Yet another UK government seeks to reform GDPR
- Reference: 1729775415
- News link: https://www.theregister.co.uk/2024/10/24/uk_proposes_new_data_law/
- Source link:
Critics, on the other hand, have said the legislation could affect current privacy protections, allow automated decision-making that affects people's livelihoods, and potentially scrap safeguards for patient data.
Introduced in the House of Lords yesterday, the Data Use and Access Bill targets better efficiency in the National Health Service (NHS), the police force, and businesses with the new regime.
[1]
Technology minister Peter Kyle said: "Data is the DNA of modern life and quietly drives every aspect of our society and economy without us even noticing – from our NHS treatments and social interactions to our business and banking transactions.
[2]
[3]
"With laws that help us to use data securely and effectively, this Bill will help us boost the UK's economy, free up vital time for our front-line workers, and relieve people from unnecessary admin so that they can get on with their lives."
The Bill proposes a number of changes to UK GDPR, the legislation the UK retained from the EU's GDPR after Brexit. UK GDPR sits alongside an amended version of the Data Protection Act 2018, which previously enacted EU law.
[4]
The changes proposed to UK GDPR are unlikely to be sufficient to merit changes to data sharing arrangements with the EU, the UK's largest trading partner, legal experts have said.
Greg Palmer, partner at law firm Linklaters, said: "The new Data Use and Access Bill builds on a number of concepts in the reform proposals of the previous government, whilst removing some of the perceived passion for reform of data protection for its own sake.
"This will be welcomed by UK business as it avoids unnecessary divergence from the EU data protection regime and reduces the risk of the EU deciding the UK is not an 'adequate' jurisdiction for transfers of personal data."
Legislation would require IT suppliers for the health and care sector to ensure their systems meet common standards
In 2021, the EU gave the UK [5]an "adequacy" ruling allowing data sharing between the two jurisdictions. The judgment remains under review. Earlier this week, a [6]cross-party committee of the House of Lords said businesses and organizations such as the NHS would be hit by "significant" extra costs and red tape if the UK loses the right to exchange citizens' personal data seamlessly with the EU.
[7]NHS would be hit by 'significant' costs if UK loses EU data status, warn Lords
[8]US moves ahead with crackdown on data brokers selling to six 'countries of concern'
[9]Gary Marcus proposes generative AI boycott to push for regulation, tame Silicon Valley
[10]UK Regulatory Innovation Office vows to slash red tape – but we've heard it all before
However, privacy campaign groups argued the Bill reproduced many of what they see as the worst ideas contained in the [11]previous Conservative government's proposed Data Protection and Digital Information Bill , which failed to pass into law before the July general election.
Open Rights Group legal and policy officer Mariano delli Santi said: "Strong data protection laws are an essential line of defense against harmful AI and automated decision-making systems which can be used to make life-changing decisions.
[12]
"The Data Use and Access Bill weakens our rights and gives companies and organizations more powers to use automated decisions. This is of particular concern in areas of policing, welfare and immigration where life-changing decisions could be made without human review."
Sam Smith, coordinator at health privacy campaign group medConfidential, said: "Giveaways to the Tory right are all still there, but there are no safeguards on patient data in the Bill – not cast-iron, not even lukewarm jelly safeguards."
The government claimed the new bill would provide a £10 billion ($13 billion) boost to the economy, free up 1.5 million hours of police time and 140,000 staff hours for the NHS every year.
It said "vital safeguards" would remain in place to track and monitor how personal data is used.
