user. He should be told not to abuse such information. I make the practical suggestion that there should be a time limit on some of the personal data that are held by data users, to contain the abuse of information held on computer.Schedule 1, principle 5, states that data shoud be accurate. However, I question whether it would protect me from the Social Democratic party. In the previous Second Reading debate I complained that I was continuing to recieve literature from that party. I assure the House that I have never expressed any flicker of interest in or support for the Social Democratic party, although I need to know about it politically and professionally. However, three and a half years ago I received in the post my Social Democratic party membership card and a letter thanking me for my subscription, followed by regular news about the gang of four, which was fascinating. To be fair, it is more than two years since I moved from that address, so I am not now receiving my regular information about the gang of two, as it now is. However, for all I know, the information is still being sent to my old address. Data subjects such as I look to the Bill for protection from the consequences of inaccurate information held by data users such as the SDP.
§ Mr. Denis Howell (Birmingham, Small heath)Will the hon. Gentleman comment on the fact that in Birmingham the Conservative party does not need a computer to send objectionable literature to firms requesting donations for its purposes, but uses the telephone directory? Is the hon. Gentleman in favour of banning telephone directories on the same basis?
§ Mr. AtkinsonThe right hon. Gentleman is suggesting how much more efficient the Conservative party is than the Labour party and the SDP.
I welcome the improvements that have been secured since the Second Reading of the first Data Protection Bill last year, especially the safeguards for data users, where powers of entry and search are exercised and which have been strengthened so that data users normally have the right to a hearing before a circuit judge before a warrant is issued. I understand that they will have the right to obtain a copy of any material siezed and that there is a requirement that warrants should be endorsed with any powers which have been exercised under them.
Those safeguards were introduced in response to many calls about the Police and Criminal Evidence Bill not only from doctors, but from priests and the press. The powers offered to police in that Bill would, it was claimed, not only allow the inspection of the non-computerised records of professional advisers and potential witnesses, but would nullify such protection as the Data Protection Bill offers to computer records. That suggests that a Bill of Rights, defining the Government's powers and the rights of citizens to appeal against their exercise, is long overdue. 61 The Conservative party in its manifesto commitment of 1979, on page 21, committed itself to discussing the concept of a Bill of Rights with all parties. I understand that that has yet to happen, and I look forward to hearing from my hon. and learned Friend the Minister of State the Government's plans in the context of this Bill for a Bill of Rights to protect individual freedom.
§ Mr. Robert Maclennan (Caithness and Sutherland)I strongly agree with the concluding remarks of the hon. Member for Bournemouth, East (Mr. Atkinson), and I hope that when my Bill, which has cross-party support and seeks to incorporate the provisions of the European convention on human rights, comes before the House for Second Reading on 6 April, the hon. Gentleman will ensure that there is considerable support from the Conservative party to ensure that it passes into law.
The Social Democrats welcome the introduction pf legislation aimed at protecting individual privacy. It is high time that we had a Data Protection Bill. The risks to individual privacy from computerised information systems have been on the national agenda at least since 1970 when Justice published its classic report "Privacy and the Law" and Mr. Brian Walden introduced the Right of Privacy Bill which Justice had drafted. That led to the appointment of the Younger committee, which reported in 1972 but was allowed only to look at the private sector. Three years later, when my right hon. Friend the Member for Glasgow, Hillhead (Mr. Jenkins) was Home Secretary, he published a White Paper, "Computers and Privacy", promising legislation after a further study by the Lindop committee. That committee reported in 1978. Shortly afterwards, the present Administration came into power. It was not until the end of the last Parliament, after another four years had elapsed, that the Conservative Administration at last introduced a Bill which, with some modifications, is the Bill before the House.
It is unfortunate that, in view of the widespread anxieties that have been expressed about the Bill from a large number of quarters, the Government have not facilitated the procedure that would have enabled the Bill's provisions to be considered by a Select Committee. The Minister owes it to the House to explain the Government's opposition to that procedure. The Home Secretary was silent on the subject.
In the 13 years since the Right of Privacy Bill was introduced by Mr. Walden, many people have changed their positions. The early confrontations between people who saw in computers the arrival of the millenium and those who feared only the advent of George Orwell's 1984 have long been resolved. Today, there is widespread agreement that computers, like motor cars, represent a technology that can confer great benefits, provided we learn to control them properly. Data protection laws have therefore become commonplace in many industrialised countries. In this country, the ostensible purposes of the Bill are supported by a remarkable alliance of disparate interests — industrialists, trade unionists, consumers, professionals and most of central and local government. Almost the only remaining doubter appears to be the Home Office — paradoxically, the Department charged with bringing the Bill before Parliament.
The Bill's core is in the first schedule, which sets out eight splendid data protection principles. If all computerised information were to follow those principles, 62 1984 would be a year from which we in the United Kingdom would have nothing to fear. One might wish that the credit for those principles could be given to the Home Office, as the sponsoring Department for the Bill, but they were drafted not by the Home Office but by the Council of Europe in Strasbourg. Because the Council of Europe has now adopted an international convention on data protection, the present Administration has been forced finally to introduce this legislation—not because it cares greatly about the privacy of the individual but because of the pressure from industry and commerce which realise that without such legislation there would be a serious risk of having international data flows, on which they are becoming increasingly dependent, cut off.
I found the attitude of the right hon. Member for Manchester. Gorton (Mr. Kaufman), who spoke for the Labour party somewhat puzzling. He acknowledged, but appeared in Luddite fashion to resent and resist, the unanimity of industry on the belief that such provisions are needed for its benefit. That is not the whole story. It is remarkable that the right hon. Gentleman did not recognise the importance of ensuring international data flows.
Whatever the Government's reasons for bringing forward the Bill, we have legislation on this subject several years after most of our trading partners and competitors in Europe have enacted theirs. The SDP will vote in favour of the Bill, but we welcome it with considerable qualifications because it is still flawed in a number of important respects.
Computers frighten many people who do not understand how they work. In fact, how they work is irrelevant; what matters is the use to which people can put them. Unfortunately, that is not a lesson that the Home Office had learned when it drafted the Bill. The Home Office directed its measures entirely to data, rather than to what people will do with data processed in computers. The unfortunate result is that certain data, rather than uses to which those data will be put, will be exempt from the Bill's provisions. That is regrettable, but I fear that, as the Bill is drafted, it is almost irretrievable.
§ Mr. Denis HowellVote against it.
§ Mr. MaclennanThe right hon. Gentleman says that we should vote against it. Although I consider that that is an important issue, it is more important to seek to protect international flows of information and the citizen whose privacy is at risk through the storage of information without any redress. The Bill is capable of being improved in Committee to which I hope it will shortly go, and we ought to address our minds to that purpose.
The principal objective of the Bill is to enable this country to ratify the Council of Europe convention. That can be done only when computerised processing of personal information has been brought under the control of the law. It appears, however, that under clause 40(2) that control will not become effective until more than two years after the Bill is enacted, so for the whole of that period we shall be unable to comply with the convention. Clause 40 deprives the registrar of any powers during that period because the Government expect him to be so swamped with applications for registration as to be unable to consider any of them on its merits. That in turn is due to the extraordinary policy, with a few exceptions, of universal registration of all computerised personal information systems within six months of the appointed 63 day. That is clearly administrative nonsense. The Home Secretary did not mention it, so I hope that the Minister of State will turn his mind to it when he winds up.
The Council of Europe convention does not require universal registration, let alone registration for everyone at the same time. The obvious and sensible solution would be to phase registration sector by sector and application by application in tune with the registrar's work load, and it will be appropriate to introduce proposals to that effect in Committee. Indeed, the Government have already abandoned universal registration by exempting word processing under clause 1(8) and payroll and accounts systems under clause 31.
The registrar cannot possibly supervise compliance with the data protection principles for every one of the hundreds of thousands of applications registered with him. Fortunately, however, most of the systems fall into a small number of specific categories, the users of which are only too anxious to have agreed rules with which they would be happy to comply. The Lindop committee described such rules as codes of practice, but the Government seem to have set their face firmly against such a procedure. Like the right hon. Member for Gorton, I am baffled by the Government's obdurate opposition to the introduction of codes of practice when it is supported by the CBI, the TUC, the National Consumer Council, the Consumers Association, local government, the computing community and just about every other interest concerned with the processing of personal information. The Government must do better than merely referring to the general principles set out in schedule 1 as an explanation for their extraordinary and incomprehensible attitude. Codes of practice devised by the users themselves can clearly provide essential support for the legislation. That, therefore, is another subject to which we shall have to return in Committee.
One of the most controversial aspects of the Bill, to which several hon. and right hon. Members have referred, is the effect of clause 28. Not before time, at the second Report stage in another place, the Government finally conceded that immigration control was not a legitimate category for exemption under clause 28. Nevertheless, we are left with the offensive proposition that people and institutions holding highly confidential information about individuals — I have in mind especially the health professionals — could disclose such information with impunity to the Inland Revenue, Customs and Excise or the police while giving the public the clear impression from their entries in the register that they would never do anything of the kind. The Lindop committee rightly described this as
a palpable fraud on the public".Such a provision is wholly unacceptable. It is quite unnecessary for the prevention or detection of crime or for the apprehension and prosecution of offenders. We shall therefore make every effort in Committee to ensure that the provision does not apply to information received in confidence. When people intend to remain free to disclose such information in proper cases—I acknowledge that there may well be such cases—they should make that clear in advance.Of all the categories of personal information, the one that worries everyone is probably that of personal data relating to health. When people go to see their doctors they need to be able to disclose even the most intimate details 64 about themselves so that they can be given the right treatment in the absolute confidence that the information will never be disclosed or used for any other purpose. For that reason, the health profession voiced their strong opposition to clause 28(2) from the moment that the Bill was published and they have maintained that opposition to this day. An inter-professional working group on access to health information, composed of representatives of all the health professions under the distinguished chairmanship of Sir Douglas Black, has been advising health departments on this for more than a year. I understand that the outcome is that the health departments, in collaboration with the working group, are preparing a code of guidance on access to health information. I am surprised that the Home Secretary did not mention that.
When that code of guidance has been agreed, the Secretary of State for Social Services will be able to ensure compliance with it in the National Health Service by making appropriate directions under section 17 of the National Health Service Act 1977, but the NHS is not the only holder of personal health information. It is held by many other people, including local authorities, employers and insurers. The health professions are unanimously adamant that any disclosure of personal health information must always be a matter for the health professionals concerned and never a matter for administrators or other laymen. The code of guidance will ensure that that is so within the NHS, but once such a code exists it is imperative that it should extend to all personal health information, whoever holds the information. It would be unthinkable that local authorities, employers or insurers should be allowed to make disclosures which could not be made by anyone within the NHS. That, too, will require an appropriate amendment to the Bill in Committee.
My final point, which seems not to have been discussed in either House, relates to clause 21. Under that clause, data subjects will rightly become entitled to discover what information is held about them in various computer systems, but how will the data subject identify himself? What is to prevent a prying neighbour from finding out all that he can about other people? At the very least, it should be an offence to impersonate another person for the purpose of obtaining compulsory access to personal information. We shall suggest appropriate provisions to that effect in Committee.
I shall not detain the House with other matters of great importance which are more appropriately dealt with at length in Committee, a number of which were touched on in earlier contributions. Notwithstanding our hope that various new clauses and amendments will be agreed to in Committee, we welcome the Bill and will do all that we can to ensure that, deprived of its present blemishes, it passes into law as soon as possible.
§ Mr. David Heathcoat-Amory (Wells)Almost everyone is in favour of the Bill until he or she reads the small print. It is a daunting task to design legislation for such a fast-moving technology, and my right hon. and learned Friend the Home Secretary has my sympathy. He is right to try and establish the principle that the citizen has a general right to know what information is held about him or her and to inspect and correct it. The question is how far to extend that, without either strangling the data processing industry or creating a vast extension of the law, 65 which would be impossible or expensive to administer. For instance, it has been suggested that we should create a general right to privacy. That would delay the essential protections contained in the Bill and create a new corpus of law and new criminal offences. At a time when we are having difficulty enforcing the existing criminal law, that would be a mistake.
Opposition Members who suggested a general right to privacy were slow to undertake that task when in office. We can ill afford to delay the legislation. The data processing and information technology industries are fast-growing, international industries, which Britain is almost uniquely well-placed to exploit. We have excellent data links with the rest of the world, we are positioned both geographically and socially between Europe and America, and we speak English, which is of great advantage in designing and using software. It is vital to bring our data protection standards and laws up to the best of those prevailing abroad. The Bill attempts to tailor those requirements to suit our own laws and circumstances, and does not accept a fait accompli from the European Commission or elsewhere. The Bill gets the balance about right.
The use and retrieval of information is undergoing a revolution comparable to the invention of printing. People in the 16th and 17th centuries were probably frightened that false and malicious information could be easily copied and distributed because of the introduction of the printing press. We coped with that revolution, probably by encouraging the benefits and discouraging the abuses created by it. We must do the same for this new means of distributing and retrieving information.
I welcome the proposal for a named, individual registrar, an excellent precedent for which is the parliamentary ombudsman. The registrar will have more flexibility than an authority or tribunal. That is important because we must try to look ahead and legislate for developments that at present are barely thought of. I am, however, worried about the scope of the organisations that will be required to register. I ask the Minister to give the House an estimate of the numbers expected. My guess is that it is several hundred thousand.
I understand from the Bill that hon. Members will have to register if they have in their offices a computer or word processor on which they store names and addresses or categories of constituents. Similarly, constituency associations may have to register if they hold lists of party members or electors, which are selected on subjective grounds. That is not covered by the provison whereby information is exempt if it is generally available to the public by other means.
Moreover, if an hon. Member links his computer in his office in London with that of his constituency office, wherever that may be, will he have to register, as well as his constituency association? In other words, is the requirement to register defined by the person using the data, the siting of the computer, the siting of the data bank, or an amalgam of all three? That is important because of the potential burden on small businesses and small users. It is an industry of small businesses. That is its very strength and it cannot be overstated that what small businesses want are not Government handouts, grants, tax schemes and so on, but exemption from rules and regulations that they see as constricting and unnecessary.
I hope that the Committee will examine carefully the possibility of giving the Secretary of State for the Home 66 Department power to exempt certain categories of data if practice shows that nothing is gained by their registration. That would reduce the sheer volume of registrations and relieve some data users from the necessity of extra paperwork.
I should like the data processing industry to take the lead in removing some of its more irritating practices. For instance, it would be wise to regulate the use of mailing lists. I am sure that hon. Members on both sides of the House are used to receiving unsolicited mail, and personally, I do not find it burdensome to place such material in the wastepaper basket. But it is sometimes annoying for the public to receive multiple copies, as can happen when a company buys or uses a new mailing list and adds it to its existing data bank.
The duplicate names are supposed to be removed by a process known as "merge and purge". That is not foolproof. Unfortunately, I am burdened with a double-barrelled name, and I frequently receive a circular or material addressed to both halves of myself. Therefore, the industry should take this opportunity to show the public that, without legislation, it can update its practices, remove some of the errors and increase public confidence.
§ Mr. Simon Hughes (Southwark and Bermondsey)For many of us, this is the second time we start around the course. As the Home Secretary said, the Bill has been to the other place twice. It is fair to say that it has been improved with the passage of time. There is a long way to go, but compared with the measure that came before the House last April, one of the substantial objections—an exemption for information on immigration records—has disappeared, and other improvements have been made.
Even though we are debating the Bill for the second time, as it relates to a subject of such fundamental importance—the right to privacy—it is sad that so few hon. Members are present. I mischievously totted up the figures and discovered that about 10 minutes ago attendance on the Government Benches was 2.5 per cent., or between 10 and 12 Conservative Members; on the official Opposition Benches it was 1 per cent. or two hon. Members, but on the alliance Benches — this I hope reflects our interest in the subject — the combined strength was four hon. Members out of 23, or 16 per cent., and at one stage it was six out of 23, or 20 per cent. Given that at times there are complaints about important matters not being subject to proper debate, it deserves to be noted that alliance Members have played their part in recognising the importance of debating this measure.
§ Mr. Denis HowellHow will the hon. Gentleman vote?
§ Mr. HughesI shall come to that in a moment, if the right hon. Gentleman is patient for a little longer.
The reverse side of the subject of privacy is the campaign for access to information. Alliance Members make this point today because the Conservative Government, like the last Labour Government, believe in an ad hoc approach to matters of principle.
