Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what assessment they have made of the implications for data protection and governance of the involvement of private technology companies in the handling of sensitive data held by public authorities and regulators; and what steps they are taking to ensure that appropriate safeguards relating to data protection, accountability and transparency are in place.

The Government is committed to ensuring that the involvement of private technology companies in the handling of sensitive data held by public authorities and regulators is subject to robust data protection, accountability, and transparency safeguards. All departments undertaking work involving personal data are required to conduct Data Protection Impact Assessments to ensure appropriate privacy, security, and fairness measures are in place. Where private‑sector tools, including algorithmic or AI‑enabled systems, are procured or used, departments must apply mandatory transparency standards and clearly document how such tools are embedded in decision‑making processes, their technical specifications, and relevant risk mitigations.

At a cross‑government level, the Government Digital Service (GDS), within the Department for Science, Innovation and Technology, is strengthening central coordination and oversight of data protection and privacy risks across government. This includes setting consistent standards, supporting departments on the responsible adoption of new technologies, and working closely with the Information Commissioner’s Office to raise data protection and information security standards across the public sector.

These measures are intended to ensure that the use of private technology companies supports innovation and improved public services, while maintaining high standards of data protection, accountability and public trust.