(8 months, 1 week ago)
Grand CommitteeMy Lords, I will speak to Amendment 115 in my name. I start by saying a huge thanks to the noble Lord, Lord Clement-Jones, and my noble friend Lord Kirkhope, who have put everything so well and persuasively that I have almost nothing else to say in support. I am looking forward to the Minister throwing in the towel and accepting all the measures as suggested. Noble Lords have really landed it well.
I shall not go through the principle behind my amendment because, frankly, its benefit is so self-evident and clear that it does not need to be rehearsed in great detail. What I want to get across is the absolute and paramount urgency of the Government adopting this measure or a similar one. This is a terrific Bill; I thank the Minister for all the work that he and his team have done on it. I sat through Second Reading, although I did not speak on that day, when the Minister gave a persuasive account of the Bill; we are grateful for that.
However, this is a massive gap. It is a huge lacuna in the provisions of a Bill called a data protection Bill. It is a well-known gap in British legislation—and, by the way, in the legislation of lots of other countries. We could try to wait for an international settlement—some kind of Bretton Woods of data—where all the countries of the world put their heads together and try to hammer out an international agreement on data. That would be a wonderful thing but there is no prospect whatever of it in sight, so the time has come for countries to start looking at their own unilateral arrangements on the international transfer of data.
We have sought to duck this commitment by stringing together a Heath Robinson set of arrangements around transfer risk arrestments and bilateral agreements with countries. This has worked to some extent—at least to the extent that there is a booming industry around data. We should not diminish that achievement but there are massive gaps and huge liabilities in that arrangement, as my noble friend Lord Kirkhope rightly described, particularly now that we are living in a new, polarised world where countries of concern deliberately seek to harvest our data for their own security needs.
There are three reasons why this has become not just a chronic issue that could perhaps be kicked down the road a bit but an acute issue that should be dealt with immediately in the Bill’s provisions. The first, which my noble friend hinted at, is the massive flood of new data coming our way. I had the privilege of having a look at a BYD car. It was absolutely awesome and, by the way, phenomenally cheap; if the Chinese taxpayer is okay with subsidising our cars, I would highly recommend them to everyone here. One feature of the car is a camera on the dashboard that looks straight at the driver’s face, including their emotional resonance; for instance, if you look weary, it will prompt you to stop and have a coffee. That is a lovely feature but it is also mapping your face for hours and hours every year and, potentially, conveying that information to the algorithmic artificial intelligence run by the CCP in China—something that causes me huge personal concern. Lady Kirkhope may be worried about her fridge but I am very worried about my potential car. I embrace the huge global growth of data exchanges and technology’s benefits for citizens, taxpayers and voters, but this must be done in a well-curated field. The internet of things, which, as many noble Lords will know, was invented by Charlie Parsons, is another aspect of this.
Secondly, the kind of data being exchanged is becoming increasingly sensitive. I have mentioned the video in the BYD car; genomics data is another area of grave concern. I have an associate fellowship at King’s College London’s Department of War Studies, looking specifically at bioweapons and the transfer of genomic data. Some of this is on the horizon; it is not of immediate use from a strategic and national security point of view today but the idea that there could be, as in a James Bond film, some way of targeting individuals with poisons based on their genomic make-up is not beyond imagination.
The idea that you could create generalised bioweapons around genomics or seek to influence people based in part on insight derived from their genomic information is definitely on the horizon. We know that because China is doing some of this already; in the west of China, it is able to identify members of the Uighur tribes. In fact, China can say to someone, “We’re calling you up because we know that you’re the cousin of someone who is in prison today”, and this has happened. How does China know that? It has done it through the genomic tracking in its databases. China’s domestic use of data, through the social checking of genomic data and financial transactions, is a very clear precedent for the kinds of things that could be applied to the data that we are sharing with such countries.
Thirdly, there is the sensitivity of what uses the data is being put to. The geopolitics of the world are changing considerably. We now have what the Americans call countries of concern that are going out of their way to harvest and collect data on our populations. It is a stated element of their national mission to acquire data that could be used for national security purposes. These are today’s rivals but, potentially, tomorrow’s enemies.
For those three reasons, I very much urge the Minister to think about ways in which provisions on the international transfer of data could be added to the Bill. Other countries are certainly looking at the same; on 28 February this year, President Biden issued executive order 14117, which in many ways echoes the themes of our Amendment 115. It says clearly that there is an “unacceptable risk” to US national security from the large sharing of data across borders and asks the DoJ to publish a “countries of concern” list. That list has already been published and the countries on it are as the Committee would expect. It also seeks to define priority data. In other words, it is a proportionate, thoughtful and sensible set of measures to try to bring some kind of guard-rail to an industry where data transfer is clearly of grave concern to Americans. It looks particularly at genomic and financial transaction data but it has the capacity to be a little broader.
I urge the Minister to consider that this is now the time for unilateral action by the British Government. As my noble friend Lord Kirkhope said, if we do not do that, we may find ourselves being left behind by the EU, including the Irish, by the Americans and so on. There is an important spill-over effect from Britain acting sensibly that will do something to inspire and prod others into action. It is totally inappropriate to continue this pretence that British citizens are having their data suitably protected by the kind of commercial contracts that they are signing, which have no kind of redress or legal standing in the country of destination.
Lastly, the commercial point is very important. For those of us who seek to champion an open, global internet and a free flow of data while facilitating investment in that important trade, we must curate and care for it in a way that instils trust and responsibility, otherwise the whole thing will be blown up and people will start pulling wires out of the back of machines.
My Lords, I am very grateful to the noble Lords, Lord Clement-Jones, Lord Bethell and Lord Kirkhope, for tabling these amendments and for enabling us to have a good debate on the robustness of the proposed international data rules, which are set out in Schedules 5 and 7. Incidentally, I do not share the enthusiasm expressed by the noble Lord, Lord Bethell, for the rest of the Bill, but on this issue we are in agreement—and perhaps the other issues are for debate some other time.