Category: Data Protection

Text Updated 6 March 2024 Most people will agree that the promised “Brexit benefits” have yet to manifest themselves in physical form.  This is especially the case with the Data Protection and Digital Information (“DPDI”) Bill which for three years been touted by Ministers as the pre-eminent Brexit Bonus for Britain. The Bill, it is claimed, combines a high level of data protection for data subjects with easier compliance for controllers and the wider exploitation of personal data:- such data

Last week, Prime Minister asked  “how can we write laws [to regulate AI] that make sense for something we don’t yet fully understand?”.  The PM does not appreciate that his Government has already drafted a law that applies to the processing of personal data for AI purposes but which has the objective of diminishing the protection afforded to data subjects. In this blog, I show, in the context of scientific research, how the proposed DPDI No 2 Bill” (the “Bill”

I was surprised by the recent Tribunal Decision (the “Decision”) which quashed Clearview’s £7.5 million fine on the grounds the UK_GDPR did not apply.   My puzzlement has given rise to several important questions about the Decision. These questions need an urgent answer; hence this blog. Clearview is a USA company which has scraped billions of photos and personal data from the Internet and used them to sell services to law enforcement/national security agencies and similar agencies in other countries (e.g.

I have atoned for not delivering a blog for two months by reading Schedule 13 of the Data Protection and Digital Information No 2 Bill (the “Bill”).  As readers know, the Information Commissioner (ICO) is to be replaced by an Information Commission, and Schedule 13 outlines the procedural arrangements for the operation of the Commission. Schedule 13 is not “a gripping read”.  With all its provisions about voting, quorums, Committees, Board Members, Chairs and Chief Executives, the text can be described in two words:

Last week, the Prime Minister was quoted concerning the need to ensure Artificial Intelligence (AI)  is “introduced safely and securely with guard-rails in place”.  Strange to find that he appears to be unaware that several of these urgently needed guard-rails are being dismantled by the DPDI No.2 Bill (the “Bill”). On June 6th, I delivered a presentation to the Data Protection Forum where there was lively discussion concerning the weakening of data protection within several identified issues of the Bill.

The blog provides a summary of seven areas where the proposed Data Protection and Digital Information No. 2 Bill (“No.2 Bill”) undermines privacy issues; these should be debated by Parliament. Some area, such as ICO independence and research, are left unexplored in this Blog. 1.   Absence of Keeling Schedules It is difficult to comment on legislation that significantly modifies existing legislation if the relevant Keeling Schedules, which detail the proposed legislative changes, are unavailable (perhaps deliberately so).  The No.2 Bill

I have come to the conclusion that the new definition of personal data in the Data Protection and Digital Information No.2 Bill (“No.2 Bill”) only applies to facial recognition CCTV if the data subject is on a watch-list. If the individual is not on a watch-list, and the camera images are deleted immediately after checking the watch-list, then personal data are not processed and there are no data protection obligations (e.g. no transparency) It then follows that if the watch-list,

The press release associated with the DPDI No.2 Bill proudly states that the Bill ensures “that the new regime [is] built on the UK’s high standards for data protection and privacy”. These new “high standards”, evidently, includes adopting a definition of “personal data” that fails to meet the data protection standards established by the text of the Council of Europe (CoE) Convention No. 108, as published in January 1981. In other words, the most enduring international binding agreement on data

Many commentators have remarked how very similar the Data Protection and Digital Information (DPDI) (No.2) Bill is to the original DPDI Bill published last June.  If this is the case, how is it that the No.2 Bill’s projected “Best Estimate” savings is £4.7 billion over a decade, whereas the “Best Estimate” savings for the original DPDI Bill (the “No.1 Bill”) is a mere £1.45 billion over a decade? Given the fact that there is no official comparison document, explanation or