Commons Sense

Hansard-based summaries and metrics

<-- Back to proposed bills

Data Protection and Digital Information (No. 2) Bill - Sitting 2 (Afternoon)

10 May 2023

Proposing MP
Philip Hollobone Con
Kettering
Type
Public Bill Committee

At a Glance

Issue Summary

The discussion focuses on the ease of accessing and sharing health data, the impact of the new definition of scientific research in the Bill, and contributions to designing provisions for pseudonymisation and consent. The statement discusses concerns about medical research and data sharing under the Data Protection and Digital Information (No. 2) Bill, addressing issues related to adequacy decisions, commercial exploitation, and patient risks. The statement is about thanking witnesses and moving on to the next panel in a discussion regarding the Data Protection and Digital Information (No. 2) Bill. Witnesses from the financial sector discuss the implications of the Data Protection and Digital Information Bill for their industry. The statement discusses the importance of extending consumer data rights beyond financial services to include savings, investments, and debt information, allowing consumers a more holistic view of their financial situation. The statement discusses the benefits and concerns related to smart data and digital identity in financial services, emphasizing the importance of consumer control over their personal data. The statement discusses the implications of the Data Protection and Digital Information (No. 2) Bill on digital identity verification services and their impact on hiring decisions. Philip Hollobone is welcoming witnesses Helen Hitching and Aimee Reed to give evidence before the Committee. The statement discusses the implications of changes to data protection requirements under the Data Protection and Digital Information (No. 2) Bill for law enforcement agencies, focusing on simplification and ease of data sharing. The discussion centres around the challenges and opportunities for data sharing between law enforcement agencies under current data protection laws. The statement discusses concerns about the impact of digital technology on workplace privacy, surveillance, and work-life balance, particularly in light of changes brought about by the pandemic. The statement discusses the impact of the Data Protection and Digital Information (No. 2) Bill on workers' rights and data protection. The statement addresses concerns over the Data Protection and Digital Information (No. 2) Bill, particularly regarding the impact of automated decisions and high-risk processes on employment relationships. The statement discusses concerns about the use of technology and data processing in the workplace, particularly focusing on transparency, explainability, and non-discrimination. The statement discusses concerns about data protection and consent in employment relationships, particularly regarding the use of AI technologies. Philip Hollobone is discussing the Data Protection and Digital Information (No. 2) Bill and its impact on transparency in government algorithmic decision-making. The statement discusses concerns regarding data protection legislation, specifically addressing whether the Data Protection and Digital Information Bill strikes the right balance between national security and human rights. Philip Hollobone, as chair of the committee, introduces Alex Lawrence-Archer from AWO to discuss the implications of the Data Protection and Digital Information Bill. The statement discusses concerns about the Data Protection and Digital Information Bill undermining individuals' rights and the age-appropriate design code for children. MP Philip Hollobone summarises the proceedings of a panel discussion on the Data Protection and Digital Information Bill.

Action Requested

No specific action is requested. The witnesses support the clarification provided by the Bill which helps private industry and other companies participate in research more effectively and reduces administrative churn in determining what constitutes legitimate research.

