Category: Other Information Law

There is a current debate as to whether “legitimate interests” can be reliably used as a lawful basis by a controller when using personal data to train/test AI algorithms/systems and when AI systems are deployed. This blog explains how the common law of confidence and two recent CJEU decisions work together to challenge this assumption. The first half of the blog explains why “legitimate interests” can work as a lawful basis for AI training/testing in some instances.  In the second

The blog concerns the content of the new  Data (Use and Access) Bill (DUAB) as published last week; it bears a strong relationship with the previous Data Protection and Digital Information (DPDI) Bills.  In fact, DUAB could easily have been named the DPDI (No 3) Bill. The Bill itself is 138 Clauses, 16 Schedules and 251 pages; many of the provisions of DPDI re-appear in DUAB but with different Clause numbers. The Bill is a complex read as its data

The incoming Labour Government has expanded the role of the Department for Science, Industry and Technology (DSIT) by transferring many IT/data related functions from other parts of Government (mainly the Cabinet Office) into DSIT.  The objective is to make DSIT an important driver for economic growth. In further detail, “experts in data, digital and AI from the Government Digital Service (GDS), the Central Digital and Data Office (CDDO) and the Incubator for AI (i.AI) [have transferred to DSIT] to unite

Although the DPDI Bill is dead, you have probably missed the addition to the right to erasure (Article 17 of the UK_GDPR) which was made during “wash-up” period (last month) via another piece of legislation (the Victims and Prisoners Act ["VPA"] 2024). In summary, the change in the law concerns what controllers do when there is a malicious complaint (e.g. to social services) and the procedure for removing that complaint, following the conviction of the complainant of a stalking or harassment

When a Prime Minister calls a General Election, the Official Opposition in Parliament becomes very powerful.  The reason is that the two main political parties can agree to enact outstanding and uncontroversial pieces of legislation (e.g. in this case, before the end of next week – May 30th).  Parts of the DPDI Bill do fall into this uncontroversial category; but many bits don’t. In summary, the Opposition can say to Government something like; “we will agree to pass the DPDI

If, on April 1st,  I reported that a cabal of controllers could club together and draft a Code of Practice that establishes their legal compliance with the UK’s data protection regime, you would probably say that this was too far-fetched to be true. Yet this is the procedure that has been put in place by our the Government for all law enforcement processing of personal data. The grim detail can be found in Clause 68A of the Data Protection and

Late on Good Friday (a very good time to bury “bad” news), the Government quietly tabled an amendment to the Data Protection and Digital Information Bill  (DPDI Bill) which extends the definition of personal data to include bequests and comments, made by a deceased, in his or her will.  The ICO has welcomed this amendment as a positive change to the law. Although the amendment makes a somewhat quirky change to the Wills Act 1837,  an impeccable sauce has indicated

Speakers at the Data Protection Forum in early March reinforced my reasoning that the Data Protection and Digital Information Bill  (“DPDI Bill”) should be used as a vehicle to implement the EU’s AI Act.  [Obviously my Petition which states this should also be supported: so please sign it! – see references]. One speaker, at the end of her presentation, made several personal comments about the risks associated with the fragmentary, “wait and see” approach of the UK Government towards AI

I am asking readers to sign my Petition on the Parliamentary web-site (see end of this blog); most of the blog's text explains why you should sign. In summary, the Petition states that the Government would be negligent if it failed to draft clauses for the Data Protection and Digital Information Bill  (“DPDI Bill”) to protect data subjects from the harmful impact of Artificial Intelligence (AI). I have suggested that these AI clauses should be aligned with the EU Data/IA

Text Updated 6 March 2024 Most people will agree that the promised “Brexit benefits” have yet to manifest themselves in physical form.  This is especially the case with the Data Protection and Digital Information (“DPDI”) Bill which for three years been touted by Ministers as the pre-eminent Brexit Bonus for Britain. The Bill, it is claimed, combines a high level of data protection for data subjects with easier compliance for controllers and the wider exploitation of personal data:- such data