When I spoke on Second Reading last April I followed the hon. Member for Bournemouth, East (Mr. Atkinson), who said, as he did today—I supported him then and I do so again—that we would do a better job if we started from the beginning. If we clearly established in law the 67 rights of citizens, we should not be contriving formulae for trying to solve problems as they arose. That is exactly what we are doing here, because the provisions have now been drafted into legislative form as a result of White Papers and reports over the last 14 years, but primarily because we and other European countries have agreed a convention —signed by us but awaiting ratification—to allow data to be passed to and fro. That will particularly benefit British business, as we depend on technology to improve our market share in key areas both at home and abroad. Viewed pragmatically, and not from the point of view of principle, the risk is that the information may flow into Britain, but, as was said in the other place on Third Reading not long ago, it may flood into computers such as the police national computer, where it will be unseen, untouched, unobserved and unremarked on by the people to whom it refers.
Not until we have a Bill of Rights with constitutional principles which are clear for all to see, not until we deal with the problems of the lack of access to public information, the right to privacy and abuses of information by the press—it has just been suggested that the press has always done its job properly, but we all know that that is not true—and not until we deal properly with the problem of official secrets, will we have legislation without the loopholes and defects which we have when we try to cobble legislation together in the piecemeal fashion that we are asked to do today.
The importance of the subject that we are debating is reflected in a survey carried out by the Consumers Association in January of this year. It asked 985 people whether they believed that various bodies kept information confidential. Six per cent. believed that family doctors —at the bottom of the scale—did not keep information confidential. Nineteen per cent. believed that hospitals divulged information. For the Passport Office the figure was 20 per cent. For the Inland Revenue it was 28 per cent. One third of the people questioned believed that the police divulged confidential information. Thirty-five per cent. thought that the social security departments divulged confidential information. For the local council the figure was 37 per cent.; for trade unions it was 38 per cent.; 40 per cent. for a wonderful category called the old school; 46 per cent. for employers; 51 per cent. for the credit card companies; and 62 per cent. for the finance companies.
It is clear that the public believe that a lot of information that should be confidential is not kept confidential. It is clear from a different question in the same survey that the number of people who are worried that information is not kept confidential is extremely high—certainly over 50 per cent. and up to 75 and 85 per cent. in certain cases. For banks the figure is 84 per cent., which may not surprise many of us.
Although the legislation, as proposed, has been improved, we share the criticisms made in the Financial Times which last April, at the time of the Second Reading, had a heading
Data Protection—Many Loopholesand nearly a year on prints an article in today's edition of the same paper, which has as its headline:Data Protection Bill May Give Scant Protection".We should, of course, deal with the technological problem, but primarily we should deal with the problem of establishing once and for all a clear system which will 68 ensure that the data that are kept on file after file— many of which we know nothing about—on all of us, not only those on the Floor of the House, but those in the Public Gallery and those who are reporting these proceedings, can be discovered and corrected, if it is wrong, and which give us a remedy in damages if the use of data is abused. Unfortunately, the Bill does not deal satisfactorily with these issues.
One major defect is that the definitions in the Bill are appalling. They are extremely vague. The article that I mentioned confirms that perhaps the two words that best describe the Bill are flexibility and vagueness.
The Home Secretary said that the European convention principles are being enacted and that that should be enough. We all know that principles incorporated in conventions, agreed after much negotiation by many different states, are often models of vagueness. The convention says that the purpose of national legislation is to implement those principles—in other words, to give them bite and effectiveness. We want an accurate definition of subject, user, and the data in question. In that way we would all know what the clauses deal with. I am sure that hon. Members realise that we shall have a substantial task in Committee to improve the definitions.
It is not clear exactly what equipment we are talking about in the Bill. The Government say that we are not talking about manual records. That we know, but in my view they should be included, and my party shares my view, for the following reasons. First, the Bill will encourage people to hold on to manual records and delay the implementation of the advantages of technology that computerisation could bring. Secondly, people know that if they retain manual records they will not be subject to registration and all the bureaucratic superstructure in the Bill. Thirdly, for that reason, there will be a substantial amount of information to which the public will not be entitled to have access. It is as simple as that. Even if the Government are determined at this stage only to do what is necessary to comply with the convention—to limit the Bill to automatic and processed data which are not kept in a manual form—I hope that the Minister will tell us tonight that the Government will seriously consider the possibility of extending protection to manually stored data, certainly during the lifetime of this Parliament.
§ Mr. Paddy Ashdown (Yeovil)Does my hon. Friend agree that the Minister could help us with another related problem? It is perfectly possible, as he will know, to create manual records from data input. In other words, from the data which the Bill covers, one can press a button and create a printout of the information that one does not want to be covered by the Bill. It then becomes a manual record and is outside the scope of the Bill. That is equally dangerous and should be equally under surveillance. Does my hon. Friend agree?
§ Mr. HughesThat is correct. An advantage of the computer industry is that one can put in information, extract it, and convert it to other forms. They are not covered by the Bill. When we considered the first Bill in Committee last year, the Minister did not deal with that matter adequately. I hope that the Minister will take up my hon. Friend's invitation to pursue it, and thus answer the valid criticism of the definition clauses, whereby a large amount of material is not only not covered in the first 69 instance but even if converted into a form that allows it to be covered for a period, can be taken out of the scope of the Bill.
Hon. Members may have followed the correspondence in The Times this month on the bizarre implications of the Bill. The Minister has accepted that those implications are not just possibilities, but are accurate. I have here some spent cheques. They are perfectly ordinary Williams and Glyn's bank cheques, drawn on the account of an ordinary citizen. They represent a collection of personal data about another person — not me — including information recorded in a form that can be processed by equipment operated automatically—the definition in clause 1(2)— thus being subject to the provisions of clause 5 and making me, holding the cheques, subject to the Bill's provisions, as a data user. It seems that if the Bill were in force I should have to register my use of the cheques. The Minister of State accepted that view in a letter to Mr. Sandison, which was referred to in Mr. Sandison's letter to The Times on 19 January.
§ Mr. Barry Henderson (Fife, North-East)I am interested in the hon. Gentleman's example, because he is highlighting a difficult area in the Bill. However, I doubt whether his analogy is correct, since he would not qualify as a data user because he does not have with him automatic processing equipment which is capable of processing those cheques.
§ Mr. HughesI believe that the Minister accepts that that is not a prerequisite. I am not required to have the equipment at the moment that I have the products. Of course, it is a matter of detailed definition, but my example shows the bizarre consequences which could follow from drawing the line where the Bill draws it.
A more substantial problem is that many hon. Members and the increasing numbers of the public who own home computers could also be covered by the Bill. If someone put on to his computer 100 names taken from the electoral register or from the Office of Population Censuses and Surveys and the use of those names was not confined to one family, so that it would not qualify for exemption under the Bill, that home user would fall within the terms of the Bill. I ask the Government to consider carefully such problems of definition. The proposed forms of definition are entirely indadequate. A person who borrows a computer from another may also come within the provisions of the Bill while he uses the computer.
The Committee on the Bill will have to look at the details, but serious problems of definition are posed and businesses and individuals are right to be worried about them.
There are other substantial objections, some of which are supported by all four local authority associations,— the Association of County Councils, the Association of District Councils, the Association of Metropolitan Authorities and the Conventon of Scottish Local Authorities. Local authorities deal with an enormous number of records and are perhaps more conscious than many other bodies of the public concern. They want clear codes of practice, which the Home Secretary has so far resisted, and they agree with the recommendation of the Lindop committee that there should be an advisory committee to ensure the satisfactory working of the legislation.
Improvements have been made in the Government's proposals for the staffing of the registrar's office, but the 70 number of staff will be small—I have not heard mention of a figure above 20 — and the office will not be effective for two years, which will give time for information to be shifted by those wishing to avoid compliance with the Act. Also, compared with the parallel body in Sweden, the registrar's office will have little power and is unlikely to be able to do its job properly. My party believes that, even with the best will in the world being shown by the registrar and his or her staff, the office will be no more than a facade of controls and that there will be no effective system.
Another defect is that many of those appointed to offices under the Bill — for example, members of the tribunals and those dealing with appeals against the decisions of the registrar — will be appointees of the Home Secretary. The Department that causes most alarm to the citizen is the Home Office. It deals with the most controversial areas of information, such as police files. I ask the Home Secretary to remove from his Department and, pending the establishment of an effective Ministry of Justice, to put into the hands of the Lord Chancellor's Department control of the mechanisms for supervising the proper enforcement of the legislation.
Other objections are shared in all parts of the House. I was surprised to receive last year a memorandum from the Society of Conservative Lawyers which included eight pages of criticism of the previous Bill. That shows that the objections are not a party political matter, though it is a matter of principle to my party that we get the legislation right.
We are worried that individuals will not be able to correct inaccurate information. The system proposed in the Bill works from the wrong end; the duty should be on the data user to tell the data subject that information is being held. The Government's system means that if a person suspects that information is held, for example, on a file in the DHSS offices at the Elephant and Castle he will have to go on what my hon. Friend the Member for Yeovil (Mr. Ashdown) calls a game of technological hunt the thimble. If that person believes that information on him is being held, he will have to look for it without quite knowing where, and he will also have to pay for the privilege at each stage of the process. Instead of people being told where information is kept, they have the responsibility of looking for it, and they may not always know where to look. That is a substantial defect in the Bill.
By registering only data users, and not data banks, even if data users have to specify the purposes for which they intend to collect information, we will provide numerous opportunities for information to be transmitted from one computer, where it is stored for a particular purpose, to a second computer, where it may be stored for another purpose.
The best example of that problem is information held by the police. Two sorts of information may be kept on police files. The first is facts—details of a person's convictions, age and address — and the second is intelligence—suspicions and conclusions, for example, drawn from the fact that a person had been seen leaving his house after dark on successive nights.
As was pointed out in an article in New Society last year, the Suffolk police computer, which collects facts and intelligence, is plugged into the national police computer. I know of plans for at least eight other police forces to plug into the national computer. Our tradition of local police forces and not a national security force will be grossly 71 undermined unless we can be assured that data are not being transmitted without authority, justification and control from one police computer to another.
The exemption relating to immigration matters has been removed, but three exemptions which will allow enormous scope for abuse are retained in the Bill. It is no argument for Home Office Ministers to say that they are not taking away rights but upholding them, for 10 years ago the problem at its present level did not even exist. The dangers grow apace with the growth of technology. Increased rights are therefore required for the individual to deal with the increasing opportunities that technology offers. It is not adequate to say that we are adding to the protection of human rights when we in this country lag considerably behind our colleagues in western Europe.
§ Mr. Peter Bottomley (Eltham)The hon. Gentleman referred to a Bill of Rights earlier in his speech. What part of a Bill of Rights would have assisted in easing the problem?
§ Mr. HughesThe right to respect for family life and privacy. I accept that it is a widely-drawn right. However, it has been interpreted without difficulty by the Commission and the European Court. As the hon. Member for Eltham (Mr. Bottomley) knows, it is notable that this country of all countries has been the most frequent offender against the European convention on human rights, brought regularly before the Commission and found regularly by the court to be in breach. The worst offender is the Secretary of State's Department, the Home Office, which time and again has been found to be in breach and has then, as I think the lawyers will say, amended de minimis its regulations and rules. The obligations required by European conventions would allow much better access to information than provided for in the Bill. The tragedy is that we have not fully endorsed the principles established by the Council of Europe in the 1940s as a result of the abuses of information and concerns that were felt after the war.
I have dealt with the concern that many hon. Gentlemen on the Opposition Benches have about the lack of information to the individual when information is transferred from one data user to another. Clause 29 which deals with health and related information has the same substantial defect. Under this clause the Secretary of State by order can allow information in that category of the most confidential kind to become exempt from the Bill's provisions.
The registration system itself may clearly be defective also. Under the present provisions, the registration system firstly applies to data users as opposed to data banks. Secondly, it is not clear that it will govern the breadth of purposes that the data user may have in mind. Worst, perhaps, the time lag permitted under the proposed legislation would allow effective registration to be reduced before the information became available to an inquiring individual. The proposed period for processing an application for registration at present is far too long for people to be able regularly to keep track of the information that is kept on them. It is not acceptable that the Bill should allow information to fall for so long outside its provisions, nor is it acceptable that in many cases where it would be proper and consistent with human rights, no provision is made for public inspection of applications. In the Bill there 72 is also a defence that someone tried to comply with it. That is not normally sufficient in other legislation, and it should not be sufficient here.
You have been subjected, Mr. Deputy Speaker, to listening to many criticisms of the Bill from both sides of the House in the debate. When the matter last came before the House, I said from these Benches—this view was shared by the Labour party at that time—that we would not oppose it then in the hope that the Bill would be substantially amended. That Bill has been substantially improved in several respects. All the bodies which, lobbied—the British Medical Association, the churches, the hospitals, and other bodies — have not however denied that some objections remain. They say rather and debates in the other place confirmed it — that substantial moves have been made in the right direction. As I said, it is a beginning. Our position tonight is, therefore, consistent with our position last year. I observe that the right hon. Member for Birmingham, Small Heath (Mr. Howell) is waiting to explain how his party has changed its position. That can no doubt be explained in a moment
We have said that if the Bill were improved we would support it, and, if it were not, we would reserve our right to vote against it. Unless more substantial improvements are made, as some have been to the Bill since it was presented a year ago, we shall reserve our right to vote against it on Third Reading. Because we believe, and I hope most hon. Members accept, that there should be data protection legislation, and that with every month that passes such legislation becomes more necessary, we will vote for the Bill on Second Reading, but we shall go into Committee with the same intentions that we had last year, namely, to seek further substantial improvements to deal with the remaining major problems.
§ Mr. Denis HowellThe hon. Gentleman is correct in saying that the Liberal party on the last occasion, in agreement with the Labour party, said that, unless the Bill was substantially improved, Liberal Members would vote against it on Third Reading. We disagree with him entirely in his interpretation of whether the Bill has been substantially improved — although, of course, some improvements have been made.
§ Mr. WaddingtonWe have not yet reached Third Reading.
§ Mr. HowellI do not want to say much to the Minister at this stage except that the Bill has been introduced with the benefit of hindsight. In my experience in the House this is the first time that the benefit of hindsight has been totally usurped by the Government of the day. The Government have failed to take any account of the criticisms expressed during the passage of the Bill through the House. I say to the hon. Gentleman that, if the Liberal party intends to vote in favour of the Bill tonight, it is a denial of the speech to which he has subjected the House.
§ Mr. HughesIt is odd, if the right hon. Gentleman's party are so strongly objecting to the Bill, that their membership in the House was for a long period two, and is now four. This suggests a token measure of opposition and not a constructive position. We shall certainly support— indeed, our names are on the Order Paper — the suggestion that, because of the detailed improvements required in the Bill, it should go to a special Select 73 Committee where evidence can be called. It would be inaccurate as well as ridiculous to say that, since the Bill was introduced in the last session, no substantial concessions have been made by the Government as a result of pressure not only from this place but from outside. Perhaps the only advantage of the last general election is that at least the Bill is slightly better than it was before the general election. Further substantial improvements are now required in coming months. It would be unfair, and inconsistent with what we said last time, to say last year that if there were improvements, we would support the Bill and, if there were not improvements, we would not support it, but then, on Second Reading—before what I hope will be a long and effective Committee stage — we were to oppose it. We reserve our right to oppose the Bill later. This is always a matter for judgment. We have to do the best for the individual when the Government are not of our choosing. We reserve our right to oppose the Bill unless the Government now listen to the arguments to which they have so often been deaf and which are aimed at improving what is a timid measure, conceived for the wrong reasons. Improvements, if implemented, would at least have the advantage of dealing with the inadequate situation that has existed for so long.
§ Mr. Harry Greenway (Ealing, North)I listened with interest to the conclusion reached by the hon. Member for Southwark and Bermondsey (Mr. Hughes)—both to the way that he expressed his conclusion and to the terms that he used. He said that the Liberal party had been consistent in this matter. It will be interesting to read the record. I do not think that his party has any right to claim consistency, save for voting consistently for increased expenditure and lower taxation at every opportunity open to it. It never faces the responsibility that any major party should face in saying that we must increase expenditure in one respect and that to do that we have to decrease it elsewhere or fail to balance the books. The record will show that the amount of increased expenditure advocated by the Liberal party would put about 20p on the standard rate of income tax — [Interruption.] That is how the Liberal party needs to face its responsibilities — [Interruption.] It is no good the hon. Member for Yeovil (Mr. Ashdown) shouting at me. I used to run a school of 2,000 pupils, and I am accustomed to unruly, silly children. If the Liberal party does not like its arguments turned upon itself, it must not put fatuous arguments to the House.
