Contents
- Attendance
- Decision on Taking Business in Private
- Subordinate Legislation
- Registers of Scotland
Subordinate Legislation
Digital Government (Scottish Bodies) Regulations 2022 [Draft]
The committee will now take evidence on the draft Digital Government (Scottish Bodies) Regulations 2022. I welcome to the meeting the Minister for Public Finance, Planning and Community Wealth, Tom Arthur. He is joined by Albert King, who is chief data officer in the Scottish Government, and Francesca Morton, who is a solicitor in the Scottish Government. I invite the minister to make a short opening statement.
Good morning. I thank the committee for the opportunity to discuss the draft Digital Government (Scottish Bodies) Regulations 2022, which are technical regulations that will add certain Scottish bodies to the debt and fraud schedules of the United Kingdom Digital Economy Act 2017. That will provide the bodies with the potential to better identify and manage debt and fraud against the public sector, through responsible sharing of information.
I will set the draft regulations in context. Part 5 of the Digital Economy Act 2017 introduced new information-sharing powers to reduce debt that is owed to, or fraud against, the public sector, while ensuring that robust safeguards and protections are in place to prevent unlawful disclosure. To be able to use those information-sharing powers, public authorities must be listed in the debt and fraud schedules of the act. That provides a legal means for them to share information with other listed public authorities for debt and fraud purposes. The act does not compel data sharing, so there is no requirement for the public bodies to use the powers and share data.
We all want to be confident that our rights to privacy are protected, that there are adequate protections against exploitation of our personal information, and that that information is held securely and used effectively for public benefit. I want to highlight three of the robust safeguards and protections that are in place to prevent unlawful disclosure of information.
First, data protection law, which governs how personal data is processed and shared, continues to apply, as does the Human Rights Act 1998. Secondly, data can be shared only for the specific debt and fraud purposes that are set out in the 2017 act and not to achieve other objectives.
Thirdly, public bodies must also have regard to a code of practice that provides details on how the debt and fraud information-sharing powers should operate. The code provides that all information sharing under the debt and fraud powers be initially run as a pilot before the process becomes business as usual. That allows for the benefit of the data sharing to be explored, and for identification of any potential impacts and ethical issues.
There have been two public consultations to seek views on Scottish bodies being included in the schedules. I am pleased to say that responses on the proposals were overwhelmingly positive.
Providing our public bodies with the potential to better identify and manage debt and fraud against the public sector could provide significant additional investment in our public services.
I am happy to take any questions that the committee might have.
Thank you, minister.
You mentioned pilots. How long would a typical pilot last? Will the processes for evaluation of all pilots be consistent? Will there be a similar approach to deciding whether a pilot should continue in the longer term?
I cannot speak about the duration of individual pilots. However, the review board mechanism, which will be analogous to the new provisions that are in place in England, will obviously provide a means of assessing pilot proposals. In the process of transitioning a process from pilot to business as usual, the independent review board will have a key role in terms of the recommendations that it makes to ministers. Obviously, individual proposals will have to be considered case by case. The service that will be provided by the review board will help to inform ministers’ decisions.
Thank you for your opening remarks. I have a couple of questions about safeguards.
You talked about, and listed quite clearly, the safeguards to prevent unlawful sharing of data. Given what has been in the media recently about the Post Office scandal and the incorrect data and software malfunction that led to many convictions, what safeguards are in place to ensure that the data that is stored and shared is correct in the first place? As an extension of the safeguards, what opportunities will there be for debtors to know who has that data, when that data is shared, how long it is kept and whether they can challenge that?
The regulations will add public bodies to the appropriate schedules of the 2017 act. As such, they are within the broader context of existing data protection measures, including the general data protection regulation, the Data Protection Act 2018 and the need to comply with the European Convention on Human Rights. All those provisions are in place; public bodies have a duty and an obligation to adhere to them.
I will bring in Albert King to give a bit more detail about what the existing protections are. He can set out the broader data protection landscape in which the measures exist.
That would be helpful.
There are already measures that exist under data protection legislation, such as on conducting data protection impact assessments. The pilot measures provide an opportunity for the bodies that would be involved in data sharing to assess the quality of the data and to consider whether that enables them to meet the objectives of the pilot and to do so in ways that are ethical and do not affect people’s privacy rights.
The review board has a clear role in assessing the outcome of the pilots and in making recommendations about the transition to business as usual.
Do any other members have questions? Two members are attending virtually.
I have three brief questions.
Paragraph 4 in our papers for the meeting says that the Scottish Government is the
“‘appropriate national authority’ to amend the list of specified bodies”
by adding or removing bodies from it. What scrutiny will there be of any wish of the Scottish Government to amend that list? Will that come before a committee or Parliament, or will the decision be made unilaterally by the Government?
Mr Burnett said that he had three questions. Did I mishear him?
Mr Burnett, are the questions on separate issues, or would you like to ask them together?
I will ask them all together.
Paragraph 12 of our papers says that the Scottish Government
“will ... establish its own structures for oversight”,
and paragraph 14 says that
“A similar register will be established”.
Will the minister give us an insight into the cost of setting up the register and other structures? What will they look like? What work has been done on setting them up? How transparent will the register and structures be? How much do those structures overlap with those in other parts of the UK? We should avoid unnecessary duplication and cost.
I will start with the last point, about overlap. There is a UK provision regarding relevant bodies in England and bodies that deal with reserved matters, so there is no overlap or duplication. The regulations refer specifically to Scottish bodies.
Alexander Burnett asked about the review board and the register. Once we have a pipeline of pilots, that will inform how we set up the review board. We will ensure that it is independent and we will look to secure voices from relevant specialisms, such as in academia. I anticipate that the review board and the register will broadly reflect the approach that has been taken in England.
Mr Burnett will appreciate that the decision about which bodies to include in the regulations has been informed by consultation. Mr King can comment on the process for any future amendment to the list of bodies.
09:45
The process for adding bodies to the regulations would involve laying of affirmative instruments before Parliament. I invite Francesca Morton, my colleague from the Scottish Government’s legal directorate, to add to that.
Do we have Francesca Morton on the line?
I am afraid we might only have you with us, Mr King. No—we have Francesca now. Good morning; please go ahead.
If the Scottish ministers want to add bodies to the 2017 act’s schedules, they can do so in a way that is similar to the process that we are using to progress the regulations. We would have to take into account various conditions in the 2017 act that set out, for example, that the person must require information from a public authority for the purposes of the recovery of debt. The Scottish ministers would also have to have regard to the secure handling processes of such bodies. As I said, that is similar to the process that we have gone through in specifying the bodies in the current draft.
I hope that that assures Mr Burnett. The process is similar to the one in the 2017 act. Of course, because it uses the affirmative procedure, there will be an opportunity for parliamentary scrutiny, just as there is this morning.
As we have no further questions, we move to agenda item 3. I remind everyone that only members and the minister may take part in the debate.
Motion moved,
That the Economy and Fair Work Committee recommends that the Digital Government (Scottish Bodies) Regulations 2022 be approved.—[Tom Arthur]
Motion agreed to.
The clerks will produce a short factual report and arrange to have it published.
I thank the minister and his officials for joining us this morning.
09:47 Meeting suspended.09:48 On resuming—
Air adhart
Registers of Scotland