Data Protection Debate
Full Debate: Read Full DebateLord Davies of Brixton
Main Page: Lord Davies of Brixton (Labour - Life peer)Department Debates - View all Lord Davies of Brixton's debates with the Department for Science, Innovation & Technology
(1 year, 9 months ago)
Lords ChamberTo ask His Majesty’s Government when they intend to introduce legislation on the United Kingdom’s data protection framework.
My Lords, the Data Protection and Digital Information (No. 2) Bill was introduced to Parliament on 8 March. It seizes our post-Brexit opportunity to create a new UK data rights regime. It will now be subject to the usual parliamentary processes, starting with Second Reading in the other place, the date for which will be announced in due course.
I first welcome the Minister to his new role on the Front Bench, particularly given his undoubted expertise. However, I must ask him whether he understands the concerns of many at the proposal to allow NHS data to be uploaded to a data system based on tech from Palantir—of Cambridge Analytica infamy—that will offer inadequate data protection to patients? These concerns have only been increased by the Secretary of State’s claim that one of the purposes of the Bill is to give organisations greater confidence about the circumstances
“in which they can process personal data without consent.”
In other words, the Bill will reduce protection to individuals, not increase it, with one result being that some people will not seek the medical attention that they require.
I thank the noble Lord for his question. My first observation is that Palantir is a very good illustration of some of the new technology providers we are seeing, because the value it was able to provide and demonstrate is very great. However, the perfectly legitimate concerns about data privacy are, none the less, equally great. Any organisation operating in the UK or processing the personal data of people in the UK must comply with our strong and internationally renowned data protection laws, and those laws set out robust penalties for those who do not, including, as necessary, Palantir. Lastly, with respect to the Secretary of State’s remarks, the intention is by no means to reduce the requirement for data protection, merely in some cases to make it more straightforward to demonstrate that the requirements are being met.