Battle lines have been drawn by the Information Commissioner’s Office and the Joint Committee on Human Rights on the debate over the Government’s Data Protection bill.
Open Rights Group have delivered briefings to Peers on its core campaigning points, including:
supporting stronger powers for representation of data subjects; and
raising concerns about the hazardous immigration exemptions alongside the3million, the campaigning organisation representing EU citizens living in the United Kingdom.
Both topics are also included in the briefings from the Information Commissioner’s Office and the Deputy Counsel note to the Joint Select Committee on Human Rights. These arrive as Report Stage on the Data Protection Bill begins on Monday 11 December, continues on Wednesday 13 December, and finally finishing in early 2018 on the 10 January.
The Information Commissioner’s Office (ICO) is the independent body that enforces the data protection law of the UK. Their views on the proposed Bill gives us a practical insight into their effects and should considered carefully by the Government.
The Joint Committee on Human Rights are a committee made up of representatives from both the House of Commons and House of Lords. Their role includes scrutinising every Government Bill for its compatibility with human rights. The Deputy Counsel’s note that is referred to here is from the lawyer that provides specialist legal advice to the committee on what human rights implications may be raised by a Government bill.
Immigration Exemptions need to go
The Government have introduced an exemption into the Data Protection Bill that would remove the rights of individuals subject to an immigration procedure to discover what personal data companies and public authorities hold on them.
The exemption if allowed to pass would set aside fundamental rights such as individuals access to personal data about them, the right to erasure, and the right to rectification, among others. With mistakes commonplace in immigration procedures, it is vital the law retains the power for individuals to hold to account those who collect and process personal data in immigration procedures.
The Information Commissioner’s Office shares Open Rights Group’s concerns about the exemptions which in effect remove accountability:
“The majority of data protection complaints to the Information Commissioner about the Home Office relate to requests for access to personal data to UK Visas and Immigration….If the exemption is applied, individuals will not be able to access their personal data to identify any actual inaccuracies and it will mean that the system lacks transparency and is fundamentally unfair.”
The exemption found in Schedule 2 Part 4 of the Bill is much broader than just data held by the Home Office, covering any organisation processing information that is used in relation to immigration controls. The current immigration regime extends the responsibility to control immigration to schools, GPs, hospitals, landlords, employers and even the DVLA.
The Government maintained that the exemption “emphatically does not set aside the whole of the GDPR”.
Open Rights Group argues it emphatically does.
The note from the Deputy Counsel suggested to the Committee that they should consider “why this exemption is “necessary in a democratic society””, which is one of the legal tests for whether an interference with a fundamental human right is actually a violation.
The counsel’s note also raises concerns about the discriminatory nature of the exemption, based on the nationality of individuals, such as the 3 million EU citizens currently living in the United Kingdom. The potential scope for discrimination is why Open Rights Group worked with the3million to raise shared concerns with Peers.
Representation of data subjects
Open Rights Group have been campaigning since the Bill arrived in the House of Lords for the power to be given to not for profit bodies to represent data subjects without having an affected member of the public instruct them.
The Government do not want to incorporate the optional power. The Government suggested in the debate during Committee stage that the public were already capable of exercising their powers, citing a recent case brought by 5,000 data subjects. The Government failed to mention that the claim was actually brought by the former Executive Director of consumer rights organisation Which?. This isn’t the spontaneous popular organisation of members of the public the Government’s comments in debate would lead people to believe.
The Information Commissioner’s Office agrees with Open Rights Group on the need for 80(2) to be adopted:
“...there are circumstances where data subjects may not necessarily be aware of what data about them is held by organisations, and more importantly what is being done with it. In such instances data subjects could not be expected to know whether and how they could exercise their rights under data protection law…. This point is of particular importance where young and vulnerable data subjects are involved - these groups are less likely to have the means and capability to exercise their rights on their own behalf.”
This support for 80(2) from the Commissioner is welcome. The note from the Deputy Counsel to the Joint Committee on Human Rights raises representation of data subjects too suggesting “the Government’s omission of 80(2) may diminish the protection of privacy rights”.
With these briefings from the ICO and the Deputy Counsel to the Joint Committee on Human Rights, battle lines already drawn by civil society have now been deepened and fortified. The Government can no longer continue to dismiss these concerns out of hand.