Key Facts

  • Jonathan Sellors is the general counsel of UK Biobank, a globally accessible clinical research resource with 500,000 participants.
  • Tom Schumacher works for Medtronic as chief data and privacy counsel, the world’s largest medical device maker with three manufacturing sites in the UK.
  • The new definition in the Bill helps clarify what constitutes scientific research, allowing private industry to participate more effectively.
  • The Bill takes a sensible approach by clarifying existing GDPR provisions without impacting EU adequacy.
  • Proper ethical approval from relevant ethics committees is required for research involving patient data.
  • De-identification of data is crucial to ensure that research does not link back to individual health information.
  • The session is moving from one panel of witnesses to another.
  • Harry Weber-Brown is the chief engagement officer at ZILO.
  • Phillip Mind is the director of digital technology and innovation at UK Finance.
  • The banking community supports the Bill's data protection reforms.
  • Open banking has over 7 million active customers.
  • Smart data initiatives extend an open data regime to other sectors.
  • Secondary legislation is imperative for ensuring firms use smart data schemes to the same standards.
  • Australia's approach to consumer data rights is seen as a model for others.
  • Extending data rights could provide consumers with a full view of their financial holdings and debt.
  • The UK's open banking standards have been successfully exported to other jurisdictions.
  • The trust framework is being developed by the Department for Science, Innovation and Technology.
  • Part 2 of the Bill outlines a certification regime for identity providers to ensure compliance with the trust framework policies.
  • Self-sovereign identity schemes are evolving, allowing consumers to control their data stored on blockchains.
  • Keith Rosser is the chair of the Better Hiring Institute.
  • Since 1 October, employers have been using digital identity verification services.
  • A study involving 70,000 hires showed that 83% opted for the digital identity route.
  • The digital identity process takes an average of three minutes and 30 seconds compared to a week without it.
  • Digital identity verification detected 200 cases of fraudulent documents out of 70,000.
  • Currently, nearly one in three companies providing DVSs are not certified.
  • Helen Hitching is the Chief Data Officer for the National Crime Agency.
  • Aimee Reed is the Director of Data at the Metropolitan Police Service and chair of the national police data board.
  • Police officers are required to log their justification under section 62 of the Data Protection Act 2018, which is a considerable burden due to outdated technology systems.
  • The Bill will list 'detecting, investigating or preventing crime' as a recognised legitimate interest, simplifying data rules and aiding serious crime tackling in the UK.
  • The new standard for international data sharing is 'not materially lower', ensuring protection levels are maintained.
  • The Biometrics Commissioner's focus on developing technology legally and consulting with the public will be retained post-regulation transfer to the Information Commissioner’s Office.
  • Aimee Reed states that clearer guidance would help enable better charging decisions within the Crown Prosecution Service.
  • Data sharing is constrained by the structure of the Data Protection Act, which splits regulations into sections, limiting cross-sectional data analytics.
  • The Bill will highlight how biometric data should be managed and future-proof new types of biometric data.
  • Andrew Pakes is a deputy general secretary and research lead for Prospect union, representing scientific, technical and professional workers.
  • Mary Towers leads a project at the TUC looking at AI in employment relationships.
  • The use of surveillance software and performance management technology has risen due to digital advancements and remote work during the pandemic.
  • The Bill is seen as potentially opening a backdoor for dodgy surveillance software into the UK market.
  • There are particular concerns about the reduction of powers around data protection impact assessments (DPIAs).
  • Trade unions argue that collective rights of workers, including data protection and consultation rights, could be reduced by the Bill.
  • The GDPR recognises high risk decisions impacting employment relationships.
  • Workers must be consulted directly or through representatives on matters affecting them.
  • Concern over employers using discretion to refuse data subject access requests under the new Bill.
  • The TUC has red lines regarding the use of workplace technologies, including transparency, explainability, and non-discrimination.
  • Discriminatory pay calculations may occur based on how long certain groups wait before accepting a gig.
  • Worker and union involvement is critical at each stage of AI development to prevent discrimination.
  • Around a third of members report being subject to digital monitoring or tracking.
  • A recent European Commission’s Joint Research Centre report found that 20% of German people and 35% of Spanish people are subject to algorithmic management systems.
  • Microsoft's productivity score feature was eventually withdrawn due to concerns.
  • The Government has a system with six reports of the use of automated decision-making technology in government.
  • The Public Law Project’s parallel register includes over 40 systems involving partly automated decisions about people.
  • Changes to subject access requests and data protection impact assessments are seen as problematic for transparency.
  • The Bill introduces altered regimes for national security certificates and derogation notices.
  • Under human rights law, interferences with data or privacy rights must be strictly necessary.
  • Safeguards in the bill are considered weak due to the Secretary of State's authority over publication of notices.
  • Alex Lawrence-Archer is a solicitor who litigates data rights cases at AWO.
  • The Bill aims to relax restrictions on automated decision making and alter the definition of personal data.
  • Current resolution times for basic data breaches can take up to 10 to 12 months under the current regime.
  • The age-appropriate design code was praised as a success but could be undermined by the Bill.
  • The Bill introduces grey areas that companies might exploit for less transparency in processing personal data.
  • Recognised legitimate interests under the new regime do not require balancing against data subjects' interests.
  • The session involved over four-and-a-half hours of evidence from 23 witnesses.
  • It was described as a 'masterclass' on topical data protection and digital information issues.
Assessment & feedback
Summary accuracy