Data Protection Bill The UK government wants to grant the Information Commissioner power to demand that data controllers and processors hand over information in just 24 hours – instead of a week – and plan to make destruction of such information an offence.
The data protection watchdog hit the headlines when the Cambridge Analytica scandal broke – but her apparent inability to get speedy access to the firm's offices added a tinge of public embarrassment to the proceedings.
The changes, tabled by digital secretary Matt Hancock, include cutting the time limits set out for urgent cases from a week to a day.
At the moment, the commissioner can request that a data controller or processor hands over information that she might reasonably require to carry out her various roles, as long as she says why she needs it.
In cases where there is an urgent need (which she has to explain), the Bill as it stands says she can demand this happens within seven days. Under the proposed change, this would fall to 24 hours.
The government has also proposed making it an offence for a person to "destroy or otherwise dispose of, conceal, block or (where relevant) falsify all or part of the information, document, equipment or material" – or for someone to permit this to happen.
This follows public derision and speculation that the time it took the ICO to gain access to Cambridge Analytica's offices gave the firm too much time to prepare for the raid.
A further amendment, tabled by eight members of the Digital, Culture, Media and Sport committee – whose probe into fake news has morphed into one about the Facebook data harvest – aims to clarify that under the new legislation a judge can issue a warrant to enter premises without the commissioner having given prior notice to the data controller, data processor or occupier of premises.
Amendments take aim at immigration exemption, NHS data sharing
Elsewhere in the amendments for discussion at the report stage – the date for which has yet to be set – is a request from 14 Labour and Lib Dem MPs that the so-called immigration exemption be scrapped.
The controversial clause, which has been unsuccessfully challenged by peers and MPs in the committee stage, would bring in a broad exemption removing a person's rights as a data subject – their ability to access information or ask how it is being used – if satisfying them would prejudice "effective immigration control".
It's possible, though, that the government will be under greater pressure to drop it this time around, given the intense scrutiny of its "hostile environment" policies off the back of the ongoing Windrush scandal.
Meanwhile, 13 MPs – including health committee chair and former GP Conservative Sarah Wollaston, Lib Dem science and tech committee chair Norman Lamb, and shadow minister for mental health Luciana Berger – have put their names to an amendment on the exchange of health data.
They call for updates to sections of the Health and Social Care Act and the National Health Service Act to prevent the use of personal data held by the NHS from being disclosed for the purposes of investigating any criminal offence that isn't serious.
An explanatory statement noted that this is consistent with both the NHS Code of Confidentiality and GMC guidance on confidentiality, and made a pointed reference to an ongoing battle over NHS Digital sharing non-clinical information with the Home Office for immigration offences.
"It would also mean that any such disclosure could only be made to the police, and not, for example, to Home Office immigration enforcement officials," the statement said.
Wollaston's health committee has been leading a charge against this data sharing, and the amendment will at the very least allow her to move the debate out of committee corridor. ®