I agree with the hon. Member for Southwark and Bermondsey, who on personal terms is an admirable fellow, about the lack of interest in privacy among Labour Members. Only about 1 per cent. of Labour Members have been present for most of the debate so far. However, I disagree with the hon. Gentleman when he says that Britain has been forced to make a record number of appearances before the European Court of Human Rights. He must know that many people go through every one of our legal processes in an attempt to achieve what they want, and only then do they go to Europe. That is reasonable and acceptable. Despite that, this is the freest and best country in the world.
§ Mr. WilsonRubbish.
§ Mr. GreenwayIf the hon. Gentleman believes that, why does he not go elsewhere?
§ Mr. Wilsonrose —
§ Mr. GreenwayWe have gone—
§ Mr. WilsonOn a point of order, Mr. Deputy Speaker. The hon. Gentleman has just told me to go away because I suggested that this was not a democratic country. I remind the House that it was this Parliament in 1979 that refused to establish a Scottish assembly when the Scottish people had voted for it.
§ Mr. Deputy Speaker (Mr. Paul Dean)Order. The hon. Member for Dundee, East (Mr. Wilson) knows that that is not a point of order, and it is clear to me that the hon. Member for Ealing, North (Mr. Greenway) is not giving way to him.
§ Mr. GreenwayNo one was told to go away. I simply said that if the hon. Gentleman did not like this country and thought that it was not free, he should go elsewhere. I say it again.
§ Mr. HendersonIn view of the bogus point of order raised by the hon. Member for Dundee, East (Mr. Wilson), I hope that my hon. Friend the Member for Ealing, North (Mr. Greenway) will bear in mind that when the devolution legislation was brought before the House, there were 11 hon. Members representing the Scottish National party and that today there are only two.
§ Mr. GreenwayMy hon. Friend makes a fair point, and I hope the hon. Member for Dundee, East has noted it.
The Bill is a considerable step forward in protecting the individual. I am surprised that more Labour Members have not said so loud and clear. Some of them may have read Laurie Lee's marvellous book "Cider with Rosie". They will know from that that the village squire always said to any children whom he met once a year at a party, "The smallest room in the world is a mushroom, but the largest is room for improvement." There is room for improvement, and I shall have some improving suggestions to make. But the Bill is a major step forward in protecting the individual, and my right hon. and learned Friend the Home Secretary is to be congratulated.
The attitude of the Labour party is ambiguous and inconsistent. We heard the right hon. Member for Manchester, Gorton (Mr. Kaufman) express his fear for the individual—to point almost of nausea. We have to contrast what he and his party say and what he advocates in other areas of our law. I have in mind the principle of the closed shop which takes individuality away from a man or woman and with it all decision making in important areas of people's lives and arrogates their rights to a body over which they have little control. The same party advocates nationalisation, which again denies the individual his right to personal and individual enterprise and subjects him to direction from the state.
§ Mr. AshdownWill the hon. Gentleman give way?
§ Mr. GreenwayNo.
Again, the Labour party would like to see the total municipalisation of housing.
§ Mr. Denis HowellNot all of us.
§ Mr. GreenwayThere are those who would not. I accept that the right hon. Member for Birmingham, Small Heath (Mr. Howell) would not, but many Labour Members would like to see the total municipalisation of 75 housing, which would give local authorities almost total control over the individual. Some Labour councils have almost achieved that. A notable example is Tower Hamlets. In that area 98 per cent. of all housing is publicly owned. Tower Hamlets is practically there. It cannot be denied that that is the direction in which sections of the Labour party wish to go.
The hon. Member for Caithness and Sutherland (Mr. Maclennan), on behalf of the SDP, said that the Bill should go to a Special Standing Committee. However, I understand the Government's reluctance to accept that proposition. I was a member of the Special Standing Committee which considered the 1981 Education Bill. Most tragically, the procedure was grossly abused by the then Chairman of the Committee, Mr. Christopher Price, who clearly was in collusion with the present Leader of the Opposition. Between them they attempted to manipulate those scrutiny sessions of the Committee, to the detriment of the new device that Parliament had conceived. I have said as much to them. They know that I have this view. I say nothing that I have not said elsewhere.
§ Mr. Andrew F. Bennett (Denton and Reddish)On a point of order, Mr. Deputy Speaker. Is it in order for an hon. Member to insult the Chairman of a Standing Committee and the Chairman of a Select Committee in that way? The procedures of the House ought to protect those who chair our Committees upstairs. It was my understanding that any criticism of the Chairman of any Committee had to be made in the form of a motion on the Order Paper, not by a statement in the House.
§ Mr. Deputy SpeakerOrder. I was listening carefully to the hon. Member for Ealing, North (Mr. Greenway). The distinction here is that he was referring to a former Member of the House and to a former Parliament.
§ Mr. Greenwayrose—
§ Mr. Denis HowellFurther to that point of order, Mr. Deputy Speaker. Are we to take it that although it is not possible to make allegations of the sort just made by the hon. Member for Ealing, North (Mr. Greenway) about the Chairman of a Select Committee in this Session, it is possible to make exactly the same accusations retrospectively about a former Chairman in another Session? That seems to be quite wrong.
§ Mr. Deputy SpeakerOrder. The point that I am making is that the gentleman referred to is not a Member of the House and that the reference was made to a former Parliament. That is the distinction that I am drawing. It would not be in order for reflections to be cast on the chairmanship of a Select Committee or Standing Committee in this Parliament and about a Member of the House.
§ Mr. Denis HowellFurther to that point of order, Mr. Deputy Speaker. In view of your ruling, may I, through you, put it to the hon. Member for Ealing, North, whom I know to be a decent man, that with hindsight he ought not to have made accusations about a former colleague which he would not be able to make if that former colleague were still a Member of the House. In that spirit, I hope that the hon. Gentleman will withdraw his words even though, of course, he is entitled to be critical.
§ Mr. GreenwayOf course, I know the right hon. Member for Small Heath well and respect him. However, the procedure that the Labour party is advocating, which has been supported by the SDP spokesman, the hon. Member for Caithness and Sutherland, was abused in the previous Parliament. I say that with great respect to Christopher Price, whom I admire and respect tremendously. He is a great education man and a personal friend. Nevertheless, I have said that to his face.
§ Mr. Andrew F. BennettWill the hon. Gentleman give way?
§ Mr. GreenwayThis is the last time that I shall give way.
§ Mr. BennettDoes the hon. Gentleman agree that, in drawing up the list of witnesses, Christopher Price consulted the Government as well as the Opposition and that the list was agreed by both sides of the Committee? As a result of those procedures, many points were brought out in the Special Standing Committee part of the proceedings which led to amendments for which the hon. Gentleman voted and the Government supported. Therefore, there was a lot of constructive improvement to that Bill.
§ Mr. GreenwayI do not say that Christopher Price did not consult fairly with Committee members. However, the Committee went wrong because of the order in which Christopher Price invited people to make their points. Hon. Members do not need me to remind them that it is tactics that count. That is how the Committee was abused. Therefore, I can understand why the Government are concerned about using that procedure again.
§ Mr. Clement Freud (Cambridgeshire, North-East)Will the hon. Gentleman give way?
§ Mr. GreenwayI shall not give way again.
The whole subject should, if possible, be considered by the Home Affairs Select Committee. It is not for me to suggest its business, but if the Home Affairs Select Committee took it on — notwithstanding the forward provisions made by the Bill—we would have a most valuable device for inquiring into this important subject for the benefit of both Parliament and the public.
§ Mr. GreenwayI shall not give way again, as I have given way several times. I want to continue my speech, as other hon. Members are waiting to speak.
§ Mr. GreenwayThe hon. Gentleman has only recently walked into the Chamber.
I support those who have said that there should be free access to data for those on social security. I note that such an amendment was tabled in the other place, but not accepted. I hope that the Home Office will reconsider that point. I do not understand, or quite accept, the costing set out on page V under the heading "Financial Effects of the Bill."
§ Mr. FreudOn a point of order, Mr. Deputy Speaker. Is it not invidious that an hon. Member should sit quietly throughout the sittings of a Special Standing Committee, of which he does not approve, and then talk disparagingly about it in the Chamber? Surely that is a false way of going about things.
§ Mr. Deputy SpeakerI think that hon. Members are being sidetracked into former proceedings. It would help all hon. Members if we discussed the Bill.
§ Mr. GreenwayI hope, Mr. Deputy Speaker, that the hon. Member for Cambridgeshire, North-East (Mr. Freud) will not abuse the procedures of the House in your time and mine.
I hope that the Government will consider giving those on social security, and perhaps those on very limited means, free access to data. After all, there is a case for doing that. I also wonder whether 20 staff will be sufficient to enable the registrar to carry out his functions satisfactorily.
The hon. Member for Denton and Reddish (Mr. Bennett) has frequently and valuably referred to the importance of opening school records. I largely support him in his aims. However, he goes further than I would in wanting complete openness. Last year, when we discussed a similar Bill, he was concerned — and no doubt will be now — that manual records were not included in the Bill. I share his broad concern.
However, I am not sure that all school records should be made available to parents. Some school records, such as medical records, should be made available, but subjective assessments by teachers of a child's behaviour, his family, school work and relationships with other children should not be open to the public. They are subjective judgments by teachers and should be regarded as such and kept under wraps. Nevertheless, a teacher's official view of a child, as recorded on a report, school reference and so on should be accessible to parents and other legitimate members of the public at all times. From my long experience of education, including seven years running a school of more than 2,000 pupils, that is my view.
There is much more to say, but other hon. Members are waiting to speak. Several hon. Members have rightly drawn the attention of the House to the need for a Bill of Rights. I would like to see a Bill that gave the individual the right to privacy, the right to decide whether or not to join a union, the right to worship, and so on. I understand the problem of entrenching such a Bill of Rights in our constitution, but such a Bill would be valuable, and I urge the Government to consider it.
With those remarks, I welcome the Bill.
§ Dr. John Marek (Wrexham)Like the hon. Member for Ealing, North (Mr. Greenway), I shall try to be constructive, although I hope that my remarks will be based on a slightly different foundation from that of the hon. Gentleman. I was probably quite lucky not to have been a Member of Parliament in the previous Parliament when the lengthy procedural discussions referred to by the hon. Gentleman took place.
In the wording of the Bill the Government should have demonstrated that they were abiding by the spirit and letter of the European convention, but they have not done so. However, they would have gone a long way towards doing so if they had accepted the report of the Lindop committee and, in particular, the proposal to set up a data protection authority. Paragraph 15 of the report's summary states:
The DPA should be an open and friendly Authority, and should seek to avoid an adversary relationship with users. It should therefore be required to conduct consultations with those 78 who will be affected by a draft Code, and to invite representations. It should also provide assistance, guidance and rulings, for example to users who plan a new application.Instead, we have a registrar and tribunal. As other hon. Members have said, in the case of court proceedings, they will act as a great deterrent to many of those who seek redress for their grievances. Conservative Members have argued that a data protection authority would be another quango. If so, so be it, but many other quangos will be set up if and when the Bill to abolish the metropolitan counties is enacted. It will be impossible to perform the functions of those metropolitan counties without recourse to a great many quangos. One quango is not necessarily evil if it can be justified, and I believe that there is justification for one in the Lindop report. A data protection authority might have only a small staff. It could use the consumer protection departments of county councils to help to keep down its costs. Yet the Government have seen fit not to accept that recommendation, which is why the Opposition intend to vote against the Bill.
§ Mr. Roger Freeman (Kettering)Does the hon. Gentleman agree that one of the advantages of a registrar rather than an authority is the speed with which a registrar can act? Are not we living in an age when data can be transferred quickly not only from one computer to another, but from one country to another? If the hon. Gentleman accepts the principle of the Bill, would not far better protection be provided through a registrar — a single individual, albeit supported by his staff—who could act more quickly than an authority?
§ Dr. MarekI accept that it is important to act quickly, and if a registrar can do that, so be it. But that does not preclude an authority from acting quickly. I hope to illustrate later why we need more than a registrar.
It is a matter of great concern that the Bill provides many possibilities for evasion. Hon. Members have already mentioned the possibility of changing initials— for example, either putting them in front of the name or following the name. One serious defect of the Bill is that manual records are exempt. Those wishing to set up a blacklist of employees or a list of individuals' creditworthiness could set up two different companies— one a computer bureau and the other a company operating a manual system. They could pass information to each other. I am not sure whether the Bill would prevent such a practice. The Bill is of no value unless it clearly tackles the problem of evasion in certain types of data collection.
The Lindop committee stated:
However, we have defined 'handling' to cover a wide range of activities, and recommend that a user's personal data handling should come within the scope of the Act if any part of it is conducted by automatic means. Data handling bureaux should also come within the scope of the legislation.I shall vote against the Bill, but if it reaches its Committee stage — as it will, because of the Government's overwhelming majority—I hope that that point is given further consideration so that the Bill can be tightened as much as possible.I echo the deep concern expressed by many hon. Members about the confidentiality of medical records. Under clause 1(5), it is certain that health authorities will register as data users because it would be impractical for doctors, in their various disciplines, to register individually. Doctors will not then be able to control access to information that they have taken in confidence from their patients. As my right hon. Friend the Member 79 for Manchester, Gorton (Mr. Kaufman) made plain, if patients believe that the information that they give to their doctors is not absolutely confidential, they will become wary before they divulge all the facts, and doctors will have greater difficulty in making a correct diagnosis. In certain cases, that difficulty may prove crucial. I hope that the Government will not put doctors in that difficult position, which will inevitably worsen standards of health.
When information is to be made available to others, it should follow the recommendations in the British Medical Association's handbook of medical ethics:
I hope that I have made it clear that I am asking the Government urgently to consider that problem, which is of central concern to a great many people. I hope that the Bill will make absolute the confidentiality between patients and doctors, subject only to the restrictions that I cited from the BMA's handbook
- "(a) In all medical records, information should be regarded as held for the specific purpose of the continuing care of the patient, and should not be used, without appropriate authorisation by the responsible clinician or the consent of the patient, for any other purpose.
- (b) Access to identifiable information held in medical records should be restricted to the author and the person clinically responsible for the patient during the episode for which the data was collected (or their successor) unless specifically authorised by the clinician in the interests of the patient. Access to clinical data of previous episodes of illness should be available to the clinicians currently providing care for the patient. Access to such information should only be allowed, where practicable, with the patient's consent.
- (c) An individual should not be identifiable from data supplied for statistical or research purposes. If follow-up of the individual patient is a necessary part of the research, the patient must have previously given consent. Consent to the release of information for a medical research project must have been obtained from local ethical committee for clinical research, or in the case of the National Cancer Registry, from the Chairman of the BMA's Central Ethical Committee."
The Government are not taking into account the basic fact that technology in data processing is increasing at a tremendous speed—far more quickly than in almost any other branch of technology, engineering, physics or chemistry. What are new business techniques today will not only be antiquated tomorrow, but very antiquated. That is why we need more than a registrar. We need a data protection authority that can do more than the registrar. It would have a duty to produce codes of practice and to issue reports to the Government so that legislation could be kept up to date. No one can foresee the posititon in two or there years because technology is moving forward so quickly. Without such an authority, the legislation will not be effective. That is why I shall vote against the Bill tonight.
§ Mr. Barry Henderson (Fife, North-East)I hope that the hon. Member for Wrexham (Dr. Marek) will forgive me if I do not follow him. I do not wish to speak for too long because a number of my hon. Friends are still waiting to speak.
I was considerably shocked to hear the Opposition spokesman, the right hon. Member for Manchester, Gorthon (Mr. Kaufman), giving the somewhat pathetic and unconvincing reasons why the Opposition intend to vote against the principle of the Bill. The Labour party ducked the issue throughout its period in government. Opposition Members are complaining that the Government do not have a perfect Bill—as though it is 80 easy, or even possible, to produce that at the first attempt on such a subject. If the Labour party really cared, it could have introduced a Bill not just once, but twice when it was in government.
The Younger committee first reported on privacy in 1972. The Labour party came to power in 1974 and could have picked up that subject and legislated on it, but it ducked the issue and set up the Lindop inquiry. That reported in 1978, when the Labour party was still in office, but we did not see any sign of enthusiasm from Labour Ministers at that time for grasping this nettle. Now, when the Conservative Government grasp it and introduce a Bill, Labour Members object. It must have given the Government's business managers some pause when it was decided to introduce a Bill which clearly would be contentious apart from any party controversy, and I honour the Government for having introduced the measure.
