The Data Protection and Digital Information Bill, introduced by Nadine Dorries, is being RUSHED through Parliament, with its second reading on 5th September. The speed suggests that this Bill is of considerable political importance to the Conservatives and a major concern for Keep Our NHS Public campaigners.
Read why here:
The Bill will have a range of serious consequences, such as:
- The abuse of democracy
The Bill includes a number of measures that will allow ministers to change the law without proper scrutiny by Parliament. Granting this type of power has serious constitutional implications.
- The abuse of human rights
The Bill will grant a new power to the Secretary of State for Digital, Culture, Media and Sport to force organisations, including the NHS, to share the personal data they hold on you with the State and law enforcement authorities. (This could mean, for example, that GPs’ records can be searched to identify migrants or refugees.)
However, our focus is on the abuse of personal data.
One of the Government’s main motives behind this Bill is to drive economic growth by making the personal data held by the NHS more accessible to the private sector.
KONP recognises the importance of NHS data for patient care, service planning and developing new treatments. It is also aware of the importance of safeguarding the confidentiality of patients’ data, not least to ensure patients’ trust in NHS care.
This Bill risks compromising patients’ trust.
If passed, it will reduce existing protections for personal data by, for example:
- giving data controllers in organisations (including profit-making companies) discretion to decide when personal data can be classified as ‘anonymous’ and so fall beyond data protection law;
- amending the legal definition of ‘scientific research’ to include anything that can ‘reasonably’ be described as such, so allowing access to personal data to the commercial sector and potentially raising uncertainty about legitimate medical research.
- introducing a new type of consent that allows permission from an individual to allow use of their data for scientific research can be assumed to apply to further projects that were unknown at the original time of consent.
The Bill aims to lower safeguards governing data collection and processing in order to reduce the ‘burden on business, by, for example,
- abolishing the statutory requirement for organisations that process data to have an independent Data Protection Officer. Instead, organisations will designate a senior employee (someone who is unlikely to have the relevant expertise but likely to face conflicts of interest) to oversee an organisation’s compliance with data protection rules;
- introducing a new, flexible accountability regime that allows businesses to decide on how far they will be compliant, based on the scale of, and their perceived risks of their operations;
- granting the Secretary of State influence over whether personal data can be transferred to other countries or international corporations. It appears that political and economic issues may take precedence over the standards of protection offered and any risk that the data may be sold on.
The Bill will reduce our rights as citizens, by for example:
- Expanding the grounds on which organisations can refuse to respond to individual’s requests (‘Subject Access Requests’) to know what information the organisation holds on them. These grounds include whether or not the organisation considers the request to be ‘vexatious’ or ‘excessive’. ‘Vexatious’ requests include those that an organisation considers to be made in bad faith, are meant to cause harm, or to be an abuse of process, while what’s deemed to be ‘excessive’ depends on the resources that the organisation has to deal with requests.
- giving a data controller the authority to refuse to provide information to an individual inquiring about how their data is being used where there is a duty of confidentiality by a legal adviser to a client – as in commercial contracts used in the development of products.
- undermining the independence of the Information Commissioner’s Office (the organisation that upholds information rights in the public interest) through allowing the Secretary of State to control the appointment of staff, veto the ICO’s guidance and require it to develop a strategy that takes economic growth, innovation and competition into account.
It’s time to act
What KONP is calling for
- KONP wants the potential of data to be used for patients, not profit.
- We want transparency of data use – to know who is using our data, on whose say so, and for what purpose. We support the use of Trusted Research Environments – safe havens that users visit to work on data without it being released, and where data use can be properly monitored.
- The independence of the Information Commissioner’s Office should be strengthened, not brought under political control.
- The Data Protection and Digital Information Bill must be stopped.