PL&B UK, Issue 94
November 2017


Lead story:
Data Protection Bill debated in the House of Lords

The Data Protection Bill creates some confusion, questions and much debate. Laura Linkomies reports on the progress so far.


Subscribe




Issue price: £85 + VAT

Also includes:

  • The ICO retains its international horizon
  • PL&B joins group to discuss DP Bill with the Lords
  • Think tank: DPAs should fine only seriously negligent conduct
  • Internet publishers’ responsibility for user content
  • Data Philanthropy: Using data for the common good
  • GDPR narrows opportunities to rely on legitimate interests
  • Harnessing technology to make your business GDPR compliant
  • A guide to GDPR profiling and automated decision-making
  • FOI Commissioners debate the future of information rights
  • ICO comments on review of Code of Data Matching Practice
  • Government makes Cybersecurity Directive plans
  • New notification fees in place from next April
  • EU DPAs: Fine will depend on circumstances
  • PL&B survey: Much work still to do ahead of GDPR deadline
  • Government to restrict immigrants’ data rights
  • Marketers uneasy with e-Privacy
  • Public aware of GDPR rights

 

Publisher's Cover Note

PL&B brings your concerns on the Data Protection Bill to the House of Lords

The crumbling fabric of the Houses of Parliament was not in evidence on 31 October in the committee room where I and a small group of data protection law specialists met five members of the Upper Chamber, the House of Lords, including Lord Tim Clement-Jones, the peer leading their scrutiny of the Data Protection Bill. We had met Lord Tom McNally when he was a Justice Minister in the coalition government and spoke at PL&B’s annual international conference in July 2013. He arrived directly from a meeting of the House of Lords Artificial Intelligence Committee which had just held a hearing with Elizabeth Denham, Information Commissioner.

Lord Clement-Jones made it clear that he had an hour for this session and first wanted to know about issues in the Data Protection Bill affecting everyday compliance before moving on to “future proofing.” He invited all of us to submit papers to support our points. Fortunately, immediately after being invited to the meeting by former Liberal Democrat MP, Parmjit Singh Gill, we asked for input from our network. I had edited the feedback into a paper with six points which I presented to Clement-Jones and his support staff member, and is available on request.

The complex legal language of the Bill does not help one’s understanding of the text and one of the group pointed out that the wording of the government’s explanatory material would communicate the Bill’s provisions in a much simpler way. But one cannot expect that everyone’s concerns will be resolved whatever the wording of the Data Protection Bill.

Take, for example, transfers of personal data in a marketing context. Companies may want more clarity for those who may transfer or sell on personal data to others.  Marketing managers may have come to accept that ‘selected third parties’ is no longer an acceptable form of words. But at the time of data gathering, it may not be possible to be company specific. Data controllers would like confirmation that, for example, ‘Car Insurers’ rather than a specific company would be acceptable to include in the tick boxes on a consent form.

I expect that this degree of detail is a matter for the Information Commissioner’s guidance or a Code of Practice rather than the wording of the future Data Protection Act. Similar detailed points probably involve every sector.

Artificial Intelligence: Where science meets science fiction

On 6 November, I attended a seminar at the British Library with the above title organised with the Alan Turing Institute and the National Institute of Data Science.* AI can be quicker or better than humans at specific tasks (like playing chess or making multiple calculations quickly) but one machine or system cannot emulate the range of thoughts, skills or empathy demonstrated by one human. Points which emerged included:

  1. “science fiction is fiction not science”
  2. there are risks attached to automating human relationships
  3. there should be a single descriptive language about what AI can do
  4. the GDPR’s safeguards for individuals subject to automated decision-making are illusory because there could be a bias in the underlying logic beyond an individual’s understanding
  5. the best way to achieve democratic oversight of AI is to read the terms and conditions associated with websites and apps and not to tick the “Agree” box, unless you agree with the company’s use of your personal data
  6. if tech companies are too powerful, described as “the new feudalism,” it is because most people give up their personal information freely
  7. tech companies can be forces for good, for example, Google Translate does a good job with 100+ languages run entirely with AI and employs no linguists.

 

Just as we were publishing the November edition of Privacy Laws & Business United Kingdom Report, we received news that the ICO had announced the four winners of the Grants Programme selected from 117 applicants. The successful projects will:

  1. create a digital tool to help individuals protect and enforce their data protection rights, particularly in the insurance and banking sectors (the Open Rights Group/design studio IF);
  2. create an online tool for both the public and organisations to evaluate the risk of re-identification of pseudonymised personal data, by assessing it via a new machine learning algorithm (the Computational Privacy Group at Imperial College London’s Data Science Institute);
  3. create a tool for healthcare professionals to share medical information securely and to support research (Teesside University/Connected Health Cities); and
  4. examine the evidence gaps in children’s capacity to consent, their functional skills and understanding of the commercial online environment (Department of Media and Communications at the London School of Economics).

 

Stewart Dresner
Publisher

* https://www.bl.uk/events/ai-where-science-meets-science-fiction?ns_campaign=November+events+-+members&ns_mchannel=email&ns_source=newsletter&ns_linkname=event_4_title&ns_fee=0&TMID