House of Lords debates the UK’s new Data Bill
The House of Lords gave its 2nd Reading of the Data (Use and Access) Bill 2024 on 19 November. The following brief summary records the most relevant points for the Privacy Laws & Business Community.
Baroness Jones, the Minister for Business and Trade and for Science, Innovation and Technology, introduced the Bill by setting the context. She said “…the UK data economy was estimated to represent 6.9% of UK GDP. Data-enabled UK service exports accounted for 85% of total service exports, estimated to be worth £259 billion…”
She continued “The first three parts are focused on growing the economy. First, we will create the right conditions to set up future smart data schemes. These models allow consumers and businesses to safely share information about themselves with authorised third parties, which can then in turn offer innovative uses, such as personalised market comparisons and financial advice.”
“In Part 2, the Bill will legislate on digital verification services, meaning that organisations will be able to receive a trust mark if they are approved as meeting the stringent requirements in the trust framework and appear on the government register.”
“Part 5 is specifically about data protection and privacy,.. We have removed previous measures watering down the accountability framework, along with other measures that risked protections…”
The central part of her speech was about AI on which she said “Organisations are not confident about when they can make solely automated decisions, nor about what safeguards apply and when. We suffer when this leads to hollow attempts at token human involvement to try to move the goalposts.
The Bill will fix these issues. It writes the safeguards much more clearly. You will have the right to be told about a decision, the right to human intervention, and the right to make representations about it. It specifically provides that human involvement must be meaningful or else it does not count.”
Part 6 is on the regulator: the new Information Commission. She continued “This is a new-look regulator—modernised, with clear strategic direction and stronger powers, and still independent. We will bring the Information Commission in line with regulatory best practice, increase accountability, and enable greater transparency for organisations and the public. It will be empowered to engage effectively with the increasingly complex opportunities and challenges we see in the use of personal data, as well as to ensure high data protection standards and increased public trust.”
The minister sought to reassure privacy advocates who had suggested that the Bill would undermine the independence of the ICO by declaring “The Government have worked closely with the ICO on these reforms, and the commissioner noted in his response to the Bill that these changes ‘will significantly improve the ICO’s ability to function effectively’ and the ‘refreshed governance arrangements will maintain our independence and enhance our accountability’.”
“Part 7 includes other provisions about the use of or access to data. Clauses on NHS information standards will create consistency across IT systems to enable data sharing. …These measures will also improve patient safety; for example, by allowing authorised medical staff to access patient data to provide care in emergencies….”
“Part 7 also includes measures on online safety research, laying the groundwork for crucial research into online harms to help us learn and adapt, to keep the internet safe.”
Privacy Laws & Business has organised a Briefing by the Team who drafted the Bill on Monday 25th November in cooperation with, and hosted by, Linklaters.