Serious Crime Bill [HL]

moved Amendment No. 110: 110: After Clause 64 , insert the following new Clause— ““Functions of the Secretary of State as to sharing of information (1) The Secretary of State has the following specific functions in respect of the sharing of information— (a) to draw up and disseminate to the public bodies and other organisations to whom this section applies guidance as to the sharing of information between and amongst themselves; (b) to draw up and disseminate to the public bodies and other organisations to whom this section applies guidance as to the circumstances in which it is appropriate for those organisations to share information between and amongst themselves; (c) to maintain under review the guidance set out in paragraphs (a) and (b). (2) In drawing up the guidance set out at subsection (1)(a) and (b), and in reviewing such guidance under subsection (1)(c), the Secretary of State shall consult with the Information Commissioner. (3) The guidance under subsection (1)(a) and (b) shall in particular, but not exclusively, make provision— (a) as to the nature of the information that may be shared; (b) as to procedures designed to ensure the accuracy and security of information shared; (c) as to procedures designed to ensure, where appropriate, the co-ordination of the sharing of information between and amongst the public bodies and other organisations; (d) as to procedures designed to govern the circumstancesin which information can be lawfully shared notwithstanding any rule of law which prohibits or restricts the disclosure of information; (e) as to procedures designed for circumstances where, notwithstanding the second data protection principle, data is intended to be lawfully shared or processed beyond the purpose of its original collection; (f) as to procedures designed to guarantee, as appropriate, the rights of data subjects in respect of any information about them that may be shared; (g) as to procedures designed to govern the period for which it is appropriate that information should be shared and to ensure appropriate deletion of any information shared. (4) This section applies to public authorities and any anti-fraud organisations specified under section 61 and any agencies, companies or individuals who may be contracted to work for them or to supply goods and services to them. (5) The information for which provision is made under this section includes all information disclosed under section 61 above. (6) The Secretary of State may by regulations subject to affirmative resolutions in each House of Parliament, proscribe and penalise contravention of any guidance under this section as to the collection, sharing, use, holding and disclosure of information.”” The noble Earl said: The amendment’s purpose is straightforward—that the Secretary of State draw up a statutory code of practice in respect of the Bill’s information disclosure provisions with the intention that it be enforceable in law. In so doing, it goes rather wider than my noble friend Lady Anelay’s proposition in Amendment No. 103, which we debated last week. As has already been observed, there is a sense of déjà vu here. Indeed, I suspect that the Minister finds my persistence with this somewhat tiresome. Nevertheless, I begin by agreeing with my noble friend Lord Lucas in his observation at Second Reading that there is, "““no good argument before the event for preventing these sorts of activities””.—[Official Report, 7/2/07; col. 746.]" By that he means to say, information sharing. I acknowledge absolutely that such IT processes can be of considerable utility in combating fraud. What matters, therefore, is that any such regime must be properly accountable and transparent. The Government argue that adequate accountability and transparency is afforded by the terms of the Data Protection and Human Rights Acts. However, the noble Lord, Lord Thomas of Gresford, clearly disagrees. At Second Reading he suggested: "““The Data Protection Act is given lip service in the Bill and is then circumvented … Confidentiality is overridden, the Data Protection Act is overridden, no general code is proposed to govern the arrangements and the circumstances in which the disclosure is to be made are not to be limited in any way””.—[Official Report, 7/2/07; col. 739.]" Clearly there are manifest difficulties of interpretation here, not only in terms of the extent to which the DPA may or may not apply to the provisions but also in terms of whether the powers being sought are proportionate. The Minister graciously hinted as much in her recognition at Second Reading that the Government must ensure that, "““the arrangements are transparent and command public confidence, are proportionate and are subject to periodic review””.—[Official Report, 7/2/07; col. 732.]" For my part I accept that, as the Minister suggested last week, our respective positions are not that far apart. I also acknowledge that, on strict interpretation, the Government could merely rely on codes of practice from the Information Commissioner, the Audit Commission and so on as appropriate safeguards. Indeed, in respect of the generality of data protection, I acceded, albeit with some reservations, to this flexibility when the House scrutinised the DPA nearly 10 years ago. This defines a major part of the problem. For all the technological neutrality of the DPA, IT has developed exponentially since its enactment. Its processes are so much more pervasive and powerful, particularly within government, than any of us anticipated as we wrestled with these issues in 1998. At least in part, Lord Williams of Mostyn, whose wise counsel in this and many other matters we all miss, recognised this in suggesting: "““If one has the possibility of data matching, one looks at that with a degree of anxiety””.—[Official Report, 25/2/1998; col. CWH129.]" Today that anxiety is given particularly sharp focus as a result of the Information Commissioner’s recognition last November that his fears that the UK would, "““sleep-walk into a surveillance society””," have become a reality. This reality encompasses a situation where, according to a report commissioned by the Information Commissioner: "““Most profoundly, all of today’s surveillance processes and practices bespeak a world where we know we’re not really trusted””." As he himself has stated, this begs the question where the line between increased surveillance and appropriate safeguards should be drawn. Moreover, the debate about this, and any decisions that may result, should properly belong to wider society, including Parliament, rather than residing exclusively in the hands of the Executive. Consequently, there is a wholly legitimate case for arguing that the provisions of this Bill should be subject to a greater level of accountability and transparency than that proposed by the Government. Indeed, this becomes especially important in the context of the Minister’s observation at Second Reading that: "““The data-sharing provisions in the Bill are … very much about providing the mechanisms. They do not go to the nature of the data sharing itself. That is for later, at the implementation stage””.—[Official Report, 7/2/07; col. 732.]" In effect, the Home Office deems the practical operation of the Bill’s provisions to be somewhat outwith its drafting. By implication there is a question mark in the Government’s own mind about the Bill’s compliance with the DPA. Surely, it is more appropriate to ensure that the source legislation—this Bill—guarantees that the data-sharing regime envisaged is fully compliant. The Government should recognise that there is an over-arching and more fundamental reason why the amendment, or something like it, is desirable. For manifestly obvious reasons the Government are the most extensive collector and holder of data about the individual. This fact imposes a heavy and inescapable responsibility on the state, especially given the way in which justifiable concern about the encroachment of the ““database state”” has grown substantially in recent years. There is increasing scepticism and distrust of the Government’s capacity to administer and manage our individual data proportionately and fairly. The recent question about the collection of children’s biometric data and the decision of the Home Affairs Select Committee of another place to investigate the ““surveillance society”” are illustrations of the point. Bizarrely, therefore, just when there is an urgent requirement to strengthen data protection, the Government appear to be weakening it substantially. Indeed, if trust and confidence in our political process are to be reinvigorated, the state is under an obligation to ensure that data management regimes within the public sector are as robust as possible—in fact, even more robust than is the case generally. Evidently, the proposed new clause is aimed at fulfilling this obligation. But more than this, it also seeks to offer the ““general code”” called for by the noble Lord, Lord Thomas of Gresford, as well as, in line with the wishes of the Minister, "““to ensure that the arrangements are transparent and command public confidence, are proportionate and are subject to periodic review””.—[Official Report, 7/2/07; col. 732.]" The report commissioned by the Information Commissioner, to which I referred, argues that—and this is a very significant sentence from that report: "““Social relationships depend on trust and permitting ourselves to undermine [data protection] seems like slow social suicide””." I am certain that the Government are antipathetic to that prospect. I beg to move.