Show Search Form

Search Results

registered interest	true false
date	exactly: or between: and
answering body
answering dept id
answering dept short name
answering dept sort name
hansard heading
house id
legislature	pref label
question text
tabling member constituency
tabling member printed
uin
answer	is ministerial correction true false date of answer exactly: or between: and answer text answering member constituency answering member printed grouped question UIN question first answered answering member label
tabling member	label

Search

1137582

registered interest
date	08/07/2019
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, what estimate he has made of the number of UK firms that import data from the EU that would be subject to the EU's rules on data export to third countries in the absence of an adequacy decision.
tabling member constituency	Harborough
tabling member printed	Neil O'Brien
uin	274648
answer	answer is ministerial correction date of answer 16/07/2019 answer text <p>We are currently undertaking analysis regarding the number of businesses this will affect.</p><p> </p><p>The UK and the EU agree that the continued free flow of personal data is an important underpinning feature of the future relationship for both economic and security purposes. In 2017, around 40% of the EU’s service exports to the UK were data-enabled worth approximately £30bn, and around 70% of the UK’s service exports to the EU were data-enabled, worth approximately £80bn. This demonstrates that it is in everyone’s interests that the exchange of personal data between EU Member States and the UK continues in the event of a no deal scenario. The EU has an established mechanism to allow the free flow of personal data to countries outside the EU, namely adequacy decisions and the UK stands ready to begin the adequacy assessment process right away.</p><p> </p><p>In the event of no deal, given the degree of alignment between the UK and EU’s data protection regimes, the UK will transitionally recognise all EEA states, EU adequate third countries, EU and EEA institutions, and Gibraltar, as though they have been subject to an affirmative adequacy decision by the UK. This will allow personal data to continue to flow freely from the UK to the EU. The UK would keep all of these decisions under review.</p><p> </p><p>In a no deal scenario, the UK does not expect the European Commission to have made adequacy decisions regarding the UK at the point of exit. This means UK and EU organisations should take steps to mitigate any impact in this scenario by implementing alternative transfer mechanisms to send personal data from the EU to the UK. Details of what the alternative transfer mechanisms available are and how to make use of them are set out in the ICO guidance and gov.uk.</p><p> </p><p> </p> answering member constituency Stourbridge answering member printed Margot James question first answered 16/07/2019 15:40:11 answering member 4115 label Biography information for Margot James
tabling member	4679 label Biography information for Neil O'Brien

1123969

registered interest
date	30/04/2019
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, how many private organisations have been found in breach of General Data Protection Regulations by the Information Commissioner's Office since May 2018.
tabling member constituency	St Albans
tabling member printed	Mrs Anne Main
uin	249256
answer	answer is ministerial correction date of answer 08/05/2019 answer text <p>The Government takes the protection of personal data and the right to privacy extremely seriously.</p><p> </p><p>The Information Commissioner’s Office (ICO) is the independent regulator for data protection in the UK and is responsible for regulating compliance with data protection legislation. The Information Commissioner has the power to serve fines on a data controller as a result of a data breach. Details of enforcement action, including fines, are published on the ICO website at www.ico.org.uk/action-weve-taken</p> answering member constituency Stourbridge answering member printed Margot James grouped question UIN 249257 question first answered 08/05/2019 16:00:02 answering member 4115 label Biography information for Margot James
tabling member	1568 label Biography information for Mrs Anne Main

1123971

registered interest
date	30/04/2019
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, if he will publish (a) a list of the public bodies and agencies who have been found in breach of the General Data Protection Regulations since they came into force in May 2018 and (b) details of any fines that may have been imposed by the Information Commissioner's Office as a result of any breaches.
tabling member constituency	St Albans
tabling member printed	Mrs Anne Main
uin	249257
answer	answer is ministerial correction date of answer 08/05/2019 answer text <p>The Government takes the protection of personal data and the right to privacy extremely seriously.</p><p> </p><p>The Information Commissioner’s Office (ICO) is the independent regulator for data protection in the UK and is responsible for regulating compliance with data protection legislation. The Information Commissioner has the power to serve fines on a data controller as a result of a data breach. Details of enforcement action, including fines, are published on the ICO website at www.ico.org.uk/action-weve-taken</p> answering member constituency Stourbridge answering member printed Margot James grouped question UIN 249256 question first answered 08/05/2019 16:00:02 answering member 4115 label Biography information for Margot James
tabling member	1568 label Biography information for Mrs Anne Main

