Out-Law News 2 min. read
18 Jan 2018, 10:20 am
In a debate in the House of Lords, Lord Ashton of Hyde defended provisions of the draft Data Protection Bill which would give the government the power to issue a new 'framework' for the processing of personal data by government departments and other public bodies and require the Information Commissioner's Office (ICO) to consider that framework when performing its regulatory duties.
The ICO raised concerns about the provisions last month. It said that the provision "runs a real risk of creating the impression that the commissioner will not enjoy the full independence of action and freedom from external influence when deciding how to exercise her full range of functions" as is required under the EU's General Data Protection Regulation (GDPR).
The GDPR will apply from 25 May 2018. The legislation will have direct effect in each EU country. In the UK, a new Data Protection Bill has been proposed to supplement the GDPR.
Lord Ashton, parliamentary under-secretary of state at the Department for Digital, Culture, Media and Sport, said any new government framework on data processing developed under the new powers in the Bill should be viewed as equivalent to sector-specific data protection guidance that applies in other areas of the UK economy.
"Inherent in the execution of the government’s functions is a requirement to process significant volumes of personal data, whether in issuing a passport or providing information on vulnerable persons to the social services departments of local authorities," Lord Ashton said. "The government recognise the strong public interest in understanding better how they process that data. The framework is therefore intended to set out the principles and processes that the government must have regard to when processing personal data. Government departments will be required to have regard to the framework when processing personal data."
"This is not a novel concept. Across the country, organisations and businesses produce guidance on data processing that addresses the specific circumstances relevant to them or the sector in which they operate. This sector, or organisation-specific guidance, coexists with the overarching guidance provided by the information commissioner. This framework adopts a similar approach; it is the government producing guidance on their own processing of data," he said.
Lord Ashton said the government would work with the information commissioner to ensure that any new framework on data processing that the government might produce "complements the commissioner’s high-level national guidance ".
The minister said that the potential government guidance is referred to as a 'framework' in the draft Bill so as to differentiate the document from 'codes of practice' which the ICO has the power to develop. "It is purely a question of naming conventions – nothing significant at all," he told peers.
"The government’s view is that the framework will serve to further improve the transparency and clarity of existing government data processing," Lord Ashton said. "The government can and should lead by example on data protection."
"The…framework will set out principles for the specific context of data processing by government. It will…complement rather than supplant the commissioner’s statutory codes of practice and guidance, which will, by necessity, be high level and general as they will apply to any number of sectors and organisations," he said.