My Lords, I welcome the opportunity to speak in this Second Reading debate. It is always slightly daunting to follow the noble Lord, Lord Lucas. We were colleagues on the Digital Skills Committee a few years back, and he was pretty daunting on that too, being a great fund of knowledge
on this subject. I mention at the outset my interests as set out in the register, including as a trustee of the British Library and as a member of the parliamentary Intelligence and Security Committee in the last Parliament. I too welcome this important piece of legislation. I will be brief and confine myself to some general remarks.
There is no doubt that data, big data, data processing and data innovation are all absolutely essential ingredients in the digital revolution which is changing the world around us. However, as we have discussed in debates in this House, advances in technology inevitably risk outstripping our capacity to think through some of the social, ethical and regulatory challenges posed by these advances. This is probably true of questions of data protection.
The last key legislation, the Data Protection Act 1998, was ground-breaking in its time. But it was designed in a different age, when the internet was in its infancy, smartphones did not exist and the digital universe was microscopic compared to today. As the Government have said, we desperately need a regulatory framework which is comprehensive and fit for purpose for the present digital age.
As has been mentioned by other noble Lords, the Bill is also necessary to ensure that our legislation is compatible with the GDPR, which comes into force next year. It is absolutely clear that however Brexit unfolds, our ability to retain an accepted common regulatory framework for handling data is essential; the ability to move data across borders is central to our trading future. I was much struck by the lucid explanation given by the noble Lord, Lord Jay, of some of the challenges which lie ahead in achieving this goal of a common regulatory framework for the future.
The Bill before us is undoubtedly a major advance on our earlier legislation. It is inevitably complex, and as today’s debate makes absolutely clear, there are areas which this House will wish to scrutinise carefully and in depth, including issues of consent and the new rights such as the right to be forgotten and to know when personal data has been hacked, and so on. The two areas which will be of particular interest to me as a member of the board of the British Library and as a member of the Intelligence and Security Committee in the last Parliament will be, first and foremost, archiving in the public interest, and secondly, Part 4, on data processing by the intelligence services.
In order to support archiving activities, as was made clear in the British Library’s submission during the DCMS consultation earlier this year, it is essential that this legislation provide a strong and robust legal basis to support public and private organisations which are undertaking archiving in the public interest. As I understand it, this new legislation confirms the exemptions currently available in the UK Data Protection Act 1998: safeguarding data processing necessary for archiving purposes in the public interest and archiving for scientific, historical and statistical purposes. This is welcome, but there may perhaps be issues around definitions of who and what is covered by the phrase “archiving in the public interest”. I look forward to further discussion and, hopefully, further reassurances on whether the
work of public archiving institutions such as our libraries and museums is adequately safeguarded in the Bill.
On Part 4, data processing by the intelligence services does not fall within scope of the GDPR, and this part of the Bill provides a regime based on the Council of Europe’s modernised—but not yet finally agreed—Convention 108. The intelligence services already comply with data-handling obligations within the regulatory structures found in a range of existing legislation. This includes the Investigatory Powers Act 2016, which, as was debated in this Chamber this time last year, creates a number of new offences if agencies wrongly disclose data using the powers in that Act.
The new Bill seeks to replicate the approach of the Data Protection Act 1998, whereby there have been well-established exemptions to safeguard national security. It is obviously vital that the intelligence services be able to continue to operate effectively at home and with our European and other partners, and I look forward to our further discussion during the passage of the Bill on whether this draft legislation gives the intelligence services the safeguards they require to operate effectively.
In sum, this is a most important piece of legislation. If, as the noble Baroness, Lady Lane-Fox, suggests, we can set the bar high, it will be a most significant step forward. First, it will redefine the crucial balance between, on the one hand, the freedom to grasp the extraordinary opportunities offered by the new data world we are in and, on the other, the need to protect sensitive personal data. Secondly, and very importantly, it will put the United Kingdom at the forefront of wider efforts to regulate sensibly and pragmatically the digital revolution which is changing the way we run our lives.
7.50 pm