Data exit

WilfStevenson.jpgWilf Stevenson outlines our concerns with the government's poorly drafted Data Protection Bill

The government claim that the Data Protection Bill, which is getting its House of Lords Second Reading today, will “bring our data processing laws up to date, and ensure that we can remain assured that our data is safe as we move into a future digital world.”

Labour will be probing that assertion over the coming weeks and months, with particular reference to the need for business certainty over the application of rules in this key component of our economy in the medium and long term; and the need for consumers, particularly vulnerable people and children, to be protected in the digital world.

The Bill repeals the Data Protection Act 1998 (which implemented the EU’s 1995 Data Protection Directive), as this was replaced in 2016 by the EU General Data Protection Regulation (GDPR). As well as introducing a European Data Protection Board, the GDPR also brings in new responsibilities for data controllers and processors and new rights for data subjects including the ‘right to be forgotten’. 

EU member states must transpose this regulation by 25 May 2018. Accompanying the GDPR, a new Legal Enforcement Directive creates a comprehensive framework for data processing activities performed by the police, security services and justice system, which all members have to transpose into national law by 6 May 2018. So, the clock is ticking.

It is hard to see how business will be reassured by the new Bill. 43% of EU tech companies are based in the UK and 75% of our data transfers are within the EU. Even if the Bill successfully aligns UK law with the EU data protection framework, this does not mean it will become a panacea for future problems.

Come the moment of Brexit, the UK will need to satisfy the European Commission that our legislative framework ensures an ‘adequate level of protection’. Achieving this is not as uncontentious as our government thinks, as the GDPR requires the Commission to consider a wide array of issues such as the rule of law, respect for fundamental rights, and legislation on national security, public security, and criminal law in that country. Indeed, several commentators have observed, the surveillance practices of UK intelligence services may jeopardise a positive adequacy decision. We will pursue this disjuncture in the Bill debates.

Ensuring that the public can trust the safe handling of their data is important for all of us. Get this wrong and people will not benefit fully from the new services coming on stream.

Labour will therefore, probe why the Bill restricts the right of erasure of personal data to 18 year olds and above while the age of consent for when online companies can collect data without obtaining parental consent will be 13. An issue in itself, which begs an even bigger question: are children at that age aware of what they are signing up to when they install an app or open an account, and in doing so give away the right to privacy, ownership of their data, and the material they post online.

It has been argued that there is an imbalance in the Bill about consumer rights. In particular, the need to have special regard to vulnerable members of society, such as the elderly and children, who are less likely to be able to assert their rights in the first place. The GDPR Article 80 contains a provision which the UK government has chosen not to implement, under which consumer groups who operate in the privacy field can act on behalf of data subjects. A ‘super-complainant’ system that would help protect anonymity and strengthen competition by creating a stronger enforcement framework.

More generally, the increasing concern about the use and misuse of personal data points to the need for a far more ambitious set of regulatory structures for what is increasingly referred to as ‘data capitalism’. The big tech firms need to concede that they are not simply ‘platforms’ but active media and information companies, with the broad societal responsibilities this entails 

The poorly drafted Bill however, does not go into this area at all. There is no attempt to ensure data companies are covered by competition and other regulatory regimes. Nor any proposals to deal with the allegations around undue influence on political issues both here and in the United States. And nothing about tackling fake news.

Ministers have set themselves a very tight timetable to get this legislation through before the end of April 2018. Labour will support the main principles of the Bill but the government is going to have to give much ground on the detail as Parliament works through the scrutiny process. 

Wilf Stevenson is a member of Labour’s frontbench team in the House of Lords. He tweets @Missenden50 

Published 10th October 2017

Do you like this post?


Please check your e-mail for a link to activate your account.

The Labour Party will place cookies on your computer to help us make this website better.

Please read this to review the updates about which cookies we use and what information we collect on our site.

To find out more about these cookies, see our privacy notice. Use of this site confirms your acceptance of these cookies.