Whilst the Information Commissioner is independent from the Government, a part of his role is to comment on any proposed amendments to the data protection framework.
When the DPDIB was introduced in March 2023, the Information Commissioner initially commented in June 2023 (our previous blogs on the DPDIB can be found at the bottom of this article). The DPDIB has been through the House of Commons Committee Stage and subsequently, the Government has introduced a raft of new proposals/additions. The Information Commissioner has now published his comments on the most recent amendments. In the main, the Information Commissioner is supportive of the new changes. In particular, he provides his express support for:
- “Further changes to safeguard the independence of the ICO; namely removing the Secretary of State approval over statutory ICO codes of practice.
- Changes to allow my office to serve information, enforcement and penalty notices electronically.
- The provision that it is only processing that is ‘necessary’ for the purposes of the assessment or collection of tax that can be assumed to be compatible by virtue of the new Schedule of ‘processing to be treated as compatible with original purpose’.
- The amendment to clarify that, when responding to subject access requests, organisations need only conduct reasonable and proportionate searches which reflects the ICO’s current position and
- The extension of the reporting period for personal data breaches under PECR from 24 to 72 hours, to align with UK GDPR.”
The Information Commissioner does raise some concerns with the new proposals expanding the current powers of the Department for Work and Pensions to require further information from third parties in the event benefit fraud is suspected. The proposed legislation, if passed as currently drafted, will allow the Government to require third parties such as financial institutions to provide information about individuals’ financial positions with a view to identifying benefit fraud. The intention is to assist the Government in tackling the estimated £8 billion per year of benefit fraud.
The Information Commissioner has raised the concerns with the power set out below.
- He is concerned that the wording as drafted would allow the Government to obtain access to a wide range of information. He has suggested that the power should be limited to allow the provision of information sufficient only to warrant further investigation.
- He is concerned that the legislation as drafted does not specify which organisations will be subject to the requirement to provide information and suggests that these should be specified.
- He is concerned that the limits on how the data obtained using this power are not sufficiently clear and appear too wide for the purpose identified.
Comment
The DPDIB will now undergo further scrutiny in the House of Commons before going to the House of Lords. What is clear is that there does not appear to be any sign that the Government will withdraw the DPDIB (although there is a general election later in the year so nothing is guaranteed).
How can we help
Kevin Modiri is a Partner in our expert Dispute Resolution team, specialising in commercial disputes, insolvency, inheritance disputes, data breach claims and defamation claims.
If you have any questions concerning the subjects discussed in this article, please do not hesitate to contact Kevin or another member of the team in Derby, Leicester, or Nottingham on 0800 024 1976 or via our online enquiry form.
Contact us