The Labour party says that the matter should have been referred to a Select Committee, a Special Standing Committee or some other procedure. Since 1979 — technically, since 1980 — the House has had Select Committees looking into various matters and at any time Labour Members could have suggested to relevant Committees that they might look at the subject, but I am not aware that they ever have. Why suddenly now, on the second occasion when a Bill of this kind has been before the House, do they feel it necessary to have a Select Committee to examine these matters?
Running through the speech of the right hon. Member for Gorton was a distaste for the Bill, for no other reason than that it might help the information technology industry. Since he comes from a Manchester constituency, which contains a substantial part of that industry, I should have thought that he, like me, would have welcomed the Bill for that reason alone.
That is not the only reason why the Bill is before us, though that is a good reason for accepting it, and it has been widely welcomed by those concerned with the rights of citizens and consumers generally. Also important is the fact that the Bill will enable the United Kingdom to ratify the European convention for the protection of individuals with regard to the automatic processing of personal data. It may not do everything that all hon. Members wish, but the fact that it will enable us to ratify that convention is an advance over the present position, and if we are talking about the principles of the Bill, as we are today, that should be welcome in all parts of the House, and I am surprised that the Labour party and SNP intend to vote against Second Reading.
In the last Parliament I expressed concern about why the Bill incorporated the concept of a data protection registrar, because I foresaw the probability that virtually everyone who ran a computer system would be likely to have to register, and I do not think that has changed. However, I now admit to conversion because, although at that time I had not found anything in the European convention which required the appointment of a registrar, I have since discovered why that must be so if we are to adhere to that convention. In that sense I apologise to the Minister and accept that the Government were right to incorporate that provision in the Bill, although I still do not like its bureaucratic consequences.
I am astonished that Opposition Members should oppose a measure which sets out in its first schedule the principles that we find there. For example, it states that information contained about 81
personal data shall be … processed, fairly and lawfully … Personal data shall be held only for … specified and lawful purposes. Personal data … shall not be used or disclosed in any manner incompatible with … those purposes. Personal data … shall be … relevant and not excessive … Personal data shall be accurate and … kept up to date. Personal data … shall not be kept for longer than is necessary … An individual shall be entitled … to be informed … whether he … is the subjectof data being held, that he should have access to any such data and have data corrected or erased where appropriate. That such principles are enunciated in a statute is to be welcomed. Although there are imperfections in the Bill, it is a major step forward and the Government deserve support for introducing it.I have certain queries about the Bill, and I adduce them in a constructive spirit. Clause 1(3) defines personal data as
data consisting of information which relates to a living individual".Because somebody dies, remembering that other people might be concerned with his reputation or might be deemed to have characteristics relating to that person's personal characteristics and data, why should the fact of death take away the rights of the individual in regard to personal data?
§ Mr. Robert Kilroy-Silk (Knowsley, North)It takes away all his rights because he is dead.
§ Mr. HendersonThe hon. Gentleman may be a legal eagle and there may be reasons why a person on death ceases to have rights; or perhaps he can transfer those rights to other persons. I do not know, but I should have thought that it could be harmful to citizens if data were revealed about a dead person, especially if those data were held on a basis of privacy.
The same subsection refers to an
individual who can be identified from the information".Does that mean that if the data do not contain the name—or perhaps the name and address—of the person, a data user of that kind of information will not have to register? Does the existence of a code reference in the computer data enable the data user to hold off line an index enabling him to keep identification of the person separately on a manual system?May we also be told why
including any expression of opinion about the individualshould necessarily have to be revealed to the individual? There are times when that could be unreasonably oppressive.Since we debated the Bill in the last Parliament, clause 1(8) has been changed and now reads:
Subsection (7) above shall not be construed as applying to any operation performed only for the purpose of preparing the text of documents.I imagine that that change was made because somebody thought that it was ridiculous to have word processors brought into the Bill when it was originally intended for computing-type data. I appreciate why the provision has been aimed at reducing the number of people brought into the scope of the register, and if a machine system is genuinely only for the purpose of preparing the text of documents, I am happy that that subsection should remain. If anyone thinks that that will take a significant number of data users out of the system, I do not believe him. For example, typing pools carry out the operation that is confined to the preparing of texts for documents, a purpose for which only very few word processors are used. It is an 82 extraordinarily inefficient use of a word processor for it does not even approach the benefit that could be derived from such a machine.My hon. Friend the Member for Wells (Mr. Heathcote-Amory) referred to the position of Members of Parliament and political parties. I raised the same issue when the Bill's predecessor was debated on Second Reading in the previous Parliament. I did not receive an answer then and I hope that the issue will be clarified when my hon. and learned Friend replies. Where will Members stand who hold information about constituents who have written to them in the ordinary course of correspondence? What will be the position of political parties which keep canvass records, for example? What will be their position once the Bill is enacted?
The universities and vice-chancellors expressed concern during the previous Parliament about the effect of the Bill on the way in which they keep some information about students in the course of their examinations. I raised the issue and the Government decided not to exempt universities. I understand why they took that view. Since then, I understand that the universities, vice-chancellors and principals have approached the subject again. They have produced a qualified exemption which might commend itself to my right hon. and learned Friend.
The universities feel that they need to retain the confidentiality of computerised records of students' examination results, to which all students will have the right of access if the Bill is enacted in its present form. The Committee of Vice-Chancellors and Principals of the Universities of the United Kingdom would like to see that which is contained in a letter that was written by the secretary general of that body to principals of universities. The letter reads:
Universities firmly believe that it is in the interests of both students and institutions to maintain the absolute confidentiality of 'raw' marks awarded in individual examinations as opposed to the final grading of candidates. Examination marks are expressed in many different ways and may be adjusted at various stages of the examining process. Other factors are frequently taken into account by an Examiners' Board when determining final grades such as a student's performance during the course, and in some cases marks may be adjusted at the discretion of the Board to take account of difficulties such as illness. Taken out of context, therefore, we consider that raw examination marks could be confusing to a student.As a result of those views, the committee of vice-chancellors and principals would like to see a provision in the Bill to exempt universities from the need to disclose examination marks until such time as the final assessment of a candidate has been completed. That is the new element which the committee is suggesting, and I hope that it will be considered further by my right hon. and learned Friend.
I think that there should be an exemption that will allow data users to disclose information in circumstances in which everyone agrees that disclosure is sensible. At present, if a data user has data on his file, he is not entitled to display them to the world. But there could be occasions when it would be desirable in the public interest, or in the interests of those on the file, to reveal them. There is no mechanism anywhere in the Bill to allow that to happen in a simple and straightforward manner. Again, that is something that should be considered.
Where a data subject, to use the inelegant language of the Bill, seeks to exercise his rights under the Bill to obtain information which is held about him, I hope that strict criteria will be laid down to ensure that that person will 83 have to give proof of identity. If not, the way is wide open for a neighbour to learn about another neighbour's personal matters which are no business of his. That is an example of breach of privacy, which much of the Bill is directed towards. I welcome the Bill and I hope that it can be further improved.
§ Mr. Kilroy-SilkIt is clear that the hon. Gentleman is an expert on this subject and that he has substantial queries about certain parts of the Bill. As he has spoken on Second Reading and can claim the right to be a member of the Committee that considers it, may we have an assurance that when he sits in Committee he will table amendments along the lines that he has suggested and will vote in support of them?
§ Mr. HendersonIf the matter were left to my personal inclinations, I should be glad to be a member of the Committee. As it happens, I am sitting in Committe on the Rating and Valuation (Amendment) (Scotland) Bill.
§ Mr. Kilroy-SilkThat is no problem.
§ Mr. HendersonLabour Members tell us that that Bill will be in Committee until Easter or later, so it may be rather difficult to fulfil the hon. Member's desire for me to be a member of the Committee. I understand that two or three Bills on Scottish matters are coming along behind the rating Bill. I cannot make any promise to the hon. Gentleman to help him with his problems.
I welcome the Bill and I hope that it can be further improved. However, I fear, as my hon. Friend the Member for Thanet, North (Mr. Gale) said, that it might not be very long before we have to take a further look at this subject.
§ Mr. Paddy Ashdown (Yeovil)I listened with interest to the speech of the hon. Member for Fife, North-East (Mr. Henderson), certain portions of which filled me with curiosity. I agree with one area of his remarks, but am left somewhat intrigued by other areas. For example, I am intrigued about his unusual exposition of the rights of the dead. I do not want to dismiss it out of hand. I hope that he will transmit his interesting ideas to the hon. Member for Ealing, North (Mr. Greenway), who believes that the dead, or the political dead outside the House, have no rights whatsoever. He seems to believe that someone who has served the House as the Chairman of a Committee may be criticised with impunity. During a seemingly studiously offensive passage in his speech, I wondered whether he had expressed his criticism of Christopher Price in Committee or saved it up for expression in the House, where he can make it with the protection of immunity.
I shared the amazement of the hon. Member for Fife, North-East at hearing the position adopted by the right hon. Member for Manchester, Gorton (Mr. Kaufman), who argued that it would be consistent and right to vote against the Bill. I know that my hon. Friend the Member for Southwark and Bermondsey (Mr. Hughes) came under attack for criticising some parts of the Bill but decided that we on these Benches should support it. However, I was amazed at the position adopted by the right hon. Member for Gorton.
I dug up the speech—perhaps that is the appropriate description—that was made by the right hon. Member 84 for Birmingham, Sparkbrook (Mr. Hattersley) when the previous Bill was being discussed on 11 April 1983. He said:
The Bill makes an important and vital contribution to the protection that we, the data subjects, need. For all its inadequacies, the Bill establishes the principle that the private citizen has the right to know what information about him or her is being held by private companies or public agencies, the right to inspect that information, the right to correct any errors of fact that that information contains and the right to the assurance that those data, which have been necessarily and properly obtained, will not be subsequently misused.It is because of the legal recognition of those principles that is belatedly given by the Bill that I shall not vote against its Second Reading, nor do I invite my right hon. and hon. Friends to do so. That is succinctly put.
§ Mr. Kilroy-SilkRead on.
§ Mr. AshdownI shall read on, although I did not wish to give too extended a quotation. The right hon. Gentleman continued:
We have in a sense, through the schedules and through the recognition of the principles in them, made some progress towards the objects of the Younger committee's report and the European embodiment of those objects in the Council of Europe legislation. — [Official Report, 11 April 1983; Vol. 40, c. 560–61.]Those who sit on the Opposition Front Bench may be embarrassed by that detailed quotation.
§ Mr. Denis HowellNot at all.
§ Mr. AshdownWhat cannot be doubted—this is the inconsistency underlying the Opposition's position—is that the Bill has been amended since the Labour party decided not to challenge it in the House of Commons. Whether the amendments are substantive may be a matter for argument, but they certainly tend in the right direction. I do not understand how the Labour party can bring itself to vote against the Bill now that it has been amended and improved in certain ways.
§ Mr. Denis HowellI am not embarrassed. I am simply sad that the hon. Gentleman does not continue his quotation to the point at which my right hon. Friend the Member for Birmingham, Sparkbrook (Mr. Hattersley) made it clear that, notwithstanding his welcome for any Bill on the subject, Labour Members would vote against Third Reading unless the Bill were substantially improved on fundamental matters relating to the individual citizen.
§ Mr. WaddingtonThis is not Third Reading.
§ Mr. HowellOf course not. However, since that time there has been another Second Reading, another Committee stage in another place and another Third Reading, and now there is this debate. The Government have had almost 12 months in which to put the fundamental matters right, but they have not done so. It is no credit to alliance Members that they are prepared to accept a tawdry compromise, ignoring the fundamental principles that we wish to establish.
§ Mr. AshdownThe right hon. Gentleman knows perfectly well that a vote on Second Reading is a vote on the principle of the Bill. The right hon. Member for Sparkbrook ended his speech by saying:
I hope that the Bill can be improved in Committee." — [Official Report, 11 April 1983; Vol. 40, c. 567.]We still sustain that hope. Some of the details of the Bill may be worrying, but the principle is worth supporting. 85 As my hon. Friend the Member for Southwark and Bermondsey said, we see the Bill as part of a larger whole. There is a need for a Bill of Rights to protect, once and for all, the rights of the individual against depredation by the great bureaucracies, the trade union movement or the large industries. We need a Bill of Rights to enshrine the freedoms of the individual and to give him, in particular, some freedom of access to information. The Bill is only pan of that larger whole for which the Liberal party and our SDP colleagues have long striven.
I wish to make a narrower point which I believe has worrying implications. The hon. Member for Wells (Mr. Heathcoat-Amory) made a similar point. I accept that there is a need to bring in a Bill now. There is a need to limit the private use of data banks and computer technology in a way which will safeguard the rights of the individual. However, a balance must be struck. The hon. Member for Wells said that he feared that the Bill would limit overmuch the private use of data bases and new technology while not limiting sufficiently their use by the state. In my judgment, the Bill does not provide safeguards limiting the use of the state's computers.
There has been a significant and welcome move towards the use of new technology by the organs of the state. We regard that as useful because it is cost-effective and, properly used, can result in greater personal service to the individual. Nevertheless, the state of the computer technology art is moving so fast that some of the Lindop committee's recommendations are now out of date. Indeed, if some of the recommendations in the Bill are not already out of date they soon will be.
There has been an immense growth in the amount of information held on the state's massive computers and the computers operated by some fringe organs of the state, such as the gas and electricity boards. I recently toured my local electricity board. The computer there can list the precise usage of every unit of electricity in every household in Britain, every hour of the day. It is making available an enormous amount of information. The same is becoming true of the water authorities.
The computers which serve the great organs of State are even more frightening. According to an answer that I have received from the Under-Secretary of State for Health and Social Security, there are 53 million names on the DHSS general index at Newcastle. The response time between feeding in a name and getting out the national insurance number is about five seconds, and since the index became operational in 1982 there have been 15 million inquiries. That represents 30 per cent. of the total data base—an enormous usage of data.
Currently that data base is being used almost exclusively by the staff at Newcastle, but experiments are in progress to give on-line access to other DHSS centres. I am still referring to answers received from the Undersecretary of State. There are 135 terminals at present, but there is talk of expanding the system to give on-line access to the central index and to the national insurance computer—an even larger computer at Newcastle—to every local DHSS office. That would mean as many as 20,000 on-line access terminals for that massive computer — a very broad dissemination of immediate access. Although that computer works on national insurance numbers, it can convert a name and address to a national insurance number in five seconds. In other words, there are two methods of access. One can plug in either the name and address or the national insurance number. 86 Running alongside that, and hopefully separated from it—we shall shortly discover whether that is so—there is the police computer. I understand that it holds information about every car and some 24 or 25 million people. Access is by name and address. There are also local police computers, some of which, such as the one in Sussex, have a direct interface with the police national computer. That is another powerful system of data collection and retrieval.
Separate from those systems — we hope — are the Inland Revenue computers. They operate on a basis of access by national insurance number. Again, there is a wide dissemination of on-line terminals. The system is powerful and effective and contains a great deal of data.
There can be no doubt that the ingredients for the state of 1984 exist. I would not accuse the present Government, or any other Government, of maliciously intending to combine those ingredients. Our present system with its massive state computers and their data bases—if they should have an interface — has the ingredients for creating a state which would have access to people's lives in a way which I believe all right hon. and hon. Members would be opposed. It is what Lindop said might happen and stood out against.
There are two matters that we must approach. The first is the central computer and telecom agency now — presumably because of the sale of British Telecom—called the Government's central computer agency. It has been working for the past two or three years—perhaps even 10 years—to ensure that Government systems in terms of data input, software and hardware, are standardised as far as possible. I do not mean that there can now be a machine interface, but there has been a distinct move towards standardisation. Not only do we have the ingredients, but there is a positive act of Government policy, perhaps sensible, to ensure that there is a degree of standardisation.
