Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 Debate
Full Debate: Read Full DebateBaroness Fox of Buckley
Main Page: Baroness Fox of Buckley (Non-affiliated - Life peer)Department Debates - View all Baroness Fox of Buckley's debates with the Department for Digital, Culture, Media & Sport
(4 years ago)
Grand CommitteeTo the noble Baroness, Lady Barran, I say that I am hoping that the Government use the opportunity of leaving the EU to review, from scratch, after this SI, some of the laws associated with data protection. I want to emphasise the privacy aspect of data, which I think is hugely important and not without challenges.
When the EU’s GDPR law was introduced in the UK, supposedly to protect individuals’ data and privacy from exploitation by big government, big tech and big corporates, it managed to become a universally hated piece of legislation on the ground, and privacy issues ended up being drowned out by bureaucracy and rules. As the noble Lord, Lord Vaizey, reminded us, the original catalyst for the new GDPR laws was the 2013 Edward Snowden leaks, which revealed that citizens all over the US and Europe had been caught up in the illiberal harvesting activities of the US intelligence services. Many of us were rightly horrified by the US authorities’ invasion of users’ privacy.
However, the reaction to this government state overreach was, ironically, to give the state regulators a whole new set of legalistic and bureaucratic powers, like so much of Brussels law-making. I do not think this has helped. However well intentioned, GDPR data protection has become a barrier to communication, rather than a protector of privacy. If you talk to people in universities, charities or small business, and even medical practitioners, you find they just cannot contact anyone unless they find the record of them having given explicit consent to receiving emails in their backlog. It has all become a bit of a nightmare. It has placed huge burdens on small charities, arts organisations and church groups, which are dependent on databases to raise funds and their profiles. Anyone who breaches the rules is threatened with scarily huge fines. Obviously, that frightens people, and I do not think the GDPR rules are fit for purpose, but, of course, big tech and big corporates can afford to get round those fines, employ lawyers who will exploit loopholes, and so on.
I make this complaint not to underplay the importance of digital privacy but as a plea for sensible data-protection rules moving forward, which will safeguard individual freedom and allow small organisations to competitively accrue data to survive. I am also concerned that there is a real problem in relation to a broader climate of compromising privacy. I note that NHS Test and Trace initially broke GDPR rules, which no doubt damaged the public’s confidence in its appropriate and secure use of data. I am also looking for some reassurance from the Minister that the sort of state surveillance, data collection and data sharing being used in this pandemic, which is short term and should be extraordinary, will not be sold to the public in the future as the new normal. I also have some concerns that, as we speak, the Government are encouraging big tech to breach users’ privacy by demanding that it monitors the communications et cetera of its users, and even censors misinformation. Therefore, the Government are strengthening big tech’s authority and giving it the authority to breach data privacy.
Furthermore, did noble Lords note, earlier this month, that there was a draft resolution from the EU Council to weaken end-to-end encryption—E2EE—putting the likes of WhatsApp under pressure to implement back doors for security services and law enforcement to have access to private communications? Obviously, we are not in the EU now, so the UK can ignore this illiberal proposal but, again, can the noble Baroness reassure me that the Government are not tempted to cite national security and law enforcement to breach privacy? I note the dismay among international journalists, which is just one group who are worried that their data will be used to compromise their professional work and privacy.
Finally, frankly, I worry about a more informal disdain for privacy. I am somewhat dismayed by the number of leaks emanating from the heart of Westminster. WhatsApp, texts, private meetings among colleagues all end up in the public realm or newspapers. This does not show any real regard for private communications. When considering online privacy and data, it is important that we protect private data and encrypted messages, whether from cybercriminals, hackers, oppressive regimes, big tech, big government or even the wrong kind of laws. Actually, this is less about laws and more about having a public debate, establishing that privacy is an important civil liberty, and we should not let the rules get in the way of that discussion.