UK awaits clarity on how data protection will be balanced against growth

Data protection in the UK is at a cross-roads between the relatively strict approach taken by the European Union and a more tech-friendly tact meant to encourage economic growth.

The beta launch of the DIATF three years ago spurred a flurry of actions within the public sector and among digital identity providers. “But since then,” says Age Check Certification Scheme ED Tony Allen, “practically nothing.”

As UK industry, privacy advocates and regulators await clarity, The Digital Information and Smart Data Bill proposed by the UK’s new Labour government as an alternative to the foundered Data Protection and Digital Information (DPDI) Bill is examined in a three-part series by Diginomica.

The tension between the original mandate of the Information Commissioner’s Office (ICO) to protect Britons’ data and the prioritization of economic growth under both the Tory and Labour governments is examined in the first report.

The article quotes an assertion from Open Rights Group that the ICO is departing from the law in interpreting it. The regulator says it is preparing for future innovation.

“To name just a few, our work on AI and biometrics plays a crucial role in supporting responsible growth and innovation at the ICO – we regulate AI and biometric technologies, where they use personal information,” says ICO Deputy Commissioner for Regulatory Policy Emily Keaney.

“AI has the potential to drive huge digital transformation, to deliver economic growth, tackle crime, and transform the delivery of public services. But if we’re going to get the most from those kinds of opportunities, it is important that it is used in ways that the public trusts, and in ways that don’t cause people harm.”

Keaney notes multiple instances in which the ICO has enforced data protection rules in cases involving biometrics.

Appreciate legitimate interest for growth

In the context of an unclear balance between growth and privacy protection, Data and Marketing Association CEO Chris Combemale told a Westminster eForum policy event audience that marketers should craft their approach to privacy according to the attitudes of their specific audience.

Combemale said the DPDI’s passages on enabling digital identity verification services and setting up smart data schemes, among others, should be included in the new bill.

In the meantime, the GDPR and the six lawful bases for processing personal data remains the key regulation for businesses operating in the UK. Combemale argues that using all six reasons would enable more economic growth than an overreliance on getting consent from data subjects for every interaction.

Automatic for the people

Diginomica presents multiple accounts of errors by automated decision-making systems negatively affecting people’s lives in significant ways. But an Open Rights Group representative says those automated decisions would have been protected by the DPDI Bill. The data subject could appeal, as the Bill shifted responsibility for ensuring the system works to the consumer, but would also have made the appeal more difficult.

Chris Middleton of Diginomica pulls no punches in laying blame. The new prioritization for the ICO of growth over protecting the interests of citizens was a mistake made by Boris Johnson. The new government has so far failed to depart from this dangerous course, and risks enshrining it with the new legislation.

Article Topics

data protection  |  Data Protection and Digital Information Bill (DPDI)  |  Information Commissioner’s Office (ICO)  |  legislation  |  UK