I am very grateful for that invitation but before I get to the amendment tabled by the noble Lord, Lord Foulkes, I support what the noble Baroness, Lady McIntosh, has said in support of Amendment 16 about the need for
“reciprocal arrangements with other jurisdictions, including individual Member States of the European Union, for those with UK qualifications”.
This amendment is of particular interest to the legal professions in this country, in view of the achievements that were made right across the board in all three jurisdictions—Northern Ireland, Scotland and England and Wales—in that respect while we were in the EU.
I am quite sure that the professions do not want to lose the benefit which those arrangements were able to achieve. There is a gap here that the trade and co-operation agreement with the EU has left unfilled. Amendment 16 goes some way to addressing and filling the gap in the interests of those who would like to benefit from the kind of arrangements we previously had under the European Union.
Coming to Amendment 47 in the name of noble Lord, Lord Foulkes, it seeks to clarify the provision in Clause 9(4) about the risk that the duty of a regulator to provide information may contravene the data protection legislation. The same point arises in Clause 10(7), which is the subject of another amendment by the noble Lord, Amendment 50. Unfortunately, it is not in this group but will arise later on. Perhaps one is addressing the same point this evening. It also arises in regard to Clause 7(5), which raises exactly the same point. The Minister will appreciate that one is dealing here with a duty to disclose information. It begs the questions: first, does it breach any restriction under rules or contract, for example, or, secondly, does it breach the data protection legislation?
Concentrating on Clause 9, its structure is really quite interesting because it provides the duty in its subsection (2). It is a duty to provide
“any information … that is held by the first regulator … that relates to the individual”
and
“that … is requested by the second regulator.”
Then we come to its subsection (3), which says:
“A disclosure of information under this section does not breach … any obligation of confidence owed by the first regulator, or … any other restriction on the disclosure of information (however imposed).”
Those words are perfectly clear. They provide a complete answer—a complete defence—to a claim for breach of contract or a claim that the rules have been breached. For example, if I objected to the information being released by the first regulator that related to me on the ground that I had entered into a contract preventing the release of that information, I would simply be deprived of my contractual right to complain, because that is exactly what subsection (3) says.
The problem is subsection (4) which says:
“Nothing in this section requires the making of a disclosure which contravenes the data protection legislation”.
If that subsection had said that no disclosure which contravenes the data protection legislation shall be made, or words to the same effect, it would mean that, despite the firm duty in the earlier part of the clause, one was simply not required to disclose anything which would breach the data protection legislation. However, it does not say that; it just says that nothing requires you to do it.
8 pm
Then goes on, in the part in brackets, to say that
“(save that the duty imposed by this section”—
note “duty”—
“is to be taken into account in determining whether any disclosure contravenes that legislation.)”
I do not understand what the part in parentheses really means. When it says “taken into account”, does it mean that it will provide me with a defence to a prosecution under the Data Protection Act, or is it to be taken into account in assessing the penalty which would follow if I was to be convicted of having breached data protection legislation? The wording does not make that point clear. It is very important that it is clear because we are dealing with a provision which could lead to a prosecution, and everybody needs to know the meaning of this subsection.
The words “taken into account” are often used by judges when they impose a sentence after a conviction. They say that they take into account various factors which may either mitigate a sentence or increase it because it enhances the severity of the crime. So, prima facie, “taken into account” is dealing with the penalty aspect of a breach of the data protection legislation, but I am not sure that is really what the Government are saying. Are they really saying that you have a complete answer to this if a duty led to the breach? In other words, it does not require you to do that, but it may nevertheless have that effect, and if it does have that effect, then you have an answer, just as you do for a breach of contract. I think that is what the amendment designed by the noble Lord, Lord Foulkes, is seeking to do, and I am grateful to him for doing that.
I hope the Minister will think again about this and clarify the provision because it is extremely important in dealing with matters that may lead to criminal penalties to know exactly where one stands. The rule of law requires clarity, and the lack of clarity is the subject of the amendment in the name of the noble Lord, Lord Foulkes, which I support.