1052299

registered interest
date	31/01/2019
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, what recent discussions he has had with Cabinet colleagues on cross-border data handling when the UK leaves the EU.
tabling member constituency	Hendon
tabling member printed	Dr Matthew Offord
uin	215167
answer	answer is ministerial correction date of answer 08/02/2019 answer text <p>The Secretary of State has regular discussions with his Cabinet colleagues on a wide range of issues, including cross-border data handling when the UK leaves the European Union.</p><p> </p><p>The Government has published information and guidance on handling cross-border data flows when the UK leaves the European Union.</p> answering member constituency Stourbridge answering member printed Margot James question first answered 08/02/2019 14:38:25 answering member 4115 label Biography information for Margot James
tabling member	4006 label Biography information for Dr Matthew Offord

1012275

registered interest
date	22/11/2018
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, how many prosecutions have commenced as a result of alleged breaches of the General Data Protection Regulations since May 2018.
tabling member constituency	East Londonderry
tabling member printed	Mr Gregory Campbell
uin	194597
answer	answer is ministerial correction date of answer 27/11/2018 answer text <p>Most breaches of the GDPR are not criminal offences and would not therefore be subject to criminal prosecution. The Information Commissioner’s Office (ICO) can, however, impose large administrative fines on organisations which fail to comply. The very worst data breaches, including those involving the unlawful obtaining or disclosure of data, may be subject to criminal prosecution under the Data Protection Act 2018. Investigations into offences committed since the Act came into force in May 2018 have not yet reached the prosecution stage.</p> answering member constituency Stourbridge answering member printed Margot James question first answered 27/11/2018 19:17:12 answering member 4115 label Biography information for Margot James
tabling member	1409 label Biography information for Mr Gregory Campbell

1010646

registered interest
date	20/11/2018
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, what assessment he has made of the potential effect of the UK leaving the EU on data regulations in the UK.
tabling member constituency	Coventry South
tabling member printed	Mr Jim Cunningham
uin	193374
answer	answer is ministerial correction date of answer 23/11/2018 answer text <p>The UK is a global leader in strong data protection standards and protecting the privacy of individuals will continue to be a priority for the UK after we leave the EU. The EU Withdrawal Act retains the General Data Protection Regulation in UK law. It also allows the government to make technical corrections to it via regulations so that it continues to be operable when the UK is no longer an EU Member State. The Data Protection Act 2018 will continue to sit alongside the retained GDPR to ensure we have a complete data protection framework.</p> answering member constituency Stourbridge answering member printed Margot James question first answered 23/11/2018 14:11:53 answering member 4115 label Biography information for Margot James
tabling member	308 label Biography information for Mr Jim Cunningham

