26 civil society groups call on government to stop the Data Grab Bill

26 civil society organisations have written to the Secretary of State for Science, Innovation and Technology, Michelle Donelan MP, calling for the Data Protection and Digital Information (DPDI) Bill to be dropped. The signatories include trade unions as well as human rights, healthcare, racial justice, migrants rights, workers’ rights and criminal justice organisations. They are concerned that the government’s proposals will seriously weaken data protection rights in the UK, and could particularly harm people from marginalised communities.

The Bill will amend the UK GDPR as part of the reform of EU laws following Brexit. It was temporarily paused under Liz Truss’s premiership but in an interview with Politico, Donelan confirmed that the Bill will return to parliament this year and it is expected to be re-published next year.

Abigail Burke, Policy Manager at Open Rights Group said:

“Strong data protection is increasingly important as companies continue to find new ways to use our personal data to profile, manipulate, and profit off of us.

The Data Protection and Digital Information (DPDI) Bill is a power grab by the government that will undermine data rights in the UK. The bill weakens data subjects rights and corporate accountability mechanisms, politicises the ICO, and expands the Secretary of State’s powers in numerous, undemocratic ways.

The government needs to ditch these proposals and start again. We need a data protection law that builds on the protections created by the GDPR not one that weakens them. People’s rights – not government control or the profits of corporations – should be the basis of any new legislation.”

Why data protection matters

Data protection rights protect people across all aspects of their lives, for example, when at work, using NHS services, applying for jobs or renting a flat. As the use of flawed and biased decision-making algorithms increases across every sector, data protection is particularly important for protecting the rights of marginalised groups, including migrants, LGBTQ people and people from racialised backgrounds.

The UK GDPR has been used to challenge unfair dismissals in the workplace, private companies’ use of public health data, and illegal profiling by advertising companies. The Bill would undermine people’s ability to hold public authorities and private businesses to account over how their data is processed.

The letter highlights four key areas of concern:

• Weakening of data subjects rights and corporate accountability mechanisms
  Changes to Data Protection Impact Assessments remove the requirement for organisations to consult with data subjects who are affected by high risk data processing. Additionally, the bill lowers the threshold for organisations to refuse a Subject Access Request and removes individuals’ right to not to be subjected to solely automated decision making.

• Oversight of data processing
  Under the current proposals, the independence of the Information Commissioner’s Office (ICO) will be reduced. As the ICO plays a key part in the oversight of the government’s use of data, this is extremely problematic.

• Expansion of data processing
  The Bill creates grounds for processing data and more exemptions to the limits that restrict how data can be processed. The Secretary of State could make changes to increase data the ways that data is used and reused without meaningful parliamentary oversight.

• Data transfers
  The Secretary of State would have the discretion to approve international data transfers to countries with insufficient data protection standards.

Notes to editors

Read our briefing for further information about how the DPDI Bill is threatening rights in the UK.