Data Protection and Digital Information (No. 2) Bill Debate
Full Debate: Read Full DebateJim Shannon
Main Page: Jim Shannon (Democratic Unionist Party - Strangford)Department Debates - View all Jim Shannon's debates with the Department for Science, Innovation & Technology
(1 year, 7 months ago)
Commons ChamberI hope that my previous reply reassured the hon. Lady that we intend to maintain adequacy, and we do not consider that the Bill will present a risk in that regard. What we are trying to do, particularly in respect of medical research, is make it easier for scientists to innovate and conduct that research without constantly having to return for consent when it is apparent that consent has already been granted for particular medical data processing activities. We think that will help us to maintain our world-leading position as a scientific research powerhouse.
Alongside new data bridges, the Secretary of State will be able to recognise new transfer mechanisms for businesses to protect international transfers. Businesses will still be able to transfer data across borders with the compliance mechanisms that they already use, avoiding needless checks and costs. We are also delighted to be co-hosting, in partnership with the United States, the next workshop of the global cross-border privacy rules forum in London this week. The CBPR system is one of the few existing operational mechanisms that, by design, aims to facilitate data flows on a global scale.
World-class research requires world-class data, but right now many scientists are reluctant to get the data they need to get on with their research, for the simple reason that they do not know how research is defined. They can also be stopped in their tracks if they try to broaden their research or follow a new and potentially interesting avenue. When that happens, they can be required to go back and seek permission all over again, even though they have already gained that permission earlier to use personal data. We do not think that makes sense. The pandemic showed that we cannot risk delaying discoveries that could save lives. Nothing should be holding us back from curing cancer, tackling disease or producing new drugs and treatments. This Bill will simplify the legal requirements around research so that scientists can work to their strengths with legal clarity on what they can and cannot do.
The Bill will also ensure that people benefit from the results of research by unlocking the potential of transformative technologies. Taking artificial intelligence as an example, we have recently published our White Paper: “AI regulation: a pro-innovation approach”. In the meantime, the Bill will ensure that organisations know when they can use responsible automated decision making and that people know when they can request human intervention where those decisions impact their lives, whether that means getting a fair price for the insurance they receive after an accident or a fair chance of getting the job they have always wanted.
I spoke earlier about the currency of trust and how, by maintaining it through high data protection standards, we are likely to see more data sharing, not less. Fundamental to that trust will be confidence in the robustness of the regulator. We already have a world-leading independent regulator in the Information Commissioner’s Office, but the ICO needs to adapt to reflect the greater role that data now plays in our lives alongside its strategic importance to our economic competitiveness. The ICO was set up in the 1980s for a completely different world, and the pace, volume and power of the data we use today has changed dramatically since then.
It is only right that we give the regulator the tools it needs to keep pace and to keep our personal data safe while ensuring that, as an organisation, it remains accountable, flexible and fit for the modern world. The Bill will modernise the structure and objectives of the ICO. Under this legislation, protecting our personal data will remain the ICO’s primary focus, but it will also be asked to focus on how it can empower businesses and organisations to drive growth and innovation across the UK, and support public trust and confidence in the use of personal data.
The Bill is also important for consumers, helping them to share less data while getting more product. It will support smart data schemes that empower consumers and small businesses to make better use of their own data, building on the extraordinary success of open banking tools offered by innovative businesses, which help consumers and businesses to manage their finances and spending, track their carbon footprint and access credit.
The Minister always delivers a very solid message and we all appreciate that. In relation to the high data protection standards that she is outlining, there is also a balance to be achieved when it comes to ensuring that there are no unnecessary barriers for individuals and businesses. Can she assure the House that that will be exactly what happens?
I am always happy to take an intervention from the hon. Member. I want to assure him that we are building high data protection standards that are built on the fundamental principles of the GDPR, and we are trying to get the right balance between high data protection standards that will protect the consumer and giving businesses the flexibility they need. I will continue this conversation with him as the Bill passes through the House.