997433

registered interest
date	29/10/2018
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, what steps his Department plans to take to encourage the collection of funds for the benefit of the consolidated fund by the Information Commissioner's Office (ICO) from all data controllers (a) who should have paid and (b) should pay (i) data notifications and (ii) registration fees to the ICO.
tabling member constituency	Knowsley
tabling member printed	Mr George Howarth
uin	184887
answer	answer is ministerial correction date of answer 06/11/2018 answer text <p>The Information Commissioner’s Office (ICO) is an independent regulator. Funding for data protection activities is provided by the data protection charges, which are levied on data controllers in accordance with the Data Protection (Charges and Information) Regulations 2018 (previously the Data Protection (Notification and Notification Fees) Regulations 2000). The collection of the data protection charge (and previously the notification fee) is the responsibility of the ICO. The Data Protection Act 2018 sets out powers for the ICO to enforce collection of these charges, including penalties up to a maximum of 150% of the highest charge payable by a controller in that year (Part 5 section 158). The ICO is at liberty to use all funding generated by these charges for data protection activity.</p><p> </p><p>As a body funded by public money, the ICO is subject to standard Cabinet Office Spend Controls and HMT’s Managing Public Money principles. Full details on the controls pertaining to the ICO’s expenditure are available in the Management Agreement between the ICO and DCMS.</p><p> </p><p>Under the terms of this Management Agreement, the ICO is able to retain such funds as are necessary to meet any liabilities at the end of the financial year (such as creditors), or unspent funds up to a maximum of 3% of total annual data protection charge income (whichever is the greater). Any additional surplus would be remitted to the Consolidated Fund at the end of the financial year. This is the only scenario in which income from data protection charges would be remitted to the Consolidated Fund. As such, the data protection charge (previously notification fee) is not collected for the benefit of the Consolidated Fund, but rather to ensure the ICO is able to fulfil its important regulatory functions.</p><p> </p><p>Information on the amount of surplus remitted to the Consolidated Fund is not available for 2008/09 or 2009/10. For 2010/11 and 2011/12, this information is published on page 50 of the 2011/12 Annual Accounts. From 2012/13 onwards, this information is available in note 5b of the ICO’s Annual Accounts for each year. Copies of the Annual Accounts for each year are available on the ICO’s website www.ico.org.uk.</p><p><strong> </strong></p> answering member constituency Stourbridge answering member printed Margot James grouped question UIN 184888 184889 184892 question first answered 06/11/2018 16:50:54 answering member 4115 label Biography information for Margot James
tabling member	481 label Biography information for Sir George Howarth

997434

registered interest
date	29/10/2018
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, what limits his Department has been placed on the Information Commissioner's Office in respect of funds that it can use for its data protection activities; and what such excess funds have been remitted to the consolidated fund in each of the last 10 years.
tabling member constituency	Knowsley
tabling member printed	Mr George Howarth
uin	184888
answer	answer is ministerial correction date of answer 06/11/2018 answer text <p>The Information Commissioner’s Office (ICO) is an independent regulator. Funding for data protection activities is provided by the data protection charges, which are levied on data controllers in accordance with the Data Protection (Charges and Information) Regulations 2018 (previously the Data Protection (Notification and Notification Fees) Regulations 2000). The collection of the data protection charge (and previously the notification fee) is the responsibility of the ICO. The Data Protection Act 2018 sets out powers for the ICO to enforce collection of these charges, including penalties up to a maximum of 150% of the highest charge payable by a controller in that year (Part 5 section 158). The ICO is at liberty to use all funding generated by these charges for data protection activity.</p><p> </p><p>As a body funded by public money, the ICO is subject to standard Cabinet Office Spend Controls and HMT’s Managing Public Money principles. Full details on the controls pertaining to the ICO’s expenditure are available in the Management Agreement between the ICO and DCMS.</p><p> </p><p>Under the terms of this Management Agreement, the ICO is able to retain such funds as are necessary to meet any liabilities at the end of the financial year (such as creditors), or unspent funds up to a maximum of 3% of total annual data protection charge income (whichever is the greater). Any additional surplus would be remitted to the Consolidated Fund at the end of the financial year. This is the only scenario in which income from data protection charges would be remitted to the Consolidated Fund. As such, the data protection charge (previously notification fee) is not collected for the benefit of the Consolidated Fund, but rather to ensure the ICO is able to fulfil its important regulatory functions.</p><p> </p><p>Information on the amount of surplus remitted to the Consolidated Fund is not available for 2008/09 or 2009/10. For 2010/11 and 2011/12, this information is published on page 50 of the 2011/12 Annual Accounts. From 2012/13 onwards, this information is available in note 5b of the ICO’s Annual Accounts for each year. Copies of the Annual Accounts for each year are available on the ICO’s website www.ico.org.uk.</p><p><strong> </strong></p> answering member constituency Stourbridge answering member printed Margot James grouped question UIN 184887 184889 184892 question first answered 06/11/2018 16:50:54 answering member 4115 label Biography information for Margot James
tabling member	481 label Biography information for Sir George Howarth