It is against that background that we must investigate the safeguards that the Bill offers against that de facto interface of the state's great computers. In that respect it is deeply worrying to see how ineffective clause 28(1) and (2) are. Personal data can be exchanged if they are held for any of the following purposes:
(a) the prevention or detection of crime"—not just the detection, but the prevention of crime; in other words, if it is reasonable for someone to consider that crime might be committed, it is possible for that interchange to take place—(b) the apprehension or prosecution of offenders; or(c) the assessment or collection of any tax or duty".That system allows almost a free exchange of information. It is necessary only for someone to come along and say, "We believe that a crime is going to be committed," for that exchange of information between those databases to be allowed. There has been no significant advance on this matter because that provision carries forward the current practice by which the police can go to the DHSS and request information.The current practice is contained in a Home Office circular. In paragraphs 177 to 188 it says that the exchange of information between the DHSS and the police can take place to assist the police
normally orally and in confidence, in investigations of offences, other than those of a trivial nature.We do not know at what level that operates. It could operate at police constable to executive officer level. 87 Someone from the police can ask for the disclosure of information from the DHSS to the police. The circular continues:In general, requests for disclosure of addresses should be made direct to the Manager.In general requests do not have to be.The fact that assistance has been given, or information has been passed, by the Department of Health and Social Security to the police under the procedures described in paragraphs 1.79 and 1.86 above should, as far as practicable, remain confidential.Such information is being passed not only at a low level. The police decide whether it is a trivial offence—an extension perhaps of the principle in the Police and Criminal Evidence Bill that it is a matter of judgment for the police as to whether an offence is serious—but the fact of the passage of the information has to be kept confidential.
§ Mr. Nicholas Lyell (Mid-Bedfordshire)The hon. Gentleman raises an important point. He may be able to answer a query in which my hon. and learned Friend the Minister of State might be interested. If one's bank holds, for example, records of amounts that one borrows from or lends to the bank—sums which are liable to interest—will the Inland Revenue be allowed to key straight into that bank data source to find out what one holds? One must bear in mind that the banks are under a current obligation to report to the Inland Revenue interest paid to a customer, which will be liable to tax if it comes from a deposit account or something similar. As the hon. Gentleman understands it, can there be a direct link as at present?
§ Mr. AshdownI am not sufficiently au fait with present practice to know whether that is the case, but it appears to be the case provided that the Inland Revenue can make the point under clause 28(1)(c) that it is for
the assessment or collection of any tax or duty".It appears to be possible for the information to be passed from the bank—a private organisation—to the state for those purposes.My point is rather different. I recognise that a series of problems spin from the central problem. Within the organisation of the state, the control of the exchange of information held on the state's great databases is so hopelessly inadequate as to be non-existent. The Government have not sought to take the current code of practice for this operation any further.
It perhaps does not matter too much—my case is that it matters a great deal — that a police constable can approach the DHSS and ask for information, because at present the information that the DHSS has will be local, with perhaps names and addresses. However, that will alter radically as soon as there is on-line access to the central computer at Newcastle. Then there is a de facto capacity for interchange locally, practically untrammelled by control.
I should like to know, perhaps in Committee, how many requests under the present system the police have made for the DHSS to hand over information and how many have been refused. I suspect that it will be few. How many disciplinary measures have been taken against DHSS officials for handing over information at an unauthorised level? We must remember that the 88 information is nearly always oral and that we are talking about a vast expansion of the subversion of the spirit of the Bill.
The fact that the information is given confidentially means that we have no control over how many instances there have been. We do not know at what level the passing of information operates. Therefore, the Bill's provisions and those in the guidelines are hopelessly inadequate for the circumstances that will arise.
Having made that point with all the force that I can, the onus must be upon me to make some constructive suggestions. The Bill could be amended in Committee in the way that we want. There should be a declaration of the number of times information has been exchanged inside and outside Government under the Bill's provisions. When the police ask for information from the DHSS, they should do so in writing rather than orally. There should be a limit to the rank at which information can be passed. The registrar should be informed of all occasions on which information is passed and report the number to Parliament. Those are the type of safeguards that we would wish to see built into the Bill.
Above all its other recommendations, the Lindop report warned against the use of a universal personal identifier. That was almost its most important recommendation. The power of the machines is now so great and the dissemination of access to them is so wide that there is a de facto universal personal identifier coming into existence, because it is possible to access all the state computers with one piece of information — national insurance numbers which will give addresses or addresses which will give national insurance numbers. That creates the opportunity for the subversion of the spirit of the Bill and dangerously magnifies the damage that could occur as a result.
The state's computers now provide a "Big Brother" network. The safeguards in the Bill against that danger are puny and inadequate. The most important amendment that I wish to see limits the state's power and gives the individual the protection that I know the Government seek to give under the Bill.
§ Mr. Timothy Wood (Stevenage)I welcome the Bill, which has been introduced for the second time. I agree with those who believe that it is in a better form now than when it was first presented in 1983. However, there will be a need for amendment in a few years' time in the light of experience, because there is such rapid change in data processing and the holding of data that it is almost impossible for us in this legislature to be able to prescribe exactly what will occur.
I should declare a past interest, in that until June last year I was involved with International Computers Ltd. on systems of the type that we might wish to control and regulate via the Bill. There is a major need to provide controls for the benefit of what in the Bill are called data subjects. On the other hand, some of the emotion generated on the Opposition Benches is a little difficult to understand. The right hon. Member for Manchester, Gorton (Mr. Kaufman) commented on the police holding data. He said that if certain data could be examined, they must be so mundane that it would be unnecessary to provide for that, but if they could not be examined they might be inaccurate, which was a disgrace. 89 It seems that there is no way in which the Government can win in their provisions for the police holding data. I believe that most people want to ensure that the police have good systems so that criminals are apprehended and crimes are prevented. The balance of provisions in the Bill is right and should ensure that criminals are inhibited, and at the same time that the individual has reasonable protection.
One of the problems that we face in such legislation is that the number of data users and databases is increasing very quickly, with the incredible growth of the use of microcomputers in small businesses and in the home. There is a danger that the wealth of databases might inundate the registrar if we are not careful.
§ Dr. MarekI have two points to make. First, I agree that there will be a great multiplicity of databases and users, some of which may be in other countries, not even in this country. The Bill does not take that into account. Secondly, earlier there was a great hullabaloo from Members of the minor parties about how many of them were in the Chamber. However, now that they have all made their speeches most of them have gone and there is just one left.
§ Mr. AshdownThe hon. Gentleman should recognise that at present there is an attendance of 4.5 per cent. of the alliance, 0.5 per cent. of the Labour party and 2.2 per cent. of the Conservative party. I hope the hon. Gentleman will cast the mote from his own eye before attacking people.
§ Mr. WoodI cannot regard that as a major contribution to the debate.
The hon. Member for Wrexham (Dr. Marek) said that the Bill did not address itself to databases overseas. I think that the Bill does touch on the matter, but the Government rightly believe that if data from overseas are not brought to this country, that is not a matter for this country's legislation. However, if they are, that is a matter of concern.
§ Mr. Rob Hayward (Kingswood)My hon. Friend was correct to say that there is reference in the Bill to cross-border data flows. It is in clauses 4 and 5. However, does he agree that there are inadequacies, in that some countries might have different practices and standards? Hon. Members have referred to signatories of the convention. They would probably have a higher standard in relation to cross-border data flows than that of non-signatories of the convention.
§ Mr. WoodOf course that is so. It is one of the reasons why I suspect that the Bill, when it is enacted, will need to be subject to review. In the light of experience there might have to be changes in the provisions, including those on the exchange of data between countries.
An important point is that quite often there are hybrid systems for the holding of data. One keeps a certain amount of information on a computer data base and other information on manual records, which are linked to the information on the computer data base. One might need to address that matter with more care. There is no doubt that concern about speedy access and other matters led to the great pressure to introduce legislation. There could be a system on which exceedingly sensitive and possibly inaccurate data was held manually, but on which it would 90 be possible to get to the data quickly because there is a computer indexing system. On that indexing system there could be a skeletal amount of information about the individuals concerned. Perhaps it is too easy to say that we shall not cover the manual holding of data, because there could be further complications.
There is a difficult line to draw in word processing. Much word processing data are held for only a short time and it might be absurd to try to register that use. However, word processing data may be held for years, and they may be indexed. If one has an effective word processing system, it should be so indexed. One may be holding data which are important and sensitive.
§ Mr. FreemanDoes the hon. Friend agree with what was said by our hon. Friend the Member for Wells (Mr. Heathcoat-Amory), who touched on the use of computers by hon. Members? It is an important point. He said that in certain circumstances the keeping of manual records would be covered by the Bill. Does my hon. Friend agree that the Minister should consider the point about whether the political use of data on computers and even word processors should be exempted under the Bill and that it is an anomaly that hon. Members might be covered and have to register under the Bill?
§ Mr. WoodThat matter merits further consideration, although I should be reluctant to exempt hon. Members because of the information they might hold.
What matters most to the individual is the accuracy of the data and who might be interested in that data. The danger is not so much that data might be held, but that they might be inaccurate. I recall a case affecting me. It did not involve computer-held data. Aspects of the information were not of major concern or interest to the individual concerned, but the information was passed to someone else, for whom the information had a different significance. It is therefore of the utmost importance that the passing of information from one data user to another is carefully monitored.
Under this legislation, it may be that a data user who is not sympathetic to the interests of the Bill may create two or three files which, when used in conjunction, can enable a variety of deductions to be made. In some instances the absence of information on a file about an individual may be significant. It is similar to saying, "Why did the dog not bark in the night?" A database could contain a list of all those who, in one way or another, were regarded as respectable and a list of those who were not so well regarded. There may be another file containing the names of the full string of people about whom the data user is concerned. It would be necessary simply to carry out a processing operation to demonstrate those in whom the data user is interested.
§ Mr. HaywardIs it not the case, when referring to the compatibility between word processing and computer sytems, that basic information on an individual would be held on a word processing system, whereas the sensitive information would be held on the main computing system, given that Wang and other major word processor systems are compatible with all of the major computer systems in the world and that information could, therefore, be interchangeable? Clause 1(3) therefore contains a flaw in that circumstances can be identified from the information and the information could go from a word processor into a computer system.
§ Mr. WoodThat point is valid although, even without going into the question of the word processing system, it is possible to create the circumstances which I have endeavoured to show. That process contains dangers which are not easily handled, and the Bill as it stands also does not handle them well.
A number of my queries would be more appropriately dealt with in Committee. Overall, the Bill is much to be commended. It endeavours to avoid excessive bureaucracy and interference by those who need to handle efficiently data about individuals, their accounts and so on. The Bill in its general approach provides a satisfactory compromise to protect many individuals, while it enables effective data processing to continue.
§ Mr. Andrew F. Bennett (Denton and Reddish)I am pleased to follow the hon. Member for Stevenage (Mr. Wood) because I too want to refer to hybrid schemes, which are one of the most worrying aspects of the Bill.
We must judge the Bill on whether it improves the quality of life of our individual constituents and meets the demands and requirements of those who have long been campaigning for data protection legislation, without imposing too many difficulties on data users. On that count, this is a miserable and disappointing Bill. Many hon. Members have suggested that when the Bill is in Committee it may be improved. Liberal and Social Democratic Members have been arguing that on this occasion they will support the Bill but may not be so happy to do so on Third Reading.
During the early stages of the Committee proceedings on the previous Data Protection Bill I was disappointed that it was difficult to put down amendments about points of concern because of arguments that we were widening the scope of the Bill. I do not doubt that in the next Committee even more ingenuity will be shown. I suspect that the Committee will be frustrating unless, even at this late hour, the Government are prepared to concede that there will be a Special Standing Committee on the Bill so that there may be further debate and inquiry about the areas of difficulty and the Bill's shortcomings. The Bill could then be improved.
I do not understand why the Government are keen not to have that procedure, because if they genuinely believe that the Bill is right as it stands, it would be easy for them to call a fair share of the people who were witnesses to the earlier Committee before the Special Standing Committee to substantiate the Government's view. I suspect that the Government are reluctant to have that special procedure because they doubt whether any witnesses, whatever the selection process, would come forward to give the Bill favourable comment. The problem would be that almost every witness before the special Select Committee would be critical of the Bill.
§ Mr. HaywardIs the hon. Gentleman, in proposing a Special Standing Committee or some form of inquiry associated with a Select Committee, advocating a further delay in relation to data protection and thereby exacerbating the problem to which several hon. Members have addressed themselves—that a two-year delay in implementation is too long?
§ Mr. BennettI am suggesting that the process should be faster. The problem is that with many pieces of 92 legislation our existing Standing Committee procedures do not help us to improve the legislation. Debates must be conducted around a narrow series of words amending the Bill. In the last Parliament, the device of the special Standing Committee was developed whereby there were three sessions before the commencement of the Standing Committee when evidence was given and questions asked. That was an intelligent way of speeding up the Committee proceedings because the key issues could be discussed at that stage. If the Government were prepared to listen to some of the arguments and to make changes, it was possible for them to table amendments. The result was that the Standing Committee proceedings were shortened. In the last Parliament, legislation — certainly on the Education (Fees and Awards) Bill and in several other instances—was dramatically improved because of that special procedure.
§ Mr. Patrick Nicholls (Teignbridge)Will the hon. Gentleman give way?
§ Mr. BennettI am worried that there will be pressures from the Government Front Bench for time to speak, so I had better proceed. I am most disappointed that the Government have not been prepared to use the Special Standing Committee procedure in this case. I hope that they do not seek to bury that procedure permanently.
During my time as a Member of Parliament all the pressure that I have encountered from people in these matters has been for access to manual rather than computerised records. People are greatly concerned about access to school records, social security records and, more recently, the information on which housing benefit is calculated. The Government have made concessions to the medical profession about medical records, but I wish that doctors were a little more professional and did not tell colleagues that certain patients were troublesome and awkward and not welcome on their lists.
I believe that the Bill will discourage people from changing from manual to computerised systems, because they will not want to go through the process of registration and that if they start to use computers at all they will be tempted to opt for a hybrid system in which the simple information is handled by the computer and can be supplied on request and the more complicated and delicate information is kept on a manual record so that the computer printout merely shows, by a star or some other sign, that there is a manual file. As I understand it, the individual will not have the right to check the manual file.
Two problems arise in this connection. First, the information on the manual file may be inaccurate and the individual should have the right to have it corrected. Secondly, a user selecting names may be tempted to take only those against which no star appears so that there is no need to consult the manual file, in the knowledge that the unstarred names are perfectly safe but that manual files may contain sensitive material. Users may be tempted to assume that the starred names are best avoided, as people with whom they might not wish to deal for credit or other purposes. Reluctance to check the manual file may lead to mistakes because the very existence of the file may be taken as a black mark. It is thus extremely dangerous to encourage hybrid systems and the possibility of people jumping to conclusions in that way. If there is anything on the computer printout to show that a manual file exists, the individual must have the right to see the manual record. 93 The committee of vice-chancellors and the various examination boards should not be entitled to exemption simply because examination marks are kept on computers, but I hope that in Committee the Government will make provision for exemption for a limited period. At present, O-level examinations are taken in June. The papers are marked at the end of June or the beginning of July and the results are put on to computer in rough form at that point. It would be stupid to allow parents or youngsters access to that information when modifications might need to be made later to take account of marking standards and so forth before the final results were published perhaps six weeks later. The boards should not be allowed to hide the information altogether, but they should be given time so that the results are revealed only at the final stage.
Finally — I notice that my right hon. Friend the Member for Birmingham, Small Heath (Mr. Howell) is getting restless — I introduced a small measure just before Christmas to deal with newspapers being delivered to people who did not want them. I shall not go into that now, save to say that I have received an enormous amount of correspondence from people who are concerned about the amount of unsolicited mail that comes through their letterboxes. The most famous example is no doubt the Reader's Digest, which must win first prize in the waste paper raffle. People want the right to know whether their names are on such lists and how the information is passed on and, preferably, the right to get off such lists.
I hope that if the Bill is given a Third Reading, it will be drastically improved in Committee and come back in a much improved form. Otherwise, there will be demands for new legislation almost as soon as it reaches the statute book.
§ 9.3 pm
§ Mr. Denis Howell (Birmingham, Small Heath)The Bill represents a missed opportunity and we greatly regret that. As I said in an intervention, the measure has been reintroduced with all the benefits of hindsight, but the Government have not taken advantage of that. As the Home Secretary made clear, it has now had three Second Readings here and in another place, as well as two Committee stages and two Third Readings. It is thus possible to form a judgment on how far the Government have sought to meet the serious objections of principle that have been raised.
When this measure last came before the House we said that we hoped that it would be substantially improved in Committee. I acknowledge that there have been improvements, but they do not deal sufficiently with the defence of the private citizen and privacy. We shall vote against Second Reading tonight because, despite the improvements, especially in response to representations made by business and the CBI, fundamental doubts remain about some provisions. Substantial objections continue to be represented to us by a collection of organisations with the greatest responsibility — including the British Medical Association, the four local authority associations, the Association of Metropolitan Authorities, the Trades Union Congress, the National Council for Civil Liberties, the universities and, especially, the Law Society.
