Data Protection

Lord Davies of Brixton Excerpts
Thursday 23rd March 2023

(1 year, 9 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Asked by
Lord Davies of Brixton Portrait Lord Davies of Brixton
- Hansard - -

To ask His Majesty’s Government when they intend to introduce legislation on the United Kingdom’s data protection framework.

Viscount Camrose Portrait The Parliamentary Under-Secretary of State, Department for Science, Innovation and Technology (Viscount Camrose) (Con)
- View Speech - Hansard - - - Excerpts

My Lords, the Data Protection and Digital Information (No. 2) Bill was introduced to Parliament on 8 March. It seizes our post-Brexit opportunity to create a new UK data rights regime. It will now be subject to the usual parliamentary processes, starting with Second Reading in the other place, the date for which will be announced in due course.

Lord Davies of Brixton Portrait Lord Davies of Brixton (Lab)
- View Speech - Hansard - -

I first welcome the Minister to his new role on the Front Bench, particularly given his undoubted expertise. However, I must ask him whether he understands the concerns of many at the proposal to allow NHS data to be uploaded to a data system based on tech from Palantir—of Cambridge Analytica infamy—that will offer inadequate data protection to patients? These concerns have only been increased by the Secretary of State’s claim that one of the purposes of the Bill is to give organisations greater confidence about the circumstances

“in which they can process personal data without consent.”

In other words, the Bill will reduce protection to individuals, not increase it, with one result being that some people will not seek the medical attention that they require.

Viscount Camrose Portrait Viscount Camrose (Con)
- View Speech - Hansard - - - Excerpts

I thank the noble Lord for his question. My first observation is that Palantir is a very good illustration of some of the new technology providers we are seeing, because the value it was able to provide and demonstrate is very great. However, the perfectly legitimate concerns about data privacy are, none the less, equally great. Any organisation operating in the UK or processing the personal data of people in the UK must comply with our strong and internationally renowned data protection laws, and those laws set out robust penalties for those who do not, including, as necessary, Palantir. Lastly, with respect to the Secretary of State’s remarks, the intention is by no means to reduce the requirement for data protection, merely in some cases to make it more straightforward to demonstrate that the requirements are being met.