997435

registered interest
date	29/10/2018
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, (a) what process has been involved in setting funding limits on the Information Commissioner's Office (ICO) in respect of funds that it can use for its Data Protection activities in each of the last 10 years; and if he will place in the Library copies of all records relating to such processes including any notes of meetings and communications between the Government and the ICO.
tabling member constituency	Knowsley
tabling member printed	Mr George Howarth
uin	184889
answer	answer is ministerial correction date of answer 06/11/2018 answer text <p>The Information Commissioner’s Office (ICO) is an independent regulator. Funding for data protection activities is provided by the data protection charges, which are levied on data controllers in accordance with the Data Protection (Charges and Information) Regulations 2018 (previously the Data Protection (Notification and Notification Fees) Regulations 2000). The collection of the data protection charge (and previously the notification fee) is the responsibility of the ICO. The Data Protection Act 2018 sets out powers for the ICO to enforce collection of these charges, including penalties up to a maximum of 150% of the highest charge payable by a controller in that year (Part 5 section 158). The ICO is at liberty to use all funding generated by these charges for data protection activity.</p><p> </p><p>As a body funded by public money, the ICO is subject to standard Cabinet Office Spend Controls and HMT’s Managing Public Money principles. Full details on the controls pertaining to the ICO’s expenditure are available in the Management Agreement between the ICO and DCMS.</p><p> </p><p>Under the terms of this Management Agreement, the ICO is able to retain such funds as are necessary to meet any liabilities at the end of the financial year (such as creditors), or unspent funds up to a maximum of 3% of total annual data protection charge income (whichever is the greater). Any additional surplus would be remitted to the Consolidated Fund at the end of the financial year. This is the only scenario in which income from data protection charges would be remitted to the Consolidated Fund. As such, the data protection charge (previously notification fee) is not collected for the benefit of the Consolidated Fund, but rather to ensure the ICO is able to fulfil its important regulatory functions.</p><p> </p><p>Information on the amount of surplus remitted to the Consolidated Fund is not available for 2008/09 or 2009/10. For 2010/11 and 2011/12, this information is published on page 50 of the 2011/12 Annual Accounts. From 2012/13 onwards, this information is available in note 5b of the ICO’s Annual Accounts for each year. Copies of the Annual Accounts for each year are available on the ICO’s website www.ico.org.uk.</p><p><strong> </strong></p> answering member constituency Stourbridge answering member printed Margot James grouped question UIN 184887 184888 184892 question first answered 06/11/2018 16:50:54 answering member 4115 label Biography information for Margot James
tabling member	481 label Biography information for Sir George Howarth

997436

registered interest
date	29/10/2018
answering body	Department for Digital, Culture, Media and Sport
answering dept id	10
answering dept short name	Digital, Culture, Media and Sport
answering dept sort name	Digital, Culture, Media and Sport
hansard heading	Data Protection
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Digital, Culture, Media and Sport, what processes exist within the Information Commissioner's Office (ICO) as regulator for dealing with concerns on the handling of data by the ICO as a data controller.
tabling member constituency	Knowsley
tabling member printed	Mr George Howarth
uin	184890
answer	answer is ministerial correction date of answer 06/11/2018 answer text <p>Section 15 of the ICO’s service guide explains how they handle data protection concerns about the ICO. It explains that they will deal with such concerns in line with our usual procedures. There are also various options for redress should a complainant be dissatisfied with the ICO’s handling of a complaint against them. Part 5 section 166 of the DPA 2018 sets out a complainant’s powers to initiate a judicial review if they are not satisfied with the process followed by the ICO in handling an investigation into their complaint.</p><p> </p><p> </p><p> </p><p>If, having exhausted the ICO's complaints procedure, an individual remains dissatisfied about any aspect of any service they have received from the ICO, or considers that the ICO has not acted properly or fairly, they can take the matter to the Parliamentary and Health Service Ombudsman. Complaints to the Ombudsman must be made through the individual's MP. Further information about the Ombudsman’s service can be found on their website http:// www.ombudsman.org.uk.</p><p> </p><p> </p><p>Complainants can also go to the courts to claim compensation should the complainant feel that is appropriate.</p><p> </p><p>The number and outcome of any DP complaints about the ICO as a data controller will be published in their datasets online.</p><p> </p><p>The ICO haven’t taken any formal regulatory action against themselves as data controller.</p> answering member constituency Stourbridge answering member printed Margot James grouped question UIN 184891 question first answered 06/11/2018 16:41:26 answering member 4115 label Biography information for Margot James
tabling member	481 label Biography information for Sir George Howarth