The Data Grab Bill attacks our data rights
ORG sent an urgent open letter to Michelle Donelan MP, the Secretary of State for the new Department of Science, Innovation and Technology. The letter, signed by 26 civil society groups representing a range of sectors, lays out key concerns about the government’s planned data protection reforms.
A dangerous path
Politico reported that the government intends to bring back the Data Protection and Digital Information (DPDI) Bill, after months of delays, internal civil service confusion, and strong civil society and business opposition. In a misguided attempt to demonstrate the benefits of post-Brexit freedoms, the UK government is setting the country on a dangerous path to further economic instability and the erosion of fundamental rights.
The DPDI Bill will weaken data subjects’ rights, water down accountability requirements, reduce the independence of the Information Commissioner’s Office (ICO), and empower the Secretary of State with undemocratic controls over data protection. Our letter focused on several key areas of concern, including:
- Changes to Data Protection Impact Assessments that remove the requirement to consult with data subjects who are affected by high risk processing.
- Lowering the threshold for organisations to refuse a Subject Access Request.
- New government powers to create additional legitimate grounds for processing data and a new list of exemptions from the purpose limitation principle (all without meaningful parliamentary scrutiny and little regard for the impact on individuals rights).
- New government powers to issue instructions and interfere with the ICO, the UK’s data protection regulator that plays a key role in the oversight of the government’s use of data.
- New government powers to approve international data transfers with little regard to the existence of enforceable rights and effective remedies. This change would allow the government to approve international data transfers to countries where data protection is limited and national security bodies operate with little data protection oversight.
An urgent call for reconsideration
Though imperfect, the current UK GDPR is one of the strongest data protection laws in the world. While public attitudes and global policy are trending towards stronger data protections, the UK government is attempting to regress. Strong data protection laws provide critical tools for civil society and individuals to protect themselves and hold organisations to account in a data ecosystem where all the power is skewed towards governments and corporations.
Our letter sounds an urgent call for the government to reconsider its undemocratic proposals. The Department of Science, Innovation, and Technology must bring data protection reform back to the design stage and ensure that data protection experts, civil society and ordinary citizens are thoroughly consulted, to avoid another Bill based on unsubstantiated evidence and a lopsided consultation process.