The British government’s new Data Protection Bill, which is intended to keep the UK in line with the EU’s forthcoming General Data Protection Regulation (GDPR) after Brexit, has been slammed by civil liberty groups as “shameless” and an attempt to undermine millions of people’s privacy.
Liberty, the Joint Council for the Welfare of Immigrants (JCWI), and the Race Equality Foundation, are all calling for the House of Lords to remove certain exemptions the UK has included in the bill, when it is debated next week.
The new Data Protection Bill will update the current Data Protection Act, which was introduced in 1998, and aims to give citizens more control over their online data, as well as give the authorities more power to impose tougher sanctions on firms that don’t comply.
The government has previously said that it would continue to comply with EU GDPR rules following the UK’s decision to leave the European Union, in order to keep close data links with other member states.
Businesses and government are rapidly trying to prepare for the introduction of GDPR – which comes into effect on 28th May 2018, less than a year away. Recent government research found that 94% of FTSE 350 are under prepared for GDPR.
However, there are a number of exemptions within the Data Protection Bill, which are due to be debated by the House of Lords and have come under fire from civil liberty groups. Exemptions are common when an EU member state implements a new piece of regulation.
The government argues that the new Data Protection Bill will make data protection laws “fit for the digital age” and “empower people to take control of their data”, but the rights of certain individuals are at risk, thanks to Schedule 2, Paragraph 4, of the bill, argues Liberty et al.
A two-tier, discriminatory regime
The exemption removes data protection rights from people whose data is processed for the “maintenance of effective immigration control” or “the investigation or detection of activities that would interfere with effective immigration control”.
If passed, the clause would “strip migrants of the right to have their personal information processed lawfully, fairly and transparently when it is being processed for immigration control purpose”, argues the groups.
Liberty states that it would give the Home Office and other agencies the almost limitless ability to obtain and process people’s data from any other government department, business or other body, with no transparency or oversight – for reasons entirely unrelated to dealing with immigration-related crime.
Martha Spurrier, Director of Liberty, said:
Even from a Government with a track record of fostering division and sanctioning discrimination, this is a particularly brazen expression of how low they will go to bring border control into our everyday lives, no matter the cost.
It is a shameless attempt to subordinate migrants’ fundamental privacy and data protection rights to immigration control. The Government can’t be allowed to sneak this nakedly racist provision onto our law books – we urge the Lords to take it out of the Bill.
The 1983 Data Protection Bill included a clause with an identical aim, setting out broad exemptions to people’s rights on the grounds of immigration control. It was deemend to be oppressive and was removed.
The groups argue that that the exemption “completely untethers the Home Office and other agencies’ immigration control efforts from principles such as lawfulness, fairness, transparency or accountability set out under the General Data Protection Regulation (GDPR), the EU’s new framework for data protection laws”.
It adds that it may have been inserted in anticipation of increased monitoring of EU nationals after Brexit.
In a briefing document sent to peers this week, Liberty has also argued that amendments that have been introduced that allow for automated decision making, which impact on an individual’s human rights, should be reconsidered.
The briefing document states:
Liberty is deeply concerned about the potential uses of purely automated decision-making in the law enforcement environment, particularly in relation to the ‘significant’ decisions that have adverse legal effects that are exempted here. We believe that automated processing, if used, should inform officers’ decisions rather make those decisions.
Controversial algorithms currently being trialled by police forces, such as the harm assessment risk tool used in bail decisions and automated facial recognition that leads to arrests, are currently used to support officers’ decisions. They do not replace officers’ decisions or remove their discretion.
However, such purely automated decisions could be permitted under the exemptions within clauses 47 and 48.
It goes on to add:
Sophisticated algorithms used by law enforcement agencies such as the harm assessment tool and automated facial recognition are involved in decisions that engage fundamental rights such as the right to liberty, the right to a private life, freedom of expression, freedom of assembly and the prohibition of discrimination.
The right not to be subjected to a purely automated decision – in other words, the requirement of human involvement in decision making – is thus a vital safeguard, from which we do not believe law enforcement should be exempted.
We urge parliamentarians, as a very minimum, to amend the Bill to protect individuals from being subjected to significant automated decisions that engage their fundamental rights.
An effective Data Protection Bill will undermine much of our interaction with government and business over the coming years. We need to get this right and ensure that citizens have a firm grip of their own data and clear insight into how their data is being used – with effective controls and balances in place to ensure that powers aren’t abused.
Image credit - Images free for commercial use