General Data Protection Regulation (GDPR)
,
Standards, Regulations & Compliance
Lawmakers Expressed Concerns Over Proposed Data Use and Access Bill
British lawmakers sought assurances Tuesday from the U.K. government that proposed data use reform legislation will not cause the country to lose its data-sharing rights with the European Union. Lawmakers also warned about potential AI risks arising from the bill.
See Also: How Enterprise Browsers Enhance Security and Efficiency
Legislation put forward by the U.K. government last month would modify the country’s data regulatory framework, currently a carbon copy of the European Union’s General Data Protection through a statute ushered into law before the United Kingdom withdrew from the trading bloc.
The recently-elected Labour government argues it can add 10 billion pounds to the economy and “free up millions of police and National Health Service staff hours” through targeted modifications to the U.K. GDPR. The previous Tory government had proposed a greater set of reforms, sparking concerns the EU would respond by prohibiting routine commercial and law enforcement data transfers (see: UK Parliament Hears Assurances on GDPR Adequacy).
The EU in 2021 deemed the U.K. to have “adequate” data protection laws in a decision that expires next June. The U.K. is one of 15 countries whose commercial data processors can legally handle European data without separate contractual process and one of three whose law enforcement agencies can easily process personal data for criminal investigations (see: Retaining EU Adequacy Crucial to UK Economy: Lawmaker).
In a Tuesday session of the House of Lords on Tuesday, lawmakers voiced concerns that changes to the U.K. GDPR risk threatening the EU adequacy decision.
The Labour data bill loosens restrictions on public interest data processing by introduction a new legal basis called “recognized legitimate interest,” under which controllers can skip administrative step of performing an assessment so long as they use the data for matters such as national security or safeguarding vulnerable individuals.
The bill further gives the Secretary of State the power to permit transfers of personal data to a third country or international organizations.
“I am concerned that the Secretary of State will be able to make changes to matters considered to be legitimate interests by regulation. It could also raise concerns with respect to the EU data adequacy points that I raised earlier,” said hereditary peer and political independent Richard Gilbey. “While the EU might be happy with what is currently proposed, the ability to change key aspects could raise alarm bells.
Labour life peer John Bassam further sought a guarantee from the U.K. government that the proposal will not put the “U.K. at risk during the 2025 assessment of data adequacy.”
The British government in May calculated that data-enabled trade between Britain and European states amounted to 161 billion pounds during 2022.
U.K. Information Commissioner John Edwards in a recent evaluation said the data use bill strikes a “positive balance” and that it does not present a “risk to the U.K.’s adequacy status.”
Risk of AI Bias
Lawmakers also raised similar concerns about the bill’s feature enabling automated decision-making, which they warned will result in increased generation of biased AI outcomes.
The bill proposes to allow automated decision-making by removing previous conditions such as obtaining consent from data subjects to process their data.
Given the increasing use of AI in the private sector, such a move could increase the risk of biased and discriminatory outcomes, said Liberal Democrat life peer Timothy Clement-Jones.
“The safeguards around automated decision-making, which exist only in data protection laws are more critical than ever,” Clement-Jones added.