My Lords, with this group of amendments we arrive at a particularly sensitive and emotive set of issues, as noble Lords have so movingly described. I shall do my best to provide responses to each of the amendments in as constructive and informative a way as I can.
I start by addressing Amendment 101, in the name of my noble friend Lady Morgan and spoken to by my noble friend Lady Bertin. The amendment seeks to revise the Government’s new Clauses 44A to 44F, which place a duty on authorised persons, including the police, to request victim information only when it is necessary and proportionate in pursuit of a reasonable line of enquiry. It would instead require agreement before the police could request victim information.
To pick up a point raised by the noble Lord, Lord Russell of Liverpool, when we were developing this legislation we wanted to consider very carefully the desirability of aligning the provisions around requests for victim information and the extraction of information from digital devices. Where possible, we have ensured consistency between those provisions.
The new victim information clauses in this Bill do not grant new powers to authorised persons; instead, they place safeguards around requests for third-party material. This is unlike the powers governing the extraction of material from devices in the Police, Crime, Sentencing and Courts Act, which give new statutory powers to authorised persons to request a device and extract information from it on the basis of agreement.
My noble friend’s amendment is based on the principle of victim agreement, but there is a key point we need to remember here. Unlike the information contained on a personal device, the victim does not own the material held by a third party, and therefore cannot agree to its disclosure. That does not mean that the victim’s views are immaterial, and I will come on to that, but the decision to release this information instead lies with the third party. The third party, of course, must be able to fulfil their own obligations under the Data Protection Act 2018, which governs the processing of personal data by competent authorities.
When considering digital information, it is likely that information held on a device could be accessible via other sources: that is, messages between a victim and suspect could be accessible from the suspect’s device. That is unlikely to be the case for third-party material. Therefore, it would not be appropriate to mandate that a victim agree to a request before the third party can disclose the material, because that may prevent the police accessing vital information relevant to the case.
Furthermore, a suspect’s right to a fair trial is already enshrined in law as part of the Human Rights Act 1998, which new measures must not contravene. This amendment could prevent authorised persons accessing information they need to support a reasonable line of inquiry, whether it points towards or away from a suspect. Investigators should always work to balance the public interest in obtaining the material against the consequential impact on the victim’s privacy.
Of course we recognise that it is best practice for investigators to work with and consult victims, so that their views and objections can be sought and recorded. That is why we have supported police in doing so in the draft statutory code of practice that we have published alongside the Bill.
Amendment 106 seeks to revise current data protection legislation, so that victims of malicious complaints involving third parties can prevent the processing, and subsequently request the deletion, of personal data gathered during a safeguarding investigation where the complaint was not upheld.
It is of course right that people are able to flag genuinely held concerns about children whom they believe to be vulnerable. It is also right that social services fulfil their duty to treat each safeguarding case seriously and to make inquiries if they believe a child has suffered or is likely to suffer harm. However, equally, malicious reporting and false claims made to children’s social care are completely unacceptable. They not only cause harm and distress to those subject to the false claims but divert crucial time and resources from front-line services and their ability to undertake investigations into cases where there are genuine safe- guarding concerns.
Current data protection legislation sets out that data controllers must respond to any request from a data subject, including requests for erasure, and then must consider the full circumstances of a request—including the context in which the data was provided—before refusing. Where a data subject is dissatisfied with the response to their request, the current rights of appeal allow a data subject to contest a refusal and, ultimately, raise a complaint with the Information Commissioner’s Office.
I assure my noble friend that, as part of its decision-making process, the ICO will take into consideration circumstances where a malicious claim has been made that may or may not amount to criminal conduct. Where a complaint to the ICO is upheld, the ICO can tell the organisation to assist with resolving the complaint, such as providing information or correcting any inaccuracies. The ICO can make recommendations to the organisation about how it can improve its information rights practices, and can take regulatory action in the most serious cases.
I hope that the process I have set out reassures my noble friend, and the Committee, that the current data protection legislation provides adequate protection. Therefore, in our view, additional provision is not needed.