Data Protection and Digital Information Bill

Baroness Uddin Excerpts
Baroness Uddin Portrait Baroness Uddin (Non-Afl)
- View Speech - Hansard - -

My Lords, it is a real privilege to follow the noble Lord, Lord Holmes. I hope that the Government will learn from his wisdom. I congratulate the noble Lord, Lord de Clifford; I am glad that his family was here to witness his powerful contribution.

I support the Government’s laudable aim to make the UK the most innovative society in the world of science and technology. I wish to record my gratitude for the many briefings provided to us by the Library, the 5Rights Foundation, Big Brother Watch, CRISP and Marie Curie, among many other notable organisations and individuals. The Government make sweeping assurances that this legislation is based on their commitment to all citizens enjoying access to a fair, inclusive and trustworthy digital environment. It is grounded in the hopes that an algorithmic system would be designed to protect people from harm and from unsafe, unaccountable surveillance, with public involvement in its development, ensuring adequate safeguards as well as improved skills and information literacy. That really describes the mouthful of different aspects of the Bill.

Every part of our life is determined by some form of digitalisation, not least via our devices; they are an ever-present reminder, if any were required, of the interconnectedness of our existence at home and across the globe. We are living through an exponential rise in social media information alongside the extraordinary growth of technologies’ surveillance capacity. It is sometimes impossible to differentiate truth and reality in the mass of content across multiple platforms, and thus an assurance of public safeguarding within fast-moving technologies may not be achievable quite as easily as the Government suggest. Experts are consistently warning us of yet uncharted harm in the advent of AI-driven technology, causing legitimate concerns for civic society organisations.

So where does an ordinary citizen turn to if they get caught up in some of the Bill’s punitive measures? As has been stated by noble Lords, contradicting progress made in this House, the Bill will provide the Government with yet more unprecedented powers, which will evidently result in the limiting of and infringement on citizens’ rights to privacy; this was detailed powerfully by the noble Lord, Lord Sikka. The Bill is complex and has a broad spectrum of remits that will impact every aspect of our lives: in the home, at work and outside. Time will not permit us all to consider adequately the questions and concerns raised by many well-respected organisations; we in this Parliament are therefore obliged to all our citizens to ensure that our legislation is not immune to proper scrutiny.

Noteworthy parts of the Bill that cause concern include those regarding the safeguarding of children’s well-being. I thank the 5Rights Foundation for its briefing and agree that the Bill’s proposed changes to the UK’s data protection regime risk eroding the high level of privacy that children currently have a right to, making them less safe online. My noble friend Lady Kidron raised these matters thoroughly with her usual expertise; I absolutely agree that children’s safety cannot be designed to maximise economic benefits and add my voice to her call that the Government must keep their promise to bereaved families and ensure that children continue to be given heightened levels of data protection.

This leads me on to the matter of data collection, including how data is stored and shared with external organisations. In this context, there must be absolute commitment from the Government to preserving the integrity of our personal data. Without informed consent, organisations and institutions should not and cannot be allowed to access personal information by assuming consent.

We know that huge datasets are gathered by law enforcement, our NHS, welfare and financial services, alongside local authorities for voter registration purposes. The Data and Marketing Association, representing around 700 companies, including charities and commercial brands, suggests that Clauses 114 and 115, on the new exemption for direct marketing used for democratic engagement, could be open to abuse. While recognising that an open electoral register has been an important resource for business and charities for verification of addresses, it has also been used for direct business marketing, as has been stated.

Any amendments to this aspect of the Bill must not be on the assumption that, if a person does not opt out, she or he is fully cognisant of giving automatic consent for data sharing. I do not accept that this is well known to and understood by the millions of elderly and vulnerable people who do not opt out, or that they do so knowingly. It is our duty to empower all citizens, not just those who can readily access and are confident in this rapidly expanding digital environment. Noting the Minister’s comment on co-designing the Bill with stakeholders, will he give an assurance that partners included advocacy and civil rights organisations?

Clause 9 would give public authorities and other bodies wider scope to refuse subject access requests, making it more difficult for people to find out what information about them is being held and how it is being used. Clause 9 should not have a place in this legislation.

Clause 20 would water down requirements to carry out a proper impact assessment. This means that in many cases, organisations and businesses, including local authorities processing data, will not have to fully consider whether data processing is necessary and proportional. Clause 20 should also be removed from this Bill.

I hope to see us strengthening Clauses 110, 113 and 116 providing greater protection to consent and safeguarding consumers. Whatever the final impact of the legislation, many public and corporate institutions already hold a ginormous amount of digital materials. As someone with years of local authority experience, I can say that safeguarding paper files seems like an alternate universe. All the protocols were written on every manager’s file, and any breaches or failures could have landed any one of us in court. I cannot comprehend all the protocol that may be required to protect individual data under this Bill. How will the Government monitor whether protocols issued as a result of this legislation are actually being adhered to? Who will be held accountable for the anonymity of data holders, given the heightened concern raised by the noble Lord, Lord Knight, and the noble Baroness, Lady Kidron?

When it comes to issues of surveillance of our citizens and the use of retention of biometric data, no matter the reason we must provide the highest standards and maximum safeguards to all those who will determine whether an individual has transgressed rules. The Commons’ deliberation on bank spying on welfare claimants would have caused many vulnerable elders distress, as will continuous police profiling of some sections of our communities for perceived fraudulent behaviour and/or acting against national security interests. We must not feel a false sense of security by relying on any individual Ministers to make arbitrary decisions and add another list to surveillance. Like my noble friend Lady Young, I question how the DWP, bank personnel and police officers will implement a law that falls below parliamentary scrutiny and the highest standards of ethics.

We must acknowledge that the Bill has caused wide- spread concerns. I agree with many who have written to me that we require a nationwide education programme to ensure wider public knowledge, and that consumer groups and charities understand thoroughly how they are likely to be affected by the proposed legislation and, more importantly, the potential impact of the proposed power vis-à-vis the relationship with the DWP and other institutions, if we are to avoid thousands of litigations.

In fact, CRISP’s insightful briefing reminds us to consider genuine, meaningful and trustworthy oversight of the Bill, which aims to simplify the regulatory architecture of UK surveillance oversight but risks creating a vacuum in the regulation of digital surveillance, abandoning clear guidance and standards, complicating oversight governance, and creating vulnerabilities for users of these technologies and for the rights of those subjected to them.

The Bill removes the reporting obligations of the Biometric and Surveillance Camera Commissioner’s role on appropriate surveillance use, as has been stated to Parliament and the public, which endangers visibility and the accountability of police activities. This gives extensive powers in relation to the causes raised by the right reverend Prelate the Bishop of St Albans. The Bill must therefore retain the surveillance camera code of practice, which is essential for public trust.

The Bill gives the Secretary of State broad powers to amend our data protection laws via statutory instrument without adequate scrutiny by Parliament. Many fear that such extensive powers cannot possibly be for the public good, given the records of all Governments, be it with regard to the manipulation of facts or institutional profiling of black and other minoritised communities adversely used in the name of national security. This will simply not be accepted by today's digitalised generation, and the proposition that such information can be held indefinitely without remedy or recourse to justice cannot bode well for our nations.

At a glance, the UK GDPR sets out seven principles, including integrity and accountability. These fundamental rights for citizens cannot be guaranteed under the Bill as it is now. I look forward to all of us making the necessary changes to make better laws for public good.

Finally, I wish all our outstanding staff across the House, noble Lords and their families who are celebrating a loving and joyful Christmas. I wish everyone well.