My Lords, I was also too late to put my name to these stand part notices for Clause 128 and Schedule 11. There must have been a stampede towards the Public Bill Office, meaning that some of us failed to make it.
At Second Reading, I described Clause 128 as “draconian”. Having dug into the subject further, I think that was an understatement. Data protection is a rather dry subject and, as the debates throughout this Committee stage have shown, it does not generate a lot of excitement. We data protection enthusiasts are a fairly select group, but it is nice to see a few new faces here today.
The Bill runs to 289 pages and is called the Data Protection and Digital Information Bill. Nothing in that name suggests that around 20 pages of it relate, in effect, to giving the Government unlimited access to the bank accounts of large swathes of the population without suspicion of any wrongdoing—20 pages is larger than many Bills. I wonder what the reaction in this Committee and the other place might have been if those 20 pages had been introduced as a stand-alone Bill—called, perhaps, the government right to access bank account information Bill. I suspect that we might have had a few more people in this Room. It feels as if this draconian clause is being hidden in the depths of a Bill that the Government perhaps felt would not generate much interest. It is particularly concerning that it was dropped into the Bill at the last minute in the other place and has not, therefore, received scrutiny there either. This sort of draconian power deserves much more scrutiny than on day 6 in Committee in the Moses Room.
I hope that my desire to stamp out fraud is well known—indeed, I think I can probably describe myself as rather boring on the subject—so I have a lot of sympathy for the Government’s underlying intention here.
However, a right to require banks to carry out suspicionless surveillance over the bank accounts of anybody who receives pretty much any kind of benefit, directly or indirectly, is a huge intrusion into privacy and feels completely disproportionate. Others have covered the detail eloquently, so I just want to ask a number of questions of the Minister—I see that we have had a viscount swap at this stage.
I have been trying to work out exactly which accounts could be covered by this requirement. Schedule 11 is not the easiest document to read. It seems clear that if, for example, I am a landlord receiving rent directly from the benefit system on behalf of a tenant, the account of mine that receives the money would be covered, as would any other account in my name. However, would it also catch, for example, a joint account with my wife? I think it would. Would it catch a business account or an account for a charity where I am a signatory, a director or a trustee? I am not sure from reading it, I am afraid. Can the noble Minister clarify that?
Once received, the information provided by the banks may be used
“for the purposes of, or for any purposes connected with, the exercise of departmental functions”.
That seems extremely broad, and I cannot find anything at all setting out for how long the information can be retained. Again, can the Minister clarify that?
As well as being a data protection enthusiast, I am also an impact assessment nerd. I have been trying to work out from the impact assessment that accompanies the Bill—without much success—how much money the Government anticipate recovering as a result of these proposed rights, as well as the cost to the banks, the department and any other parties in carrying out these orders. The impact assessment is rather impenetrable—I cannot find anything in it that covers these costs—so I would be grateful if the Minister could say what they are and on what assumptions those numbers are based.
The noble Lord, Lord Kamall, mentioned unintended consequences. I echo his points: this is really important. Putting additional onerous obligations on banks may make them decide that it is too difficult to provide accounts to those in receipt of benefits. Access to bank accounts for vulnerable people is already an issue, and any incentive to make that worse is a real problem. As the noble Lord pointed out, we have a good example of that with PEPs. All of us have, I suspect, experienced finding it at least difficult to open an account. Some of us have had accounts refused or even closed simply because we have made it difficult for the banks to act for us. The same risk applies to landlords. Why would a landlord want to receive money from housing benefits directly when it will mean that all of his bank accounts and linked accounts will be looked at? He will simply say no. We are therefore reducing the pool of potential accommodation available to housing benefit claimants.
6 pm
When the Bill was introduced in the other place, the accompanying press release stated, in relation to this clause:
“To make sure that privacy concerns are at the heart of these new measures, only a minimum amount of data will be accessed and only in instances which show a potential risk of fraud and error”.
But that is not what the Bill says. It allows unlimited trawls of all accounts in any way linked to a relevant benefit, whether or not there is any reason for suspicion. According to paragraph 1(2) of new Schedule 3B, it can be used
“for the purpose of assisting the Secretary of State in identifying cases which merit further consideration to establish whether relevant benefits are being paid or have been paid in accordance with the enactments and rules of law relating to those benefits”.
That is very different from “only in instances that show a potential for fraud and error”.
As I said, my desire to stamp out fraud is well known, but there must be a balance with intrusion of privacy. The Bill seems entirely disproportionate. What will be next? Will it be access to the phone records or emails of people in some way connected to a benefit without reason? That would not be any more intrusive than this proposed power, and I do not believe we would accept it—I certainly hope we would not. If the Government intend to use the power only in more limited circumstances, as they seem to indicate, they should define them in the Bill. This sort of scope overreach is not good law-making.
I point out to the noble Baroness, Lady Lister, that one does not have to be in any way a benefit recipient for an account to be trawled. Logically under this, the banks will have to review all bank accounts in order to find the other ones, so all bank accounts will be surveilled as a result of the Bill.
I caution the noble Baroness, Lady Chakrabarti, who asked the Government to compare these proposals with the more tightly defined rules around tax and national security: there is a risk that the Government may be tempted to remove those safeguards.
I hope the Minister will hear the strength of feeling on this and, between Committee and Report, will seriously consider what power the Government genuinely need and intend to use. I hope he will come back with something rather more tailored and proportionate, perhaps along the lines of the amendments in the next group tabled by the noble Lord, Lord Anderson, and the noble Baroness, Lady Sherlock—although I do not think they go far enough. In the absence of that, I certainly cannot support these clauses. As I said at Second Reading, this is a draconian power that constitutes a worrying level of creep towards a surveillance society, and nothing I have heard since has changed my mind on that.