It is a pleasure to add some comments and make a contribution, and also to have heard all the right hon. and hon. Members’ speeches as I have sat here tonight. There will not be any votes on the Bill, I understand, but if there had been, my party would have supported the Government, because I think the intention of the Minister and the Government is to try to find a correct way forward. I hope that some of the tweaking that is perhaps needed can happen in a positive way that can address such issues. It is always good to speak in any debate in this House, but this is the first one after the recess, and I am indeed very pleased to be a part of any debates in the House. I have spoken on data protection and its importance in the House before, and I again wish to make a contribution, specifically on medical records and protection of health data with regard to GP surgeries. I hope to address that with some questions for the Minister at the end.
Realistically, data protection is all around us. I know all too well from my constituency office that there are guidelines. There are procedures that my staff and I must follow, and we do follow them very stringently. It is important that businesses, offices, healthcare facilities and so on are aware of the guidelines they must follow, hence the necessity of this Bill. As I have said, if there had been a vote, we would have supported the Government, but it seems that that will not be the case tonight. Data exposure means the full potential for it to fall into the wrong hands, posing dangers to people and organisations, so it is great to be here to discuss how we can prevent that, with the Government presenting the legislation tonight and taking it through Committee when the time comes.
I have recently had some issues with data protection—this is a classic example of how mistakes can happen and how important data can end up in the wrong place—when in two instances the Independent Parliamentary Standards Authority accidentally published personal information about me and my staff online. It did not do it on purpose—it was an accident, and it did retrieve the data very quickly—but it has happened on two occasions at a time of severe threat in Northern Ireland and a level of threat on the mainland as well. Although the matter was quickly resolved, it is a classic example of the dangers posed to individuals.
I am sure Members are aware that the threat level in Northern Ireland has been increased. Despite there being external out-of-office security for Members, I have recently installed CCTV cameras in my office for the security of my staff, which, though not as great in comparison, is my responsibility. I have younger staff members in their 20s who live on their own, and staff who are parents of young children, and they deserve to know that they are safe. Anxieties have been raised because of the data disclosure, and I imagine that many others have experienced something similar.
I want to focus on issues about health. Ahead of this debate, I have been in touch with the British Medical Association, which raised completely valid concerns with me about the protection of health data. I have a number of questions to ask the Minister, if I may. The BMA’s understanding of the Bill is that the Secretary of State or the Minister will have significant discretionary powers to transfer large quantities of health information to third countries with minimal consultation or transparent assessment about how the information will benefit the UK. That is particularly worrying for me, and it should be worrying for everyone in this House. I am sure the Minister will give us some clarification and some reassurance, if that is possible, or tell us that this will not happen.
There is also concern about the Secretary of State having the power to transfer the same UK patients’ health data to a third country if it is thought that that would benefit the UK’s economic interests. I would be very disturbed, and quite annoyed and angry, that such a direction should be allowed. Again, the Minister may wish to comment on that at the end of the debate. I would be grateful if the Minister and his Department provided some clarity for the BMA about what the consultation process will be if information is to be shared with third-party countries or organisations.
There have also been concerns about whether large tech and social media companies are storing data correctly and upholding individuals’ rights or privacy correctly. We must always represent our constituents, and the Bill must ensure that the onus of care is placed on tech companies and organisations to legally store data safely and correctly. The safety and protection of data is paramount. We could not possibly vote for a Bill that undermined trust, furthered economic instability and eroded fundamental rights. Safeguards must be in place to protect people’s privacy, and that starts in the House today with this Bill. Can the Minister assure me and the BMA that our data will be protected and not shared willy-nilly with Tom, Dick and Harry? As I have said, protection is paramount, and we need to have it in place.
To conclude, we have heard numerous stories both from our constituents and in this place about the risks of ill-stored and unprotected data. The Bill must aim to retain high data protection standards without creating unnecessary barriers for individuals and businesses. I hope that the Minister and his Department can answer the questions we may have to ensure that the UK can be a frontrunner in safe and efficient data protection. We all want that goal. Let us make sure we go in the right direction to achieve it.