Author: info@amberhawk.com

This blog is the promised second instalment that deals with the powers in the Data (Use and Access) Bill (DUAB  “Bill”).  These powers give Ministers the ability to sweep aside key elements of the UK_GDPR that protects data subjects from function creep in the public sector. In evidence in support the above statement, this blog explains details of: the two powers that give Ministers the ability to specify any voluntary data sharing with any public body as lawful and not incompatible

This blog considers how the Data (Use and Access) Bill (the “Bill”) impacts on the lawful bases used in the context of voluntary data sharing with public bodies. In summary, the Bill creates an infrastructure of Ministerial powers that ensures voluntary data sharing to the public sector has a lawful basis;  that such data sharing is not incompatible with the purpose of obtaining, and that such data sharing is, in practice, exempt from the right to object. These powers have

There is a current debate as to whether “legitimate interests” can be reliably used as a lawful basis by a controller when using personal data to train/test AI algorithms/systems and when AI systems are deployed. This blog explains how the common law of confidence and two recent CJEU decisions work together to challenge this assumption. The first half of the blog explains why “legitimate interests” can work as a lawful basis for AI training/testing in some instances.  In the second

The blog concerns the content of the new  Data (Use and Access) Bill (DUAB) as published last week; it bears a strong relationship with the previous Data Protection and Digital Information (DPDI) Bills.  In fact, DUAB could easily have been named the DPDI (No 3) Bill. The Bill itself is 138 Clauses, 16 Schedules and 251 pages; many of the provisions of DPDI re-appear in DUAB but with different Clause numbers. The Bill is a complex read as its data

The incoming Labour Government has expanded the role of the Department for Science, Industry and Technology (DSIT) by transferring many IT/data related functions from other parts of Government (mainly the Cabinet Office) into DSIT.  The objective is to make DSIT an important driver for economic growth. In further detail, “experts in data, digital and AI from the Government Digital Service (GDS), the Central Digital and Data Office (CDDO) and the Incubator for AI (i.AI) [have transferred to DSIT] to unite

Although the DPDI Bill is dead, you have probably missed the addition to the right to erasure (Article 17 of the UK_GDPR) which was made during “wash-up” period (last month) via another piece of legislation (the Victims and Prisoners Act ["VPA"] 2024). In summary, the change in the law concerns what controllers do when there is a malicious complaint (e.g. to social services) and the procedure for removing that complaint, following the conviction of the complainant of a stalking or harassment

When a Prime Minister calls a General Election, the Official Opposition in Parliament becomes very powerful.  The reason is that the two main political parties can agree to enact outstanding and uncontroversial pieces of legislation (e.g. in this case, before the end of next week – May 30th).  Parts of the DPDI Bill do fall into this uncontroversial category; but many bits don’t. In summary, the Opposition can say to Government something like; “we will agree to pass the DPDI

If, on April 1st,  I reported that a cabal of controllers could club together and draft a Code of Practice that establishes their legal compliance with the UK’s data protection regime, you would probably say that this was too far-fetched to be true. Yet this is the procedure that has been put in place by our the Government for all law enforcement processing of personal data. The grim detail can be found in Clause 68A of the Data Protection and

Late on Good Friday (a very good time to bury “bad” news), the Government quietly tabled an amendment to the Data Protection and Digital Information Bill  (DPDI Bill) which extends the definition of personal data to include bequests and comments, made by a deceased, in his or her will.  The ICO has welcomed this amendment as a positive change to the law. Although the amendment makes a somewhat quirky change to the Wills Act 1837,  an impeccable sauce has indicated