Data (Use and Access) Bill [HL] Debate

Full Debate: Read Full Debate
Department: Department for Business and Trade
Lord Markham Portrait Lord Markham (Con)
- View Speech - Hansard - -

My Lords, I welcome the opportunity to speak on this important matter. I am especially grateful to the noble Baroness, Lady Jones of Whitchurch, for her engagement so far with me and my noble friend Lord Camrose, which has been truly helpful with this technically complex Bill. I thank in advance the other speakers and keenly look forward to hearing their—I hope—lucid and insightful commentary on the content of the Bill.

This is a wide-ranging Bill which affects a wide range of policy issues. If well executed, it could bring substantial benefits to individuals and businesses, much like the previous Conservative Government’s Bill, which was so ably championed by my noble friend Lord Camrose. However, if poorly executed, the Bill may result in data vulnerabilities for both individuals and the country as a whole.

We on these Benches are delighted that the Government are taking forward the bulk of the provisions and concepts set out by the previous Conservative Government, in particular the introduction of a national underground asset register, which will make construction and repairs more efficient, reduce the cost and inconvenience of roadworks and, most importantly, make work safer for construction workers; giving Ofcom the ability, when notified by the coroner, to demand that online service providers retain data in the event of a child’s death; reforming and modernising the Information Commissioner’s Office; introducing a centralised digital ID verification framework; allowing law enforcement bodies to make greater use of biometric data for counterterrorism purposes; and—particularly close to my heart—setting data standards in areas such as health to allow the sharing of data and its use for research and AI. All these provisions are necessary and will provide tangible benefits to the people of the UK. Indeed, the data economy is crucial. As the Government have rightly said, it has the potential to add billions in value to the UK economy through opportunities and efficiencies.

Therefore, noble Lords will find in us a largely supportive Opposition on this Bill, working constructively to get it through Parliament. However, we on these Benches have some concerns about the Bill, and I am keen to hear the Minister’s response on a number of points.

Many small and medium-sized enterprises control low-risk personal data. Although they must of course take careful measures to manage customer data, many simply do not have the resources to hire or train a data protection officer, particularly with the Government’s recent decision to increase burdens on employer NI. We have concerns that the Bill will disproportionately add to the weight of the requirements on those businesses, without greatly advancing the cause of personal privacy. We should free those SMEs—the bedrock of our economy —from following the same demanding data protection requirements as larger, better-resourced enterprises, which carry far greater risks to personal privacy. We need to allow them to concentrate on running a profitable business rather than jumping through myriad bureaucratic data protection hoops over data that, in many cases, presents little risk to privacy. In short, we need those businesses to be wisely careful but not necessarily hyper-careful.

Many of the Bill’s clauses allow or require mass digitisation of data by the public sector, such as the registers of births and deaths. These measures will improve efficiency and, therefore, save money—something that I think we can all agree is necessary. However, the more data is digitised, the more we present a tempting attack surface to hackers—thieves who steal data for profit by sale on the dark web, ransom or both. Do the Government intend to bring forward legislation that will set out improved cybersecurity recruitments for public bodies that will, because of the Bill, rapidly digitise their datasets? Furthermore, if the Government intend to bring forward additional cybersecurity measures, when do they intend to do so? Any time lag leaves public bodies and the people’s data they control vulnerable to those with malicious intent.

Building on this point, the Bill will also see a rapid increase in the digitisation and sharing of high-risk data across the public and private sectors. There will, for example, be an increase in high-risk data sharing between the NHS and adult social care providers in communities, and a range of private sector companies handling identification data to create a digital ID. Again, the more high-risk data is used, transferred or created, the greater the incentive for hackers to target organisations and bodies. Therefore, I must ask the Minister whether and when the Government intend to bring forward additional cybersecurity measures for public bodies, large businesses, and the minority of SMEs that will handle high-risk data.

Introducing a national underground asset register, or NUAR, will lead to significant benefits for people and developers alike. It will substantially reduce the risk of striking underground infrastructure during development or repairs. This will not only speed up developments and repairs but reduce costs and the risks posed to construction workers. However, having a centralised register of all underground assets, including critical infrastructure, may result in a heightened terror risk. I know this Government, like the previous one, will have devoted considerable thought to this grave risk, and I hope the Minister will set out some of the Government’s approach to mitigating it. In short, how do they intend to ensure the security of NUAR so that there can be no possibility of unauthorised access to our critical infrastructure?

We on this Bench support the Government’s position on automated decision-making, or ADM. It can rapidly increase the speed at which commercial decisions are taken, thus resulting in an increase in sales and profit, improvements to productivity and a better customer experience. AI will be the key underlying technology of almost all ADM. The vast quantity of data and the unfathomable complexity of the algorithms mean that we have to address the AI risks of bias, unfairness, inaccuracy and loss of human agency. Therefore, I think it is wise that we consider amending this Bill to put some of the use of AI in this context on a statutory footing. I hope that the Minister will share the Government’s thoughts on this matter, and I am confident that colleagues across the House will have strong views too.

I end by outlining the opportunities for setting standards for health data. As Health Minister, I would often wax lyrical on how we have the best data in the world, with our ability to link primary and secondary care data with genomic, optical and myriad other data sources going back decades. Add to this the large heterogeneous population and you have, without doubt, the best source of health data in the world. I firmly believe that by setting the data standards we can build in the UK the foundations for a Silicon Valley for the life sciences, which would be a massive benefit to patients, the NHS and the UK economy overall.

We on this Bench largely welcome the Bill, not least because it retains many of the concepts from the previous Conservative Government’s Bill. However, there are important matters that deserve our attention. I look forward to hearing today the views of noble Lords across the House to enable the productive passage of the Bill.