Last month, the Government responded to the report by the Delegated Powers and Regulatory Reform Committee on the Digital Economy Bill. They showed they heard some of the Committee’s criticism on data sharing provisions and they intend to amend the Bill to reflect their recommendations. Unfortunately, the Government’s intentions will not fix everything.
ORG previously called to limit powers given to Ministers and to put constraints on unlimited bulk sharing of civil registration data. We advocated for codes of practice to be made statutory and legally enforceable and to boost privacy safeguards and put them on the face of the Bill.
The Government’s response touched upon several of our concerns.
Narrow definitions of specified persons, and who gets access to data on fuel poverty
We particularly welcome the Government’s commitment to specify the list of persons who may disclose and receive information for public service delivery and debt and fraud related to public sector on the face of the Bill. This will take away the power from Ministers and the process of specifying persons entitled to participate in data sharing will be more transparent.
The Government further said they will amend the Bill to narrow down the list of fuel poverty schemes and persons that have access to the data. They plan to introduce a similar amendment to address water poverty schemes.
Close ties between functions and objectives
The response also addressed specifying of data sharing objectives for public service delivery. The Government pledged to introduce an amendment that will require a specific public authority to only share data for purposes which are correspondingly in line with its functions.
Statutory codes of practice
The Committee’s report put a lot of pressure on making codes of practice statutory and it appears that the Government found their criticism justified. They agreed to subject the codes of practice to an affirmative procedure. This means both Houses must approve the Statutory Instrument before it becomes law. It is particularly necessary to give these statutory force as the safeguards are contained in the codes and not on the face of the Bill.
Henry VIII powers removed
After the Committee criticised the use of the so-called Henry VIII powers, the Government decided to drop them completely from the Bill. These powers would allow the Government to amend or repeal the Bill after it has become an Act of Parliament. This means that Ministers could make changes to Chapter 1 on Public Service Delivery by subordinate legislation with or without further parliamentary scrutiny.
The poor wording of the Henry VIII clause in the Bill could have easily resulted in expanding the data sharing powers without any accountability after the Bill passes in both Houses of Parliament.
All of these changes are welcomed and needed but they don’t plug all the holes in Part 5 on data sharing.
Review only for fraud and debt powers
The Bill includes provisions on amending and repealing the chapters on debt and fraud after a review. Following the report, the Government decided to narrow the power to amend. It will prevent Ministers from broadening the debt and fraud powers or removing any safeguards from the Bill.
This is a sensible requirement that should be applied to all the powers in Part 5, not just debt and fraud powers. Applying reviews to all powers and limiting powers to amend and repeal will increase transparency of data sharing and prevent unjustified onward disclosure of data to other public authorities.
No exclusion of punitive objectives
The new Government amendment tying together objectives for data sharing with functions of public authorities still raises issues. The Bill only states that the objective of data sharing should be for the benefit of an individual or a household regarding public service delivery. Other powers in Part 5 (disclosure for debt and civil registration reasons and sharing with electricity and gas suppliers) don’t have the requirement to be of benefit.
The functions of a public authority could include enforcement - if they do, objectives for data sharing could be of punitive nature. The Government should clearly state that the relevant powers in Part 5 are only to benefit individuals, not to punish them.
Dehybridisation clauses remain
The Bill includes provisions stating that provisions on sharing data for the purposes of public service delivery should not be regarded as hybrid instruments. A Hybrid Instrument is a piece of legislation that disproportionately affects a particular group of people within a class.
Part 5 of the Bill could have disproportionate effects, for example, on people in fuel poverty. Hybrid instrument procedure would give them an opportunity to present their arguments against the Bill to the House of Lords Hybrid Instruments Committee and then, possibly, to a select committee deciding whether or not the legislation should be approved by both Houses.
The Committee’s report highlighted this issue and suggested to consider further safeguards to be put on the face of the Bill if this provision is to remain in the Bill. The Government’s response does not address the clauses on hybrid instruments.
Bulk sharing of civil registration data untouched
Neither the Committee, nor the Government made any comments on unconstrained sharing of bulk civil registration data. Chapter 2 provides for the sharing of civil registration for any public body's functions without restrictions. The power is intended for bulk data sharing of the full civil register across government but this power hasn’t been sufficiently justified by the Government.
Ministers have presented this chapter as a way of improving electronic government transactions by avoiding the need for paper certificates to be circulated, but it appears to be more about convenience for administrators instead of a clear social purpose.
The Bill doesn’t require consent from the data subject to share their civil registration data. It is also unclear how these large databases will be stored and if at all encrypted. The Government said they have no intention to share the information with private companies but they did not provide a guarantee that they won’t do so in the future.
The power shouldn’t be part of the Bill without appropriate guarantees and safeguards.