Privacy group wants tougher stance on Data Protection Bill
Privacy International is calling for urgent changes to the UK Data Protection Bill - which awaits its second reading - arguing that "where the UK government could depart from the requirements imposed by European data protection standards, it has done so".
In a letter to Digital Minister Matt Hancock, signed by executive director Gus Hosein and chair emeritus Anna Fielder, the organisation lays out its concerns, despite welcoming the objective of the Bill to reform the UK legislation in order to give “people more control over use of their data”.
The letter states: "We think that the Bill is overly and unnecessarily complex in its design and structure, even more so than the current Data Protection Act which has been described by senior judges as ‘inelegant and cumbersome’ and a ‘thicket’.
"Over the years we have found that neither businesses (for example in the case of identity theft) nor public institutions (for example in the case of data sharing with commercial entities) understand well their obligations under data protection legislation. It is to be regretted therefore that the Government has not made the effort to put this situation right."
The letter goes on to say how Privacy International has "identified other important areas of substance where the Bill would benefit from being strengthened".
It adds: "In our view the Bill has severe safeguard deficiencies in its conditions for collection and use of sensitive personal data, when it is in the ‘substantial public interest’. Similarly, the Bill lacks adequate safeguards with regards to profiling and automated decision making, when such decisions are permitted without human intervention. Both are permitted derogations from the EU General Data Protection Regulation, and the Government seems to have made full use of them to weaken protections for individuals."
"We are equally concerned by the wide scope of the exemption from the data protection regime for national security: provisions on national security certificates lack transparency and means to challenge them effectively when such challenges may be justified. Similarly, we are very concerned by the almost unfettered powers for cross-border transfers of personal data by intelligence agencies without appropriate levels of protection."