For those reasons we propose that the Bill should enjoy the Special Standing Committee procedure. I am glad that most hon. Members think that that would have been a sensible way to proceed. That Committee could have called expert witnesses and heard the substantial 94 objections of those bodies. I can disclose to the House that, were the Government to agree to that proposal, we would not vote against Second Reading.
It would have been perfectly logical, because expert evidence would have been available to such a Committee and the witnesses could have been cross-examined. The combination of the Government's failure to meet such substantial representations and their objection to the Special Standing Committee procedure leads us to conclude that we must vote against Second Reading.
Many hon. Members asked why the Bill had been reintroduced so speedily after the general election. The Government have said that we must sign the convention agreed at the Council of Europe, for the good reasons given by the Home Secretary earlier — the massive national interests of trade and commerce that are involved in our signing the European convention. The Opposition acknowledge that and do not dismiss it lightly. It is of considerable importance, especially for the City and commercial institutions, that we should sign the convention as soon as possible. Nevertheless, even that does not excuse the Government's haste.
Apart from clause 28, other improvements have been pressed on us by the CBI. The reason why it is happier about the Bill is contained in the seven points of its representation. Six out of seven points come down to the fact that the Bill makes matters easier for business and commerce—in certain respects, however, at the expense of the privacy of the individual. That is a cause of worry. For example, point 7.7 of the CBI's memorandum, advanced in favour of the Bill, states:
A data subject must now have suffered damage by reason of the inaccuracy of data about him before being entitled to compensation.That is a case of double jeopardy if ever I heard one. The CBI is saying that it is pleased that the Government have lessened the protection for the individual in that respect, because now he must show that he has suffered damage because of the inaccuracy of data before being entitled to compensation. Most reasonable people would find that unreasonable. They would think that if inaccurate information were stored about an individual, it would be a serious matter in itself, quite apart from questions of compensation and damages. Although I accept that there have been so-called improvements, I doubt whether they make the Bill substantially better.I acknowledge straight away that the Government have substantially improved clause 28 in that it no longer relates to information collected for the purposes of immigration control. That was of serious concern, especially in how it would have affected community relations, and on behalf of the Opposition I am pleased that it has now been removed.
I agree with the Home Secretary that all of us, especially those who represent inner city constituencies and areas of multiracial deprivation, wish to remove anything that could cause serious grievance to the ethnic communities. In that regard, the exemption of immigration control information is a progressive move. Despite that, it would be foolish to pretend that this measure, in conjunction with other legislation already in operation, does not cause serious concern to the ethnic communities.
For example, I presume that all passport information will be stored on a computer. As this will be a Government computer, and as it will be sensitive information, it may 95 well be protected for reasons of national security, and passport holders may not have easy access to it. The Home Secretary knows that some of us are already concerned about the fact that certain officials are now asking for the passports of coloured members of our community when they do not make the same demand of the white population.
Increasingly, registrars of marriages are demanding such passports. Indeed, I have told the Birmingham registrar, both in writing and on the telephone, "You would not ask a member of my family to show his passport when he wishes to get married. Therefore, you have no right to ask a member of anyone else's family." That is an offensive practice. I have taken the matter up with the chief registrar, but I have not got very far. However, it is an example of the sort of thing that is causing growing concern.
The same could happen with the new national insurance cards—the bit of plastic that I heard a Minister defend so enthusiastically just the other day. It would be perfectly reasonable if that piece of plastic were used only to record our national insurance numbers and would never be used for any other purpose. There is, however, a fear that it could be used for all sorts of other things.
It would be possible for the police, the Home Office and other authorities to tap the social security computer. Indeed, they could even require, as registrars are requiring, people to produce these cards. The combination of such things taken together highlights the dangers that may arise, as well as our concern. We shall, of course, examine many of these matters in Committee, but we will be pleased if the Home Office responds to these problems in the same way that it has responded on clause 28.
The Opposition have some fundamental objections to the basic philosophy behind the Bill. Although it purports to be concerned with the protection of stored data, essentially it deals with the rights of agencies rather than with the privacy of the individual.
The Financial Times made that point today. That paper has been quoted several times in the debate, but I shall quote another passage. Professor Edwards and his colleague said:
a necessary consequence of confining the Bill to automatically processed data is that data held manually is outside the ambit of the legislation. Sensitive data can continue to be concealed from data subjects by transferring to manual processing methods. This may discourage computer usage, thus defeating an often stated policy of the Government".In my opinion, that is true. One of our fundamental objections to the Bill as drafted is that it excludes manual files. In my judgment, there is every reason to include such files.The Younger committee considered privacy. This is where the Government have missed an opportunity to link protection of individual interests in respect of privacy with data protection. I heard the Minister of State say today on the radio—and I quote his words:
You have to recognise that you can store or extract information in a second or two".That was his justification for producing the Bill and for excluding manual files. He was saying, in fact, that because one cannot get at information in a second or two, no matter how sensitive or offensive it might be to the individual, the Government should disregard it, but that when it can be extracted in a second or a fraction of a 96 second, Parliament should legislate. Such a position is fundamentally impossible to uphold, and I hope that the Government will think again.Let me give the House an interesting example. I asked a member of my staff in the House to telephone one of the largest private detective agencies in London. The agency was very frank. It said, "We have 150,000 manual files." When asked whether it proposed at any stage to put on to computers that manual information about 150,000 different people, which might be totally inaccurate or obtained by many devious means, it replied, "Most certainly not. We wouldn't dream of having this information brought within the ambit of a registrar or anyone else." The information will remain stored on manual files. That is an example of some of the worries and double standards that will operate.
I am not surprised to find that the TUC takes much the same line. It draws attention to the misuse of manual files and the personal information that they contain, particularly in schools and hospitals, by employers and by certain social services. The TUC mentioned the fact which I hope the Minister will consider—perhaps we shall discuss it in Committee—that the European convention allows the Government to extend protection to manual files. So even if the Government, at this moment, do not think they can do it, we urge them to make use of the full possibilities of the convention at a later stage. In fact, in many other European countries, particularly Sweden and Norway, and outside Europe, in the United States, Canada and Australia, access to manual files is protected in the same way as the Government seek to protect mechanised and technological information. I do not accept the Home Secretary's view that all this would be too cumbersome, expensive and damaging to business. That was the defence that he offered earlier today about his failure to protect individuals in such circumstances.
The Younger committee made a powerful case for the establishment of a statutory commission. That is at the heart of many of our objections. There are many ways in which the Government could have protected the individual in our society. They have chosen one—the appointment of a registrar—and disregarded all the others.
However eminent the registrar may be, he will be overwhelmed by work. He will have a staff of only 20 and there will be hundreds of thousands of systems to be registered. He will not be able even to start to do his job. The British people are naturally inquisitive. For a start, few hon. Members will not want to know what information about us is contained on computers. We shall start asking the banks, insurance houses, hospitals and all the rest. It is nice for a person to know what information about him is being stored. There are 50 million independently minded British people. I suspect that most of them will want to know about the information that is stored on computers. The registrar will be overwhelmed.
The Younger committee recommended in paragraph 621 the establishment of a standing commission with statutory backing. In paragraph 622, the committee said that such a commission could
receive complaints about invasions of privacy by the users of computerised information stores.The important part of Younger's recommendations about the commission was:In the light of its findings it should, from time to time, make recommendations as it saw fit for legislative or other controls".97 I entirely agree with that. The whole point of having a commission is that it should start the work and, as it gains experience, it should report to Parliament and advise us on the changes that we should make for the protection of individuals as well as computer agencies. The registrar will do no such thing.There ought to be inspectors. Surely one of the points of establishing an authority is to have inspectors visiting various institutions, as do the inspectors to whom we have given statutory backing in many other areas, including the NHS and the Office of Fair Trading.
It is a serious deficiency that the Government have not agreed to provide codes of conduct. The Minister of State says that the Government do not want codes of conduct, because there would have to be more than 50 of them. That merely means that more than 50 are needed. The Home Secretary ought to note that the Office of Fair Trading has more than 100 codes on fair trading. Why cannot we ask the OFT to regard data protection as fair trading and to develop its work in that area? At least we should then be getting somewhere near the type of authority that we need.
The Lindop committee, which followed on from the work of the Younger committee, also examined minimum standards and alternatives. One amendment that was defeated in another place provided that if we could not have a statutory authority with inspectors, we should at least have an advisory committee.
There ought to be at least an ombudsman, someone who signs the Official Secrets Act and can investigate on behalf of the individual. I hope that the Government will consider the suggestion. The Fabians made a proposal recently, when talking about official information, for a director of information. I am much attracted to the concept, which would give the individual some sense of satisfaction and guarantee. If an ombudsman or a director of information who had signed the Official Secrets Act were appointed, a citizen could go to him and say, "I would like you to investigate on my behalf to make sure that no improper, inaccurate information is stored about me." He would not have to disclose the nature of the information to the citizen. The fact that an independent person examined, analysed and checked the information would in my view be a considerable guarantee for citizens of this country. No such provision exists in this country. We are to have only a registrar, who will uphold the eight principles supported, I understand, by both sides of the House.
Schedule 1, incorporating the eight principles, is the most attractive part of the Bill. However, I am bound to point out — I hope that the Home Secretary, as a barrister, will not mind my saying it — that all the members of the tribunal that will listen to the complaints and appeals from the decisions of the registrar will have to be barristers, advocates or solicitors. I do not know why that is so. Two barristers are dealing with the Bill before the House. I wish that they would put their prejudices a little on one side. I know they have moved some way since the previous Bill was considered by the House. They have now agreed that the interests of the various parties shall be reflected in the appointment of members to the tribunal. I cannot for the life of me understand why the good English jury principle of having people of intelligence and common sense to represent business, commerce and other aspects of our national life cannot be followed.
I turn now to some of the areas of concern of most of the responsible organisations. My own trade union, APEX — the Association of Professional, Executive, Clerical 98 and Computer Staff—has given the matter a great deal of attention. Most of its experience has found its way into the TUC's papers, so I shall not spend long on the detail. APEX believes that a public registrar is no substitute for a proper data protection agency. APEX and the TUC make the interesting point that, because the Bill is so inadequate on employee rights and protection, they will now urge all negotiators to establish formal agreements with employers on data protection, especially as it concerns payroll staff and pensions, and indeed, all areas on which there is doubt. That will mean a growth in negotiations. This is inescapable since there is no other means to achieve the objective. APEX and the TUC are particularly concerned about clause 31, and the failure to protect payroll information on pensions and financial accounts.
The BMA has been mentioned, and here the Government have got themselves into an extraordinary mess. The Younger committee said:
Information should be regarded as held for a specific purpose and not be used without appropriate authorisation for other purposes.The Lindop committee said that the decision of the Government to allow very private and confidential health information obtained from hospital or health authority records to be transferred without the knowledge of the doctor concerned to the social services department and used to the detriment of his patients was
a fraud on the public.It is a fraud, and it is a major aspect of the Bill that we shall have to take up in Committee.I envisage the possibility of a difficult social security case, perhaps involving a young girl in care, where a doctor has confidential information and it is transferred to the social services department without his knowledge and possibly used in association with police computers, to the great detriment of that girl or her family.
The Association of Metropolitan Authorities and the Association of County Councils have written to me on behalf of the four local authority associations expressing their great concern about the failure to protect the privacy of information especially in respect of schools, social services, planning and health. The National Council for Civil Liberties and many other bodies have taken the same view.
Most important of all in terms of personal information is the ability to purchase mailing lists. This is becoming a very serious matter. The potential for blackmail is considerable. Anyone can buy the names and addresses on mailing lists of subscribers to all sorts of periodicals which most of us may not wish to read, and they could be used for wrong purposes. Examples which I have and which I shall explain in more detail in Committee also show abuses involving credit cards, credit information and debts which have proved to be totally inaccurate. I know of a case in which 40 people were summoned to appear in court in respect of their alleged bad debts because someone had bought the bad debts of the Littlewoods mail order business. They were all innocent. They had paid what they owed but the man whom they had paid had gone off with the money. Littlewoods did not know that but sold what it thought were its bad debts, to the detriment of all those concerned.
The Bill offers us a registrar who will be overwhelmed with work and will be inadequately staffed, without codes of conduct approved by Parliament. It is a totally inadequate protection for the individual citizen, of his 99 privacy, of his right to know what information is held about him and of his right to be told when such information is being transferred to others. We have heard no adequate justification from the Government of their failure to meet these worries. For that reason I shall ask my right hon. and hon. Friends to vote against the Second Reading of the Bill.
§ The Minister of State, Home Office (Mr. David Waddington)The right hon. Member for Manchester, Gorton (Mr. Kaufman), with his enthusiastic supporters fluctuating wildly from five and three, sprang a surprise on us. He announced suddenly that it was the Opposition's intention to vote against Second Reading of the Bill. We heard a lot of fire and thunder from the right hon. Gentleman, but not one word of explanation of this extraordinary decision.
Many arguments were advanced on Second Reading last time. Others were raised in Committee, resulting in various changes being made to this Bill, which is somewhat different from the Bill which was given an unopposed Second Reading last April. No explanation of the Opposition's decision has been forthcoming. It is just one of those extraordinary volte faces similar to the Opposition's volte face over the Prevention of Terrorism Bill. The arguments have not changed. One can only assume that the explanation is that the Labour party has changed.
It is sad that the right hon. Member for Birmingham, Small Heath (Mr. Howell) should feel obliged to humiliate himself by going along with such arrant nonsense. The arguments that he advanced were arguments for putting down a reasoned amendment. He said that he approved of a measure directed to these problems, and then pinpointed various matters in the Bill with which he did not agree while mentioning others with which he did.
My right hon. and learned Friend the Home Secretary explained the basic aims of the Bill. They are to protect British business interests by enabling us to ratify the European convention on data protection and to protect individuals from the possible misuse of personal information held about them on computers. Ratification of the convention is of great importance if British firms are not to lose out in the increasingly sophisticated world market place. Only by ratifying can we demonstrate to other countries that if data are passed to the United Kingdom, they will be protected in accordance with internationally accepted standards. The very fact that we are putting ourselves in a position to ratify and are therefore meeting the European standard should serve to reassure individuals in this country that their personal data are adequately protected by the scheme that the Bill establishes.
The right hon. Member for Gorton gave us an extraordinary offering on that point. In a most scornful fashion he said that the Bill was all about trade and money. However, it is also all about jobs, and the right hon. Gentleman should have the sense to realise that. I must stress that the Lindop committee did not find any evidence of the widescale misuse of personal information, and we do not believe that the position has altered to any great extent in the intervening years. Nevertheless, the potential for misuse exists, and there is concern about the storage 100 on computers of information about individuals, and the way in which such information might be used. The best way to allay that public unease is to bring the whole matter into the open.
§ Mr. Andrew F. BennettIf the hon. and learned Gentleman is so concerned about jobs, why is the registrar's staff of 20 so exceptionally small? Would not it be a good idea to provide him with more staff, who could then make a significant contribution?
§ Mr. WaddingtonIf the hon. Gentleman is suggesting that the way to cure unemployment is to recruit unnecessary people to public bodies, his opinions are more extraordinary than I imagined.
The register will reveal just who is processing personal data, what for, and where they get the data from. It will be the means by which individuals, through the right of subject access, will be able to find out whether any particular data user is processing information about them. We make no apologies for coming close to universal registration. In clause 31 we have exempted data for payroll and accountancy purposes, which are data that subjects know will be held as a matter of course, and there is also the exemption in clause 32. But it is very nearly universal registration, and it will be beneficial because the public will be made aware of the extent of the computerisation of personal information, and users will have to think about the sort of personal information that they hold, why they hold it and whether they need all of it. We have already heard of data users who expect a large-scale thinning out of their computer files under the stimulus of registration.
Registration is the best way of complying with the obligation in article 8 of the convention, which states that every person shall be enabled
to establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file.The alternative put forward by the hon. Member for Southwark and Bermondsey (Mr. Hughes) was quite horrific. He said that it was bureaucratic and complicated to have universal registration, and that everyone who operated a computer in Britain would have to give personal notice of the fact that he had information on his file about an individual. If I have got it wrong, perhaps the hon. Gentleman will tell me what his alternative to registration is.
