Mr. Dale Sunderland:

I will do that, and I thank the Deputy for the question. He is right to point out that the GDPR is often used as a reason something cannot be done or cannot happen. However, that is a false premise and basis from which to look at this matter. This is about how clear the legislation can be and how precise it can be in terms of the purpose for which personal data are being processed. If there is a desire to capture further data under the written record of a stop and search, the Bill needs to be clear as to the reason for the collection of those data and for what purpose they will be used. If the data are collected for the purpose of aggregation and looking at the effectiveness of the use or not of the power, the Bill needs to specify that. The framework should be provided within the Bill and any use of the data outside of that legislative provision would not be lawful.

I will also reference the code of practice in that context. It is also an important part of these considerations that the code of practice needs to set out explicitly all of the requirements and, from a data protection perspective, what data will be collected, how they will be stored and retained, and how a balance is going to be struck between an individual's right for his or her data to be protected and the legitimate uses to which they may be put. That is the answer. It can be done but the question is as to how it is done and how specific and clear the legislation will be. This is not just for the purpose of law enforcement but may also fall under the GDPR in terms of the use of the data. A little bit of thinking needs to be done as to how those two legal frameworks come together in this context. I hope that in some way answers the Deputy's question.