This Library Briefing Paper looks at the General Data Protection Regulation, the Data Protection Act 2018, and when MPs can process personal information.
Data protection: constituency casework (531 KB , PDF)
The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 form the UK’s data protection regime.
Under the GDPR, Members of Parliament are data controllers. Any processing of personal data by Members must comply with the GDPR and the 2018 Act. This means that personal data can only be processed if there is a lawful basis for doing so. The lawful bases are:
Members’ casework and special category data
Special category personal data includes data revealing, among other things, a person’s racial origin, ethnic origin, health details, sexual orientation, and political and philosophical beliefs. Schedule 1 of the 2018 Act sets out a number of areas in which the processing of special category personal data is permitted without an individual’s explicit consent.
For Members of Parliament (and other elected representatives), paragraphs 23 and 24 of Schedule 1 have two main functions that apply when a constituent has contacted them.
Paragraph 23 sets out when a Member of Parliament (or someone acting with their authority) can process certain “special category” data about an individual, in the course of the Member’s “functions as a representative” (e.g. constituency casework), without having to establish explicit consent.
Paragraph 24 allows, but does not require, others (e.g. agencies or organisations) who are contacted by Members to disclose special category personal data to them where this is necessary to help with their functions, without having to obtain the explicit consent of the individual concerned.
Sources of advice
The Information Commissioner’s Office (ICO) oversees data protection law. Guidance for elected representatives is available from the ICO website. The ICO can discuss individual cases – its advice line is 0303 123 1113.
The House has an Information Rights and Information Security (IRIS) Service. IRIS has published information [intranet only] for Members. IRIS can provide advice to Members and their staff on the application of data protection law.
Data protection: constituency casework (531 KB , PDF)
This paper examines the regime for proscribing organisations under the Terrorism Act 2000. It explains the criteria that must be met for proscription, the associated criminal offences, and the process for deproscription. It also considers recently proscribed organisations, and some criticisms of the regime.
On 15 August 2021 the Taliban took control of the Afghan capital, Kabul. Afghanistan's President, Ashraf Ghani, left the country and his Government collapsed. What are the implications, and will a Taliban government be recognised by the international community?
11 September 2021 will mark the 20th anniversary of the 9/11 terrorist attacks on the United States and the end of a military presence in Afghanistan that has spanned two decades.
