MPs from all parties have expressed major concerns about the Government’s data reforms, with many claiming the proposed legislation does not go far enough in protecting consumers and others expressing doubts over how it will affect businesses.
During the debate on the second reading of the Data Protection & Digital Information (No.2) Bill, North West Hampshire Conservative MP Kit Malthouse, was the first to warn of an increased burden for firms.
He said: “Even a modest amount of tinkering instils a sense among British businesses, particularly small businesses, that they must put everyone back through the system, at enormous cost. Unless the Minister is very careful and very clear about the changes being made, she will create a whole new industry for the next two or three years, as every data controller in a small business – often doing this part time alongside their main job – has to be retrained.”
Meanwhile, Manchester Central Labour/Co-op MP Lucy Powell claimed that, despite the hype, the Bill fails to meet the modern day data protection demands.
She said: “Even since the Bill first appeared on the Order Paper last September, AI chatbots have become mainstream, TikTok has been fined for data breaches and banned from Government devices, and AI image generators have fooled the world into thinking that the Pope had a special papal puffer coat.
“The world, the economy, public services and the way we live and communicate are changing fast. Despite these revolutions, this data Bill does not rise to the challenges. Instead, it tweaks around the edges of GDPR, making an already dense set of privacy rules even more complex.
“In order to harness that potential, we need a Government who are on the pitch, setting the rules of the game and ensuring that the benefits of new advances are felt by all of us and not just by a handful of companies. The Prime Minister can tell us again how much he loves maths, but without taking the necessary steps to support the data and digital economy, his sums just do not add up.”
Powell insisted that in many areas, the Bill threatens to take us backwards. She explained: “First, it may threaten our ability to share data with the EU, which would be seriously bad for business. Given the astronomical cost to British businesses should data adequacy with the EU be lost, businesses and others are rightly looking for more reassurances that the Bill will not threaten these arrangements.
“Secondly, the complex new requirements in this 300-page Bill threaten to add more hurdles, rather than streamlining the process. Businesses have serious concerns that, having finally got their head around GDPR, they will now have to comply with both GDPR and all the new regulations in this Bill. That is not cutting red tape, in my view.
“Thirdly, the Bill undermines individual rights. Many of the areas in which the Bill moves away from GDPR threaten to reduce protection for citizens, making it harder to hold to account the big companies that process and sell our data. Subject access requests are being diluted, as the Government are handing more power to companies to refuse such requests on the grounds of being excessive or vexatious.
“They are tilting the rules in favour of the companies that are processing our data. Data protection impact assessments will no longer be needed, and protections against automated decision making are being weakened.”
Salford and Eccles Labour MP Rebecca Long Bailey added: “AlgorithmWatch explains that automated decision making is never neutral. Outputs are determined by the quality of the data that is put into the system, whether that data is fair or biased. Machine learning will propagate and enhance those differences, and unfortunately it already has. Is my hon. Friend concerned that the Bill removes important GDPR safeguards that protect the public from algorithmic bias and discrimination and, worse, provides Henry VIII powers that will allow the Secretary of State to make sweeping regulations on whether meaningful human intervention is required at all in these systems?”
Powell and Long Bailey were both backed by Barnsley East Labour MP Stephanie Peacock, who is shadow minister for science, innovation and technology. He said: “The Bill in its current form does not go far enough in actually achieving its aims. Its narrow approach and lack of clarity render it a missed opportunity to implement a truly innovative and progressive data regime. Indeed, in its current form many clarifications will be needed to reassure the public that their rights will not be weakened by the Bill while sweeping powers are awarded to the Secretary of State.”
Meanwhile, the SNP also raised concerns. Glasgow North West MP Carol Monaghan commented: “Despite the Government’s promises of reforms to empower people in the use of their data, the Bill instead threatens to undermine privacy and data protection. It potentially moves the UK away from the adequacy concept in the EU GDPR, and gives weight to the idea that different countries can maintain data protection standards in different but equally effective ways.
“The only way that we can properly maintain standards is by having a standard across the different trading partners, but the Bill risks creating a scenario where the data of EU citizens could be passed through the UK to countries with which the EU does not have an agreement. The changes are raising red flags in Europe. Many businesses have spoken out about the negative impacts of the Bill’s proposals. Many of them will continue to set their controls to EU standards and operate on EU terms to ensure that they can continue to trade there.”
Finally, Oxford West and Abingdon MP Layla Moran, who is the spokesperson for science, innovation and technology, said her party’s concerns fell into four main areas.
She explained: “[We believe] the Bill will undermine data rights; it will concentrate power with the Secretary of State – notwithstanding potential change in government, that is the sort of thing that Parliament needs to think about in the round, regardless of who is in power; the Bill will further complicate our relationship with Europe, as some have mentioned; and it sets a worrying precedent.
“I am deeply concerned that far from restoring confidence in data protection, the Bill sets a dangerous precedent for a future in which rights and safeguards are undermined. I have listened to what the Secretary of State has said. I sincerely hope that those safeguards that the Government want to keep in place will remain in place, but we should be listening to those third-party groups that have scrutinised this Bill in some detail. There are legitimate concerns that need to be addressed.”
However, as there is no vote on second readings, the Bill will now pass to the committee stage where it could see some major amendments. The Government is calling for written submissions from interested parties, with the first sitting of the Public Bill Committee expected to be on Wednesday May 10. The committee is scheduled to report by Tuesday June 13.
Govt urged to beef up data bill to fight ‘horrific’ adtech
Data reform law ‘on track’ to be passed by the autumn
£4.7bn data reform cost savings branded pie in the sky
ICO appeals Experian ruling; ‘Tribunal got law wrong’
Experian ruling: ‘Industry can keep calm and carry on’
Experian claims victory as Tribunal blasts ‘flawed’ ICO
Privacy organisations fume at ‘weakened data laws’
It was us wot won it: DMA claims Data Bill success
Govt keeps ‘best of GDPR’ as data reforms are revised
Where will we be in 2023… with data privacy reform?