My Lords, it is disappointing that the procedures of your Lordships’ House effectively precluded us from voting on this SI. When we debated the draft in Grand Committee, we said that we would table a regret Motion but the Government were, of course, aware of the 31 January deadline for producing a measure in response to the Court of Appeal and apparently there was no time for a regret Motion and the usual channels arranged for this take-note Motion.
The Government are obviously proper in complying with the court order in the timing, if not the content, but Parliament should have seen the draft SI earlier, had an opportunity not only to scrutinise it but to debate what it took from that scrutiny and to vote on it. I have drawn this to the attention of the chair of the Secondary Legislation Scrutiny Committee, given that committee’s and the Delegated Powers and Regulatory Reform Committee’s focus at the moment on procedures.
We are all aware of the deficiencies when we deal with secondary legislation. We knew that we would not win a vote in the Chamber because the Labour spokesman in Grand Committee supported the regulations, although we were grateful that he agreed with much of what we said during that debate. We wanted again to put our
opposition on record. I thank the Minister for her explanation of the SI during that debate and I will try not to repeat too much of what was said then but will focus on the Minister’s remarks.
The Court of Appeal required the Government to amend the Data Protection Act to remedy its incompatibility with retained EU law so that it satisfies requirements of Article 23(2) of the UK GDPR. The declaration was suspended until today to provide a reasonable time to do so. That judgment was, I think, in October so they have had plenty of time. Although this is an SI amending the Act, it does not achieve that objective. The Secretary of State must have regard under the SI to the “immigration exemption policy document” and a draft IEPD was published at the same time as the draft SI.
That policy document can be amended. It can be replaced. It is not primary legislation. It is not secondary legislation. It is not legislation at all. It is not even unamendable legislation—secondary legislation cannot be amended. It is not a “legislative measure” within the terms of Article 23(2) which the Court of Appeal described as “remarkably specific”. It is not “part and parcel” of the legislation. It is not even a code of practice or a codification of safeguards; it is simply a policy document. Parliament cannot carry out a scrutiny function in which the outcome may, in theory, be changed even if we know the realities of dealing with secondary legislation. Parliament can play no meaningful part.
In Grand Committee, I asked the Minister how the policy document builds on previous arrangements, as it appears simply to repeat existing safeguards, and also for details of the Government’s consultation with interested parties and how the issues raised in consultation have been dealt with. I am grateful to her for the letter I received this afternoon, by email, in response to this—she said she would let me have the detail if it was not data protected. I am glad to note that some points were taken on board—but not all, quite clearly, because those with whom she consulted were those who brought the case to court. She said that
“the Department published the IEPD in draft form alongside the draft Regulations on the 10th December … enabling stakeholders the opportunity to consider its contents and to comment accordingly.”
Given that this policy document is central to the arrangements, I am surprised that not publishing it could ever have been thought to be an option.
In response to my question in Grand Committee, as to how one should challenge the Home Office if one does not know what it knows, or thinks it knows, to rectify errors—how would you rectify errors if you do not know that there are errors?—the Minister said that the exemption did not restrict the right to seek rectification of inaccurate data. That does not answer the question; it merely makes that question even more important. She also said that the exemption could not be used to prevent a person establishing a legal claim—which also begs the question.
It is not in contention that this data is very significant. Lord Justice Warby said the exemption
“plays a significant role in practice as a brake on access to personal data”—
one’s own data. He referred to Home Office evidence that the exemption was relied on in 59% of responses during the period in question, and that the exemption was available in a wide range of cases. The Minister in Grand Committee made much of how limited its use is and that only the minimum is redacted—only small parts of documents that contain sensitive data that could affect operations. So, I have a request and suggestion that the Home Office, in the current version of the policy document, in paragraph nine, which is a checklist for users—that is, caseworkers—should add to the list that there should be the minimum redaction. That may be implied by other parts of the document, but what caseworkers consider is crucial, and paragraph nine is what they will go to. Can the point that she made, and on which she relied, about the minimum redaction not be spelled out clearly in the checklist? I support my noble friend.