§ Mr. Simon HughesToday I have repeated a point that I regularly made in Committee—that the definition is so wide and vague that it encompasses many categories of use, yet is so inadequate that it does not provide protection. It is a matter of definition according to the machinery and items of equipment. In Committee we discussed that at length. It is clearly a matter for further investigation. No hon. Member from these Benches has suggested universal registration. Clearly, such registration is not in the interests of business, in particular.
§ Mr. WaddingtonI simply cannot follow what the hon. Gentleman is saying. He was reverting to the definition in clause 1. If he does not like universal registration, he must make clear what he does want, and that must meet the obligations imposed under article 8 if we are to ratify the convention.
We make no apology for the fact that the Bill does not deal with manual data. It would be extraordinary if it did. 101 The White Paper pointed out that a special threat to privacy was posed by the rapid growth in the use of computers, with their ability to process and link at high speed information about individuals. Of course, information remains information in whatever form it is held or processed, and if it is incorrect or misleading, or used in certain ways, the subject of the information may be at risk. But the extent of that risk is greatly increased when information is recorded on computers because computers make the handling, the retrieval, the transfer and the use of information so much quicker and easier. I must tell the right hon. Member for Small Heath that that is the point that I was encapsulating in my remarks on Radio 4 this morning.
The hon. Member for Yeovil (Mr. Ashdown) forcefully pointed out that a name can be extracted from the vast amount of information on the DHSS computer in five seconds. It is because people are concerned about the threat to privacy through the sophisticated new instruments that we are embarking on this legislation. It is on a different scale from the storage of manual information. That point has come over clearly in the debate.
With the press of a button an organisation can call up all the information which it has about an individual and which it may have collected from many different sources for many different purposes. If that same information were stored manually, it would be scattered around on separate files and in different parts of the organisation, making it very much more difficult to produce a composite picture of the subject. It is that tremendous capacity of computers to store vast quantities of information and to handle that information or to transfer it to a remote location, possibly on the other side of the world, within seconds or even fractions of a second, that worries people. It is that concern that the Bill is designed to meet, and that the convention was mainly concerned about.
§ Mr. AshdownThe Minister has conceded the difference between machine-held data and manually held data. Why has he not established different constraints on the passage of information between Government Departments from those that already apply to manual data? For example, the police and DHSS liaison predicted in the Bill is the same as that which currently exists for the passage of manual data information. No additional safeguards are provided.
§ Mr. WaddingtonThere are numerous safeguards. The police, the DHSS and everybody else will have to register those to whom they intend to disclose information. That is the star point. It is legitimate to criticise the exemptions as being too wide, but it is not legitimate to argue that the Bill does not mark a step forward and produce safeguards that did not exist previously. To listen to Opposition Members one would think that we were taking away the rights of the individual, when, in fact, we are providing new rights.
The question of manual data was also touched on by the right hon. Member for Gorton, who poured scorn on the fact that it was not covered by the Bill. He mentioned the European experience. I shall say a word or two about that, because one of the purposes of the exercise is to ratify the convention. There are no sanctions in Swedish law on manual data. The law applies only to automatic processing. In Austria, the powers of the data protection authority apply only to automatically processed data. In 102 Luxembourg, the law also applies only to automatically processed data. Denmark has two separate Acts for the private and public sectors, and the public sector Act applies only to electronically processed data. In Germany and Norway, manual data are for the most part not covered, but in France—it is the only case—manual data are covered.
I come to the exemptions and, in particular, the provisions of clause 28 which, as the right hon. Member for Small Heath pointed out—I was glad that he paid tribute to us in this regard, if in no others—no longer contain an exemption for personal data held for the purpose of the control of immigration.
It is sometimes said that police data are exempt from the Bill. That is not so. The police, like everyone else, must register, and the data that they hold will be subject to the data protection principles and the registrar's supervision. Clause 28(1) simply says that where data are held for the purposes of preventing or detecting crime or for apprehending or prosecuting offenders, subject access may be denied if, but only if, granting access would be likely to prejudice those purposes.
This is not, therefore, a complete exemption from subject access for all data held by the police covering, for instance, even a man's record, but a limited exemption for data the disclosure of which to the subject would prejudice the law enforcement activities in which the police are engaged and which, I am sure hon. Members will agree, are vital to the well-being of society.
Furthermore, the exemption from the non-disclosure provisions in clause 28(2) does not take away from individuals any protection that they now have. It maintains the status quo, allowing a person, not compelling him, to pass on information to the police if he wishes to do so. I emphasise that. It would be odd indeed if we were to finish up legislating to punish a man for co-operating with the police. It is entirely a matter for him. If the police claim exemption under clause 28 and come to him for information, it is up to him whether he gives that information.
I shall not dwell on the Special Standing Committee point made by the right hon. Member for Gorton, except to say that he did not ask for such a step on the last occasion. Indeed, no Labour Member asked for that last time, though there would have been a better case for it at that time. Since then there has been even more consultation and debate. We have debated the measure for no fewer than 78 hours. I can hardly think of a Bill that has been the subject of more consultation and resulted in more delegations coming to the Home Office and speaking to Ministers.
The right hon. Member for Gorton was scornful of my right hon. and learned Friend, saying that he had referred to people as "data subjects" on no fewer than nine occasions. That phrase occurs in article 2 of the convention, so it is hardly surprising that it has been imported into this legislation, one of the two objects of the exercise being to ratify the convention. Again, it was difficult to see what the right hon. Gentleman was getting at.
§ Mr. KaufmanHas the Minister no feeling for our language? The fact that the European convention employs it does not mean that the British Government, the custodian of the Queen's English, should use hideous jargon such as that.
§ Mr. WaddingtonCome off it. The right hon. Gentleman said that there would be no authority in accordance with article 13. He then went on, with a complete non sequitur, to say that therefore there would not be any inspectors to follow up complaints. Then he went on to concede that our intention was to make the registrar the authority. It is therefore difficult to understand how the right hon. Gentleman can contend that there will not be any inspectors to follow up complaints when the registrar will be just as able as an authority to employ staff to investigate breaches of the principles.
The right hon. Member for Gorton said that the Government were asking for a blank cheque under clause 29(2), which relates to an application for subject access to information about mental health or social work. Most of us recognise that distress might well be caused to individuals if they have unfettered access to what their social workers have to say about them. That is well recognised by those who work in that area. Discussions are taking place to ascertain how best regulations might be introduced by my right hon. and learned Friend to deal with that matter.
The right hon. Member for Gorton said that clause 21 would make a person go to court to get a remedy. Nothing could be further from the truth. The Bill enables a person to go to the registrar. If he tries to get subject access and is denied it, he will be able to go to the registrar to complain that the principles in the Bill are not being observed. The registrar will then be able to serve an enforcement notice on those concerned. If they do not comply with the notice, the registrar will be able to go so far as to serve a deregistration notice.
§ Mr. Simon HughesDoes the Minister accept that one of the fundamental weaknesses of the Bill is that there has to be the procedure which he has described before the individual can obtain knowledge of the information? If he or she were told what was there, the likelihood is that it would be monitored by the data subject far more effectively. The process which the Minister has described will take considerable time before enforcement takes place.
§ Mr. WaddingtonI do not understand the hon. Gentleman's argument. The best way of enabling an individual to discover whether information is held about him is by the system of universal registration, the system which he is attacking.
The right hon. Member for Gorton asked, "Why cannot we inspect our own tax files and our own police files?" We shall be able to do so unless the user brings himself within the exemption in clause 28(2). Information held about a person on a police file which amounts only to his criminal record will not come within the exemption in clause 28(2), as he will see if he reads that provision.
The right hon. Member for Gorton addressed himself to the national security exemption. Clause 27 has been toughened up since the Bill's predecessor was introduced in the previous Parliament. An exemption is allowed by the convention. Most European countries, except for Sweden and France, have wholly exempted national security data. It is well precedented that matters of national security should be left to the certificate of a Minister. That is because only Ministers can be in a position to determine when national security needs to be safeguarded, taking 104 their decision in the light of all the circumstances of the case on the advice available to them. Neither the courts nor the registrar would be able to make that judgment.
My hon. Friend the Member for Thanet, North (Mr. Gale) said that a subject would not be able to go to the tribunal. I remind my hon. Friend that a subject cannot be adversely affected by the registrar's actions. The registrar will be there to act on the subject's behalf, and it is to him that the person will turn for assistance. If he is not satisfied with the action taken by the registrar, he may go to court as a last resort for an order for subject access or for the erasure of any inaccurate data. I remind the House that the tribunal will have a person on it to represent the interests of the data subject. That provision appears in clause 3(5)(b).
My hon. Friend the Member for Thanet, North referred to clause 27 and said that the exemption for national security should be signed only by the Prime Minister or the Home Secretary. That change would not really make very much difference. It certainly would not meet the point made by the Opposition.
The hon. Member for Dundee, East (Mr. Wilson) said that the Bill would enshrine in statute the right of Government Departments to pass on information. It will do nothing of the sort. It will enshrine in statute for the first time the right of an individual to interrogate a Government Department to find out whether it is holding information about him and, if so, what that information comprises.
There is no complete exemption in the Bill for the prevention or detection of crime. Indeed, the police, like other data users, will have to register. We may have made that part of the Bill tougher than it had to be to comply with article 9 of the convention.
My hon. Friend the Member for Ilford, South (Mr. Thorne) was anxious that the scheme should not impose too heavy a burden on industry. We are confident that it will not do so. The explanatory and financial memorandum states that the scheme may cost about £650,000. If that is about right, and if the number of people who have to register is very much lower than has been forecast by some Opposition Members, it should be possible to cover costs with a registration fee as low as £10.
My hon. Friend the Member for Ilford, South mentioned the need to duplicate information in the interests of civil defence. It is common practice in the private sector for users to have a computer available on a separate site which is able to take over if there should be a failure in the main system. Within the Government it is the practice for there to be mutual back-up arrangements whereby individual Government users provide emergency facilities for other users.
My hon. Friend also mentioned the use of codes. He suggested that it would be possible in a computer entry to show whether a man was creditworthy by placing his initials either before or after his surname. However, in clause 21(1) states that if a code is used on a computer, a subject who asks for access must not just be told that there is an asterisk against his name. He must be told what the asterisk connotes. The data subject would have to be told why in some cases the initials appeared in front of the name and, in other cases, after it.
My hon. Friend said that the Bill would allow the transmission of information from one branch of the Home Office to another. If, as is likely, the Home Office continues to have a number of computers, and the entry for each computer states that the intention is to transmit 105 information to the other computers, that will be perfectly proper. The subject will know what is happening, which is the object of the Bill.
The hon. Member for Stretford (Mr. Lloyd) talked about the transfer of information to a third party. That brings us to the kernel of the Bill. Anyone can transfer information to a third party so long as, in his registration particulars, he has said that he intends to do so. If he has not done so, he will be liable to penalties under clause 5.
The hon. Gentleman wondered why expressions of intention were not included in the Bill. They are not included because it is considered that expressions of intention are more personal to the user than to the subject. Opinions, on the other hand, are clearly—
§ Mrs. Elaine Kellett-Bowman (Lancaster)Will my hon. and learned Friend give way?
§ Mr. WaddingtonI am afraid that I cannot give way. I have only two minutes left.
My hon. Friend the Member for Bournemouth, East (Mr. Atkinson) said that the Bill did not protect people from being sent unsolicited material. That is undoubtedly true. The Bill does not set out to do that. I can only assure my hon. Friend that the Younger committee found that many people liked being sent unsolicited material. We did not aim to deal with that mischief by the Bill, and the hon. Gentleman need not be surprised to see that it is not contained in it.
We have debated an important subject which has aroused considerable interest in the country. I am sure that the Committee will be happy and profitable, because we are dealing with important matters which concern us all.
§ Question put, That the Bill be now read a Second time:—
§ The House divided: Ayes 226, Noes 104.
