UK Data Protection Bill advances despite warnings on AI, alignment with EU

The UK Data Protection and Digital Information Bill has advanced to the committee stage for a line-by-line examination following a second reading in the House of Lords.

Parliamentary Under Secretary of State for the Department of Science, Innovation and Technology Viscount Camrose introduced the Bill for its second reading, saying it will “means the ICO can take a more proportionate approach to how it gets involved in earlier disputes, not having to do so to early in the process before people have had a chance to resolve things sensibly themselves.”

Among the implications for how biometrics are regulated in the UK, the Bill eliminates the role of the Biometrics and Surveillance Camera Commissioner and shifts some of the role’s responsibilities to the Information Commissioner’s Office. A recent report by a pair of academics warned that the move could leave some areas beyond government oversight.

The Bill was reintroduced to the House of Commons last March, and passed its third reading in November, following amendments that strengthen the powers of police to retain the biometrics of some individuals for longer, in line with Interpol and EU practice.

Camrose emphasized the potential economic gins from the Bill, particularly from the prospect of open banking, which he says could deliver 12 billion pounds to consumer and £6 billion to small businesses each year.

He also says the Bill increases the control people have over their own data through the introduction of digital identity, and puts identity verification services on “a secure and trusted footing.”

Opposition Members cautioned during debate the Bill could weaken protections against data exploitation. This is particularly so, according to Lord Knight (Labour), for artificial intelligence.

“It does not provide any new oversight of cutting-edge AI developments like biometric technology or foundational models, despite well-documented gaps in existing legal frameworks,” he says, quoting a report from the Ada Lovelace Institute.

“Legitimate interest” has been expanded in scope and authority to the point where data privacy rights can be ignored, he argues. The Bill also does not give regulators the powers they need to implement it in accordance with the government’s vision, Knight says.

Furthermore, “the Bill is too long.” Around 260 amendments have been introduced, adding 150 pages after its first line-by-line scrutiny.

Adequacy for the cross-border flow of data with the EU is another point of concern raised by opposition Lords, during a debate consisting of 20 speeches from across all group represented in the upper chamber.

Camrose responded to the suggestion that the Bill misses an opportunity to regulate AI, including biometrics, by saying the government considers the data protection legislation not to be the appropriate basis for regulation of AI.

A date for the start of the committee stage has not been set.

Article Topics

Ada Lovelace Institute  |  AI  |  biometrics  |  data protection  |  Data Protection and Digital Information Bill (DPDI)  |  digital identity  |  identity verification  |  Information Commissioner’s Office (ICO)  |  regulation  |  UK