UK data custodian criticizes proposals to change UK data law • The Register

The UK’s National Data Guardian (NDG) has warned the government against weakening the rights of individuals to challenge decisions made about them by artificial intelligence.

The independent health data rights watchdog also said the government’s consultation on changes to data protection law following the UK’s departure from the EU made proposals that would represent a “significant deviation” from the General Data Protection Regulation (GDPR), potentially jeopardizing data sharing agreements. .

In the current implementation of the GDPR in the UK, the Data Protection Act 2018 states in Article 22 that people have the right not to be subjected to a solely automated decision-making process if that decision has significant effects.

These rights should be reviewed, according to the consultation launched by the Directorate of Digital, Culture, Media and Sports (DCMS) in September. The proposals said that the need “to provide a human examination [of AI decisions] may, in the future, not be practicable or proportionate. “

In her reply when consulting DCMS, Data: a new direction, NDG, Dr Nicola Byrne said: “The NDG has serious concerns about proposed reductions in existing protections and the ability of professionals, patients and the public to be actively informed of decisions that may have significant impacts on them.

“In addition, it can have a negative impact on people’s confidence in decisions made about them by only automated means if the guarantees of Article 22 are not kept. In the context of health and care, any removal of the possibility of contesting or requesting human intervention in relation to a decision could significantly affect the quality of care.

“As the elements of healthcare become more efficiently managed through AI, the importance of the human nature of the relationship through which care is provided must not be lost. “

Dr Byrne also said that the government’s proposals – such as changes to research provisions, rules on automated decision-making and changes to the rights of data subjects – would represent a significant departure from the law of Canada. EU on data protection.

The opinion lends weight to the view that changes to data protection law risk undermining the EU’s ‘adequacy’ decision, which allows for continued data sharing between the trading bloc and the United Kingdom.

Former UK digital secretary Oliver Dowden said the UK will continue to align with the GDPR and Britain will set a ‘golden standard’ for data regulation, “but the do it as lightly as possible “.

Lawyers stressed that there is no specific end date for the adequacy decision and that the EU could choose to reconsider it at any time.

Other opinions criticized the entire consultation process. A blog law firm Amberhawk said the consultation provided no evidence of most of the legislative changes it said were needed.

He pointed out that the consultation requires respondents to answer the same question several times. “Basically that question is: ‘We know that data controllers find the following data protection elements a real headache; please explain your answer and provide supporting evidence to the extent possible ”.

“The consultation is largely drafted from a position where the controller becomes authorized to process the personal data of the data subject regardless of how the wishes or interests of the data subject are protected.”

Meanwhile, the outgoing UK Information Commissioner said there was reason to be concerned about proposed changes to UK data regulations.

“Despite … broad support for the ICO’s constitutional reform proposals, there are some important specific proposals that I have serious concerns about because of their risk to regulatory independence,” Elizabeth said. Denham in A declaration in July.

DCMS is reviewing feedback from its consultation, which closed on November 19. ®

Comments are closed.