It said the legislation would require IT suppliers for the health and care sector to ensure their systems meet common standards to enable data sharing across platforms. ®
Get our [13]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZxpvKSqfLBQIO550D_9sswAAARI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZxpvKSqfLBQIO550D_9sswAAARI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZxpvKSqfLBQIO550D_9sswAAARI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZxpvKSqfLBQIO550D_9sswAAARI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2021/06/22/uk_eu_data_sharing_adequacy
[6] https://www.theregister.com/2024/10/23/uk_eu_data_adequacy/
[7] https://www.theregister.com/2024/10/23/uk_eu_data_adequacy/
[8] https://www.theregister.com/2024/10/21/us_crackdown_data_brokers/
[9] https://www.theregister.com/2024/10/21/gary_marcus_ai_interview/
[10] https://www.theregister.com/2024/10/09/uk_regulatory_innovation_office/
[11] https://www.theregister.com/2023/05/19/dpib_2_surveillance_oversight/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZxpvKSqfLBQIO550D_9sswAAARI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[13] https://whitepapers.theregister.com/
Re: Tory-Lite
Not so much Tory-Lite, more Old School Labour. They have form on this. Next up, ID cards, no doubt.
Re: Tory-Lite
Old School New Labour.
Insufficient
" It said "vital safeguards" would remain in place to track and monitor how personal data is used "
The primary purpose of the GDPR was not just to allow monitoring of how personal data is used, but to provide data subjects with control over by whom and how their personal data is used (and by far not just in the context of automated decision making). This was essentially sidestepped in the fortuitously aborted Data Protection and Digital Information Bill, and the same would appear to be the case in this bill. The problem is that abusing folks' personal data rights is so profitable.
It's worth noting that the GDPR is not data law -- it's human rights law in respect of personal data, but I have it on official record that the UK govt (the last one at least) consider UK data protection law to be data law, not human rights law. Doesn't that say everything?
Re: Insufficient
> It's worth noting that the GDPR is not data law -- it's human rights law in respect of personal data
A Northern Ireland-specific perspective: https://nihrc.org/publication/detail/nihrc-briefing-on-the-data-protection-and-digital-information-bill
"2.8 that, as a fundamental right, the right to personal data protection would fall within the scope of “civil rights” under the Belfast (Good Friday) Agreement. Further, as an essential element of the right to respect for private and family life in Article 8 ECHR, any right to personal data protection afforded by EU law, by which the UK was bound on 31 December 2020, falls within the scope of the non-diminution commitment in Windsor Framework Article 2."
Re: Insufficient
A [1]recent article in The Guardian claimed that UK Biobank data had been misused for unauthorised "fringe" research. UK Biobank in turn [2]refuted the claim .
Whether it's true or not, the last lines of defence against misuse are the contractual terms between the various parties, which cannot put the genie back in the bottle, but volunteers donate their data knowing this (or they at least should know this). I think it's rather a different matter when people are having their data confiscated without their agreement given that any privacy breach is a one way street.
[1] https://www.theguardian.com/world/2024/oct/17/race-science-group-say-they-accessed-sensitive-uk-health-data
[2] https://www.digitalhealth.net/2024/10/uk-biobank-refutes-claim-that-race-science-group-accessed-data/
What more do you need to know, to know they are just spouting and shovelling BullShit
The government claimed the new bill would provide a £10 billion ($13 billion) boost to the economy, free up 1.5 million hours of police time and 140,000 staff hours for the NHS every year.
Four questions to ask yourself and honestly answer ......
1) .... When ever has the government delivered on their claims which in turns can be termed as an earnest promise which then easily defaults and morphs into just an aspiration?
2) .....Why do you keep falling for such serial claptrap and eat that shit?
3) .....Do you like it?
4) .....Does it satisfy you?
Government speak with forked tongue, Kemosabe. Promise to deliver the moon and the sun and the stars, whilst in the shadows and behind veils of dank darkness, do they pillage and steal to destroy dreams.
"Data is the DNA of modern life"
Odd analogy. DNA if anything is meta-data. Its the schema that controls how we are built.
But I'm sure that's the least we have to worry about where this govt is concerned...
plus ça change, plus c'est la même chose
The more UK Governments Change, the more they stay the Same.
Tory-Lite
"The Data Use and Access Bill weakens our rights and gives companies and organizations more powers to use automated decisions"
Yes, indeedy. Meet the new boss - same as the old boss.