107Division No. 146] | [9.59 pm |
AYES | |
Adley, Robert | Bulmer, Esmond |
Alexander, Richard | Burt, Alistair |
Alison, Rt Hon Michael | Butterfill, John |
Amess, David | Carlisle, John (N Luton) |
Arnold, Tom | Carlisle, Kenneth (Lincoln) |
Ashby, David | Carttiss, Michael |
Ashdown, Paddy | Chapman, Sydney |
Aspinwall, Jack | Clark, Sir W. (Croydon S) |
Atkins, Rt Hon Sir H. | Clarke, Kenneth (Rushcliffe) |
Baker, Nicholas (N Dorset) | Cockeram, Eric |
Baldry, Anthony | Coombs, Simon |
Beaumont-Dark, Anthony | Cope, John |
Bellingham, Henry | Cormack, Patrick |
Benyon, William | Couchman, James |
Berry, Sir Anthony | Dorrell, Stephen |
Bevan, David Gilroy | Douglas-Hamilton, Lord J. |
Biffen, Rt Hon John | Dover, Denshore |
Biggs-Davison, Sir John | Dunn, Robert |
Blaker, Rt Hon Sir Peter | Durant, Tony |
Boscawen, Hon Robert | Dykes, Hugh |
Bottomley, Peter | Edwards, Rt Hon N. (P'broke) |
Bowden, A. (Brighton K'to'n) | Eggar, Tim |
Bowden, Gerald (Dulwich) | Emery, Sir Peter |
Braine, Sir Bernard | Evennett, David |
Bright, Graham | Eyre, Sir Reginald |
Brinton, Tim | Fairbairn, Nicholas |
Brittan, Rt Hon Leon | Fallon, Michael |
Brooke, Hon Peter | Favell, Anthony |
Brown, M. (Brigg & Cl'thpes) | Fletcher, Alexander |
Bruce, Malcolm | Fookes, Miss Janet |
Bruinvels, Peter | Forsyth, Michael (Stirling) |
Buchanan-Smith, Rt Hon A. | Fox, Marcus |
Buck, Sir Antony | Fraser, Peter (Angus East) |
Budgen, Nick | Freeman, Roger |
Gale, Roger | Major, John |
Galley, Roy | Malins, Humfrey |
Glyn, Dr Alan | Malone, Gerald |
Goodhart, Sir Philip | Maples, John |
Good lad, Alastair | Marland, Paul |
Gow, Ian | Marlow, Antony |
Gower, Sir Raymond | Marshall, Michael (Arundel) |
Greenway, Harry | Mather, Carol |
Gregory, Conal | Maude, Francis |
Griffiths, E. (B'y St Edm'ds) | Mawhinney, Dr Brian |
Griffiths, Peter (Portsm'th N) | Maxwell-Hyslop, Robin |
Ground, Patrick | Meadowcroft, Michael |
Gummer, John Selwyn | Mellor, David |
Hamilton, Hon A. (Epsom) | Merchant, Piers |
Hampson, Dr Keith | Meyer, Sir Anthony |
Hanley, Jeremy | Miller, Hal (B'grove) |
Hargreaves, Kenneth | Mills, lain (Meriden) |
Harris, David | Mills, Sir Peter (West Devon) |
Harvey, Robert | Miscampbell, Norman |
Hawkins, C. (High Peak) | Mitchell, David (NW Hants) |
Hawksley, Warren | Moate, Roger |
Hayes, J. | Montgomery, Fergus |
Hayward, Robert | Moore, John |
Heathcoat-Amory, David | Morrison, Hon P. (Chester) |
Henderson, Barry | Moynihan, Hon C. |
Hickmet, Richard | Mudd, David |
Higgins, Rt Hon Terence L. | Neale, Gerrard |
Hirst, Michael | Needham, Richard |
Hogg, Hon Douglas (Gr'th'm) | Nelson, Anthony |
Holland, Sir Philip (Gedling) | Newton, Tony |
Holt, Richard | Nicholls, Patrick |
Howard, Michael | Normanton, Tom |
Howarth, Alan (Stratf'd-on-A) | Norris, Steven |
Howarth, Gerald (Cannock) | Oppenheim, Philip |
Howells, Geraint | Ottaway, Richard |
Hubbard-Miles, Peter | Patten, Christopher (Bath) |
Hughes, Simon (Southwark) | Patten, John (Oxford) |
Hunt, David (Wirral) | Pawsey, James |
Hunt, John (Ravensbourne) | Peacock, Mrs Elizabeth |
Hunter, Andrew | Percival, Rt Hon Sir Ian |
Jackson, Robert | Powell, William (Corby) |
Jenkin, Rt Hon Patrick | Powley, John |
Johnson-Smith, Sir Geoffrey | Proctor, K. Harvey |
Jones, Gwilym (Cardiff N) | Pym, Rt Hon Francis |
Jones, Robert (W Herts) | Raffan, Keith |
Jopling, Rt Hon Michael | Rathbone, Tim |
Kellett-Bowman, Mrs Elaine | Renton, Tim |
Kennedy, Charles | Rhodes James, Robert |
Key, Robert | Ridley, Rt Hon Nicholas |
King, Roger (B'ham N'field) | Ridsdale, Sir Julian |
Kirkwood, Archibald | Rifkind, Malcolm |
Knight, Gregory (Derby N) | Rippon, Rt Hon Geoffrey |
Knight, Mrs Jill (Edgbaston) | Roe, Mrs Marion |
Knowles, Michael | Shepherd, Colin (Hereford) |
Knox, David | Silvester, Fred |
Lang, Ian | Skeet, T. H. H. |
Latham, Michael | Smith, Tim (Beaconsfield) |
Lawler, Geoffrey | Soames, Hon Nicholas |
Lee, John (Pendle) | Spence, John |
Leigh, Edward (Gainsbor'gh) | Spicer, Michael (S Worcs) |
Lennox-Boyd, Hon Mark | Stanbrook, Ivor |
Lester, Jim | Steel, Rt Hon David |
Lewis, Sir Kenneth (Stamf'd) | Steen, Anthony |
Lightbown, David | Stevens, Lewis (Nuneaton) |
Lilley, Peter | Taylor, John (Solihull) |
Lloyd, Peter, (Fareham) | Tebbit, Rt Hon Norman |
Lord, Michael | Thomas, Rt Hon Peter |
Lyell, Nicholas | Thompson, Donald (Calder V) |
McCrindle, Robert | Thompson, Patrick (N'ich N) |
McCurley, Mrs Anna | Thorne, Neil (Ilford S) |
Macfarlane, Neil | Thurnham, Peter |
MacGregor, John | Waddington, David |
MacKay, Andrew (Berkshire) | Wakeham, Rt Hon John |
MacKay, John (Argyll & Bute) | Watson, John |
Maclean, David John. | Wells, Bowen (Hertford) |
Maclennan, Robert | Wells, John (Maidstone) |
McNair-Wilson, P. (New F'st) | Whitney, Raymond |
McQuarrie, Albert | Wiggin, Jerry |
Wood, Timothy | Tellers for the Ayes: |
Woodcock, Michael | Mr. Timothy Sainsbury and |
Mr. Michael Neubert. |
NOES | |
Adams, Allen (Paisley N) | Hughes, Sean (Knowsley S) |
Alton, David | Janner, Hon Greville |
Atkinson, N. (Tottenham) | Jones, Barry (Alyn & Deeside) |
Barron, Kevin | Kaufman, Rt Hon Gerald |
Beckett, Mrs Margaret | Kilroy-Silk, Robert |
Bennett, A. (Dent'n & Red'sh) | Lamond, James |
Bermingham, Gerald | Leadbitter, Ted |
Blair, Anthony | Leighton, Ronald |
Boyes, Roland | Lewis, Ron (Carlisle) |
Bray, Dr Jeremy | Lewis, Terence (Worsley) |
Brown, Gordon (D'f'mline E) | Lloyd, Tony (Stretford) |
Buchan, Norman | Loyden, Edward |
Caborn, Richard | McCartney, Hugh |
Callaghan, Jim (Heyw'd & M) | McDonald, Dr Oonagh |
Campbell-Savours, Dale | McKay, Allen (Penistone) |
Clark, Dr David (S Shields) | McKelvey, William |
Clay, Robert | McNamara, Kevin |
Cocks, Rt Hon M. (Bristol S.) | Madden, Max |
Cohen, Harry | Marek, Dr John |
Cook, Frank (Stockton North) | Marshall, David (Shettleston) |
Corbett, Robin | Maxton, John |
Corbyn, Jeremy | Michie, William |
Cowans, Harry | Nellist, David |
Craigen, J. M. | Park, George |
Cunningham, Dr John | Parry, Robert |
Davies, Ronald (Caerphilly) | Pavitt, Laurie |
Davis, Terry (B'ham, H'ge H'I) | Pike, Peter |
Deakins, Eric | Powell, Raymond (Ogmore) |
Dewar, Donald | Prescott, John |
Dormand, Jack | Radice, Giles |
Douglas, Dick | Rees, Rt Hon M. (Leeds S) |
Dunwoody, Hon Mrs G. | Robertson, George |
Eastham, Ken | Robinson, G. (Coventry NW) |
Evans, loan (Cynon Valley) | Rogers, Allan |
Field, Frank (Birkenhead) | Short, Ms Clare (Ladywood) |
Fields, T. (L'pool Broad Gn) | Short, Mrs R.(W'hampt'n NE) |
Fisher, Mark | Skinner, Dennis |
Foot, Rt Hon Michael | Smith, C.(Isl'ton S & F'bury) |
Forrester, John | Snape, Peter |
Foster, Derek | Soley, Clive |
George, Bruce | Spearing, Nigel |
Gould, Bryan | Stewart, Rt Hon D. (W Isles) |
Gourlay, Harry | Thomas, Dafydd (Merioneth) |
Hamilton, James (M'well N) | Tinn, James |
Hamilton, W. W. (Central Fife) | Warden, Gareth (Gower) |
Harman, Ms Harriet | Wareing, Robert |
Harrison, Rt Hon Walter | Welsh, Michael |
Hattersley, Rt Hon Roy | Williams, Rt Hon A. |
Haynes, Frank | Wilson, Gordon |
Hogg, N. (C'nauld & Kilsyth) | Winnick, David |
Holland, Stuart (Vauxhall) | |
Home Robertson, John | Tellers for the Noes: |
Howell, Rt Hon D. (S'heath) | Mr. John McWilliam and |
Hughes, Robert (Aberdeen N) | Mr. Don Dixon. |
§ Question accordingly agreed to.
§ Bill read a Second time.
§ Motion made—[Mr. Michael Cocks]—and Question put, That the Bill be committed to a Select Committee:—
§ The House divided: Ayes 111, Noes 215.
110Division No. 147] | [10.13 pm |
AYES | |
Adams, Allen (Paisley N) | Bray, Dr Jeremy |
Alton, David | Brown, Gordon (D'f'mline E) |
Ashdown, Paddy | Bruce, Malcolm |
Atkinson, N. (Tottenham) | Buchan, Norman |
Barron, Kevin | Caborn, Richard |
Beckett, Mrs Margaret | Callaghan, Jim (Heyw'd & M) |
Bennett, A. (Dent'n & Red'sh) | Campbell-Savours, Dale |
Bermingham, Gerald | Clark, Dr David (S Shields) |
Blair, Anthony | Clay, Robert |
Boyes, Roland | Cocks, Rt Hon M. (Bristol S.) |
Cohen, Harry | Lewis, Terence (Worsley) |
Cook, Frank (Stockton North) | Lloyd, Tony (Stretford) |
Corbett, Robin | Loyden, Edward |
Corbyn, Jeremy | McCartney, Hugh |
Cowans, Harry | McDonald, Dr Oonagh |
Craigen, J. M. | McKay, Allen (Penistone) |
Cunningham, Dr John | McKelvey, William |
Davies, Ronald (Caerphilly) | McNamara, Kevin |
Davis, Terry (B'ham, H'ge H'I) | Madden, Max |
Deakins, Eric | Marek, Dr John |
Dewar, Donald | Marshall, David (Shettleston) |
Dormand, Jack | Maxton, John |
Douglas, Dick | Meadowcroft, Michael |
Dunwoody, Hon Mrs G. | Michie, William |
Eastham, Ken | Nellist, David |
Evans, loan (Cynon Valley) | Park, George |
Fields, T. (L'pool Broad Gn) | Parry, Robert |
Fisher, Mark | Pavitt, Laurie |
Foot, Rt Hon Michael | Pike, Peter |
Forrester, John | Powell, Raymond (Ogmore) |
Foster, Derek | Prescott, John |
George, Bruce | Radice, Giles |
Gould, Bryan | Rees, Rt Hon M. (Leeds S) |
Gourlay, Harry | Robertson, George |
Hamilton, James (M'well N) | Robinson, G. (Coventry NW) |
Hamilton, W. W. (Central Fife) | Rogers, Allan |
Harman, Ms Harriet | Short, Ms Clare (Ladywood) |
Harrison, Rt Hon Walter | Short, Mrs R.(W'hampt'n NE) |
Hattersley, Rt Hon Roy | Skinner, Dennis |
Haynes, Frank | Smith, C.(Isl'ton S & F'bury) |
Hogg, N. (C'nauld & Kilsyth) | Snape, Peter |
Holland, Stuart (Vauxhall) | Soley, Clive |
Home Robertson, John | Spearing, Nigel |
Howell, Rt Hon D. (S'heath) | Steel, Rt Hon David |
Howells, Geraint | Stewart, Rt Hon D. (W Isles) |
Hughes, Robert (Aberdeen N) | Thomas, Dafydd (Merioneth) |
Hughes, Sean (Knowsley S) | Tinn, James |
Hughes, Simon (Southwark) | Wardell, Gareth (Gower) |
Janner, Hon Greville | Wareing, Robert |
Jones, Barry (Alyn & Deeside) | Welsh, Michael |
Kaufman, Rt Hon Gerald | Williams, Rt Hon A. |
Kennedy, Charles | Wilson, Gordon |
Kilroy-Silk, Robert | Winnick, David |
Kirkwood, Archibald | |
Lamond, James | Tellers for the Ayes: |
Leadbitter, Ted | Mr. John McWilliam and |
Leighton, Ronald | Mr. Don Dixon. |
Lewis, Ron (Carlisle) |
NOES | |
Adley, Robert | Budgen, Nick |
Alexander, Richard | Bulmer, Esmond |
Alison, Rt Hon Michael | Burt, Alistair |
Amess, David | Butterfill, John |
Arnold, Tom | Carlisle, John (N Luton) |
Ashby, David | Carlisle, Kenneth (Lincoln) |
Aspinwall, Jack | Carttiss, Michael |
Atkins, Rt Hon Sir H. | Chapman, Sydney |
Baker, Nicholas (N Dorset) | Clark, Sir W. (Croydon S) |
Baldry, Anthony | Clarke, Kenneth (Rushcliffe) |
Beaumont-Dark, Anthony | Cockeram, Eric |
Bellingham, Henry | Coombs, Simon |
Benyon, William | Cope, John |
Berry, Sir Anthony | Cormack, Patrick |
Bevan, David Gilroy | Couchman, James |
Biffen, Rt Hon John | Dorrell, Stephen |
Biggs-Davison, Sir John | Douglas-Hamilton, Lord J. |
Boscawen, Hon Robert | Dover, Denshore |
Bottom ley, Peter | Dunn, Robert |
Bowden, A. (Brighton K'to'n) | Durant, Tony |
Bowden, Gerald (Dulwich) | Dykes, Hugh |
Braine, Sir Bernard | Edwards, Rt Hon N. (P'broke) |
Bright, Graham | Eggar, Tim |
Brinton, Tim | Emery, Sir Peter |
Brittan, Rt Hon Leon | Evennett, David |
Brooke, Hon Peter | Eyre, Sir Reginald |
Brown, M. (Brigg & Cl'thpes) | Fairbairn, Nicholas |
Bruinvels, Peter | Fallon, Michael |
Buchanan-Smith, Rt Hon A. | Favell, Anthony |
Buck, Sir Antony | Fletcher, Alexander |
Fookes, Miss Janet | McCrindle, Robert |
Forsyth, Michael (Stirling) | McCurley, Mrs Anna |
Fox, Marcus | Macfarlane, Neil |
Fraser, Peter (Angus East) | MacGregor, John |
Freeman, Roger | MacKay, Andrew (Berkshire) |
Gale, Roger | MacKay, John (Argyll & Bute) |
Galley, Roy | Maclean, David John. |
Glyn, Dr Alan | McNair-Wilson, P. (New F'st) |
Goodhart, Sir Philip | McQuarrie, Albert |
Goodlad, Alastair | Major, John |
Gow, Ian | Malins, Humfrey |
Gower, Sir Raymond | Malone, Gerald |
Greenway, Harry | Maples, John |
Gregory, Conal | Marland, Paul |
Griffiths, E. (B'y St Edm'ds) | Marlow, Antony |
Griffiths, Peter (Portsm'th N) | Marshall, Michael (Arundel) |
Ground, Patrick | Mather, Carol |
Gummer, John Selwyn | Maude, Francis |
Hamilton, Hon A. (Epsom) | Mawhinney, Dr Brian |
Hampson, Dr Keith | Maxwell-Hyslop, Robin |
Hanley, Jeremy | Mellor, David |
Hargreaves, Kenneth | Merchant, Piers |
Harris, David | Meyer, Sir Anthony |
Harvey, Robert | Miller, Hal (B'grove) |
Hawkins, C. (High Peak) | Mills, lain (Meriden) |
Hawksley, Warren | Mills, Sir Peter (West Devon) |
Hayes, J. | Miscampbell, Norman |
Hayward, Robert | Mitchell, David (NW Hants) |
Heathcoat-Amory, David | Moate, Roger |
Henderson, Barry | Montgomery, Fergus |
Hickmet, Richard | Moore, John |
Higgins, Rt Hon Terence L. | Morrison, Hon P. (Chester) |
Hirst, Michael | Moynihan, Hon C. |
Holland, Sir Philip (Gedling) | Mudd, David |
Holt, Richard | Neale, Gerrard |
Howard, Michael | Needham, Richard |
Howarth, Alan (Stratf'd-on-A) | Nelson, Anthony |
Howarth, Gerald (Cannock) | Neubert, Michael |
Hubbard-Miles, Peter | Newton, Tony |
Hunt, David (Wirral) | Nicholls, Patrick |
Hunt, John (Ravensbourne) | Normanton, Tom |
Hunter, Andrew | Norris, Steven |
Jackson, Robert | Oppenheim, Philip |
Jenkin, Rt Hon Patrick | Ottaway, Richard |
Johnson-Smith, Sir Geoffrey | Patten, Christopher (Bath) |
Jones, Gwilym (Cardiff N) | Patten, John (Oxford) |
Jones, Robert (W Herts) | Pawsey, James |
Jopling, Rt Hon Michael | Peacock, Mrs Elizabeth |
Kellett-Bowman, Mrs Elaine | Percival, Rt Hon Sir Ian |
Key, Robert | Powell, William (Corby) |
King, Roger (B'ham N'field) | Powley, John |
Knight, Gregory (Derby N) | Proctor, K. Harvey |
Knight, Mrs Jill (Edgbaston) | Pym, Rt Hon Francis |
Knowles, Michael | Raffan, Keith |
Knox, David | Rathbone, Tim |
Latham, Michael | Renton, Tim |
Lawler, Geoffrey | Rhodes James, Robert |
Lee, John (Pendle) | Ridley, Rt Hon Nicholas |
Lennox-Boyd, Hon Mark | Rldsdale, Sir Julian |
Lester, Jim | Rifkind, Malcolm |
Lewis, Sir Kenneth (Stamf'd) | Rippon, Rt Hon Geoffrey |
Lightbown, David | Roe, Mrs Marion |
Lilley, Peter | Sainsbury, Hon Timothy |
Lloyd, Peter, (Fareham) | Shepherd, Colin (Hereford) |
Lord, Michael | Silvester, Fred |
Lyell, Nicholas | Skeet, T. H. H. |
Smith, Tim (Beaconsfield) | Waddington, David |
Soames, Hon Nicholas | Wakeham, Rt Hon John |
Spence, John | Watson, John |
Spicer, Michael (S Worcs) | Wells, Bowen (Hertford) |
Stanbrook, Ivor | Wells, John (Maidstone) |
Steen, Anthony | Whitney, Raymond |
Stevens, Lewis (Nuneaton) | Wiggin, Jerry |
Taylor, John (Solihull) | Wood, Timothy |
Tebbit, Rt Hon Norman | Woodcock, Michael |
Thomas, Rt Hon Peter | |
Thompson, Donald (Calder V) | Tellers for the Noes: |
Thompson, Patrick (N'ich N) | Mr. Ian Lang and |
Thorne, Neil (Ilford S) | Mr. Douglas Hogg. |
Thurnham, Peter |
§ Question accordingly negatived.
§ Bill committed to a Standing Committee pursuant to Standing Order No. 42 (Committal of Bills).
-
c110
- BUSINESS OF THE HOUSE 23 words c110
- DATA PROTECTION BILL [LORDS] [MONEY] 181 words
- WAYS AND MEANS
- Data Protection 54 words
-
c110