I am grateful for that reminder.
There has been an awful lot of consultation around this. In many ways, this is a model: it has taken about two years of open, public policy-making. The codes were in place in draft while the Act went through Parliament, so parliamentarians of both Houses were able to discuss the codes. They have been amended as a result of that and made clearer, and we have also put in some increased transparency and some review mechanisms. They were consulted on again after the Act was passed: we had a formal consultation again on the codes that are with us today. That included organisations that might have thought to have worried about it, such as privacy groups, so a lot of stakeholders were involved in that.
Coming eventually to the noble Lord, Lord Clement-Jones, his speech was based on a briefing by the only organisation, I think, which had any worries about this. The overwhelming majority of stakeholders that were involved in the consultation were very supportive of these codes.
The noble Lord asked about the statistical methodology. I cannot remember exactly what it was, but I will write to the noble Lord.
The noble Lord, Lord Griffiths, also asked how we will keep track of all this. Of course, there will be a register in place, open and fully searchable by the public. The Information Commissioner has a power of audit, which will be used to keep track of all the data that is shared, and the audit logs will be kept for all data shared under the powers.
The noble Lord talked about transparency: how are we going to monitor and track the impact of this data sharing? Review boards will be established to oversee any non-devolved and England-only information sharing pilots that are set up, and there will also be a review board to advise Ministers and make recommendations on the establishment of new objectives, if there are any. The membership of those review boards will come from across the various data holding departments, as well as the ICO and representatives of civil society. Lastly, the ICO has said that she will carry out an independent review of all the Part 5 powers in two to three years.
7.45 pm
Coming to the noble Lord, Lord Clement-Jones, the organisation I referred to that his speech came from is an organisation concerned with healthcare data. I remind noble Lords that, of course, nothing in these regulations today has anything to do with healthcare data: it was explicitly excluded from consideration in the Digital Economy Act. Nevertheless, it has used its worry about this to suggest that we should delay the implementation of these codes. As I said right at the beginning, the reason we do not want to wait, which the noble Lord, Lord Griffiths, mentioned, is that we want to use these powers to help people. I mentioned that we had consulted on them.
The noble Lord had a specific question on how the codes of practice can be compliant with the latest standard of best practice for information sharing under the Data Science Ethical Framework when we published a new set of data ethical standards under the new name Data Ethics Framework on 13 June. The codes’ requirement that users refer to the Data Ethics Framework is not affected by the Government issuing a revision to that framework. We always said that that framework would be changed, and it really is misconceived to say that the drafts should be withdrawn. The same team in DCMS has led the appropriation of the Data Ethics Framework and the co-ordination and drafting of the codes’ practice, and therefore they are drafted to be consistent with the best practice set out in the Data Ethics Framework. So when the Secondary Legislation Scrutiny Committee asked whether the codes are consistent with best practice, yes, they are. The new best practice did indeed come a month after the codes were laid, a day or two after the committee’s report, but they absolutely were consistent and they still are.
To be clear, they were designed to be regularly updated. It is a complete red herring that the name has been changed. The second framework, published on 13 June, was borne in mind when these codes were developed. It builds on the first version, which was widely used. The codes of practice provide details to practitioners on how the data-sharing powers under the Digital Economy Act 2017 must be operated and, by signposting the Data Ethics Framework in the codes, the intention is to augment their impact and help stimulate innovative and responsible use of data.
The other question is whether the legislation requires that these codes of practice must be consistent with the ICO’s Data Sharing Code of Practice. It is true that the ICO has not yet published its new code under the Data Protection Act. The codes are consistent, in the same way as I said about the other one: the same people are dealing with it. We have liaised with the Information Commissioner the whole way along and there is no significance in the fact that the code has not been published yet: when it is published, if by some chance anything in the codes were rendered inconsistent, there is a transitional provision in the Data Protection Act which renders ineffective any part of the code that has thereby become inconsistent. That was deliberately put into the Data Protection Act 2018. We are saying that information sharing under the Digital Economy Act 2017 can lawfully take place before the new ICO code is issued and that during any such period, there will be no ICO code for that Act’s codes to be consistent with. However, in practice those codes have been prepared in collaboration with the ICO, so I can confirm to the noble Lord, Lord Clement-Jones, that that is the case.
Once the ICO is at an advanced stage of developing its new code, we will work with it again to review whether there are any inconsistencies. We would work towards revising our codes if necessary, but we have been working closely with that office, as I said, on the development of codes. As a result, we do not expect to see any significant inconsistencies with its new code when it is prepared.
I may not have been completely clear: the transitional arrangements in the Data Protection Act 2018 ensure that, when the new ICO code is issued, the Digital Economy Act codes will be consistent with it both in the short and the long term. It does this by disapplying any provisions in the Digital Economy Act 2017 codes that are inconsistent with the new ICO codes. We can then make sure that they are consistent, if that were necessary, but the ICO has said that it was pleased to see that the codes of practice referenced new data protection legislation and are consistent with its guidance.
The noble Lord, Lord Clement-Jones, asked whether we will therefore withdraw the codes. For the reasons I have set out, we want to help people who are in vulnerable situations. Subject to your Lordships’ agreement and that of the other place, we do not intend to withdraw the codes.