My Lords, I thank the noble Lord, Lord Foster, for introducing the amendment from the noble Lord, Lord Fox, which seeks, as he said, to introduce a list of bodies that can be subject to information-sharing obligations. I also thank the noble Lord for his comprehensive and detailed Amendment 108 and his consideration of the Bill.
I take both these amendments very seriously; these are clearly important and interesting points on the limits and scope of information sharing. I assure the noble Lord that I will reflect very carefully on what he said. Over the past few years, your Lordships’ House has debated information sharing and risks to personal information, and the noble Baroness, Lady Brinton, has taken part in those debates. There is a difficult balance to be drawn between the benefits you can get and the risks, and we are trying to test that all the time in order to get the balance right.
The noble Lord argued that we need to include a wider range of organisations in the Bill. He was very careful not to be exclusive, because he anticipated that I would come in with the list defence. I need to look into the Enterprise Act further, if the noble Lord will let me write to him on that issue.
I certainly agree with the sentiment behind the amendments. With this Bill we are clearly trying to ensure that consumers are protected from any harm caused by unsafe or non-compliant products. In a consumer world that is always evolving—it seems to be evolving faster and faster—and where new products are being traded increasingly easily, regulatory authorities need to be able to marshal relevant data and information that may provide crucial evidence of certain product-related issues. Where such issues come within the terms of the Bill, we want to encourage the sharing of appropriate information.
On the other hand, there must be appropriate safeguards about sharing information. The noble Lord mentioned the word “guard-rails”. He was not running two horses; he was reflecting the tension there is and trying to find a way through, for which I applaud him very much. He mentioned the coroner. One of the coroner’s duties is to issue a prevention of future deaths report to related relevant persons, which may well include government bodies. We know that this data sharing can lead to important interventions.
We think that regulations proposed under the Bill will allow public health agencies such as the NHS to share data recorded in the course of their activities that relates to injuries caused by products. I have taken part in previous debates on the importance of this and of the NHS having the information and the registries that enable it to happen. There is a contrast between, say, supermarkets, which, when a product is found to be defective seem able to identify it very easily, and a service such as the NHS, where sometimes, as we have seen in the past, there are real issues around the ability to trace patients and the product. Clearly, this is a vital area in terms of safety. I refer to the report of the noble Baroness, Lady Cumberlege, First Do No Harm, in relation to pelvic mesh, for instance. She clearly identified the need to grip this issue.
It is very important that health bodies do the right thing here, but we think the Bill enables greater sharing of relevant data between public authorities, including emergency service authorities. That will bring more public agencies, including emergency services, within the scope of data-sharing agreements and schemes. We think that regulators need to take a co-ordinated approach to incidents to prevent future harm. However, we are wary of mandating reporting requirements. Going back to the previous debate—I see the noble Baroness there—clearly, more onerous reporting requirements can increase cost and resource burdens for those submitting information, so we need a targeted and efficient approach in this area.
In the normal course of creating such information-sharing obligations, and in relation to the noble Lord’s proposed new subsections (1) to (5), the regulations will state the general power “to share information between ‘x’ and ‘y’ for ‘z’ purpose”, for example. Clause 7(5)—here is the guard-rail—already provides that it will not override the UK general data protection regulations, and Article 9 of the Bill of Rights will apply to prevent a court from compelling information provided to Parliament.
The regulations will also set out any further safeguards that will apply to the information-sharing provisions, tailored to the circumstances envisaged in the regulations. In the context of a discretionary power to share information, for instance, there would be no need to exclude self-incriminating evidence.
Clearly, the UK GDPR provides stringent data-sharing safeguards that require individual consent to share personal data with third parties—as I have already mentioned, that is in Clause 7(5)—but the GDPR allows data sharing where there is a legal basis to do so. The Bill will not contravene that important legislation. We want data to be shared where it will enhance the intentions in the Bill, but we do not want to undermine the necessary protections in the GDPR legislation for information held about individuals.
We hope that we have the balance right, but we will take away the noble Lord’s comments, because this needs careful consideration. It has been very helpful to have this debate and try to tease these issues out.
7 pm