News / news

#HandsOffOurData Protect families data rights

Remember 4 years ago when a “serious breach” of law meant the national database of 28 million learners’ details was used for gambling companies onboarding new customers?

If you want to stand up for your family’s and others’ safe digital life, can we ask you write to your own MP and /or a member of the House of Lords with interest in the debate so far? Ask them to recommend the new Data Protection and Digital Information Bill is withdrawn and that government should leave data protection law well alone.

Read in full why, with a KC legal opinion here on our blog. The government is rewriting UK data protection law again, and it threatens to:

1. Snoop on all our bank accounts and risk at-scale harm through an algorithm-led welfare benefit fraud detection system. One in the Netherlands resulted in harm to over 20,000 parents who were wrongly accused.
2. Seriously weaken data protection rights from automated (computer-led) decisions in the favour of business and government making changes that will make recourse and redress harder, (for similar reasons to the Post Office Horizon scandal sub-postmasters found in their cases by weakening rules around accountability of data controllers for the life cycle of data and obligations on risk assessment and dedicated Data Protection Officers).
3. Make it harder to stand up to corporations and find out about computer made decisions and corporations (weakening Subject Access Rights, changing definitions of what is in scope of protection at all as ‘personal data’ when, and what is ‘research’, and when companies can claim to ‘assume’ consent down the line of future processing).
4. Turn us all into walking AI-training datasets for wide commercial re-use from the stories of our lives held in our digital records in the public sector, and further used for more marketing purposes without our consent (broad ‘legitimate interests’ will not need to offer you a Right to Object or do risk assessment any more. Removing the risk assessment ‘balancing test’ when claiming to use ‘legitimate interests’ in braod safeguarding uses of data).
5. Allow teenagers to be bombarded with unlimited political advertising from age 14 (Routine profiling is banned today and something the Children’s Commissioner in the past has called ‘irresponsible‘).

All these parts of the Bill need removed, but at very worst case should be entirely rewritten via amendments.

In particular Defend Digital Me believes the changes will mean that children will find it much harder to exercise their own rights to manage their personal data once they become adults and for life, for example after consent was once given in their past by a legal guardian. This might include ever more sensitive data collected in every day activities like genomic data, DNA, or disabilities or increasingly sensitive bodily data collected by emerging technologies in gaming haptics, or biometrics, like gait, fingerprints and facial recognition data collected in schools and shops, and by voice assisted tools.

This comes hot on the heels after Schools Week reported that DfE Ministers are looking at children’s national pupil data records (which hold hundreds of items of personal data against names in the National Pupil database for around 28 million people), and ‘what it’s worth’.

In completely the wrong law for it, the DWP is trying to shoe-horn new ‘anti fraud powers’ for itself into a bill that is supposed to be about protecting people’s data rights. At the last minute and before it could be scrutinised by MPs before Christmas, the government added new powers for the DWP to be able to ask any UK bank to find people the government want to for ‘signals’ of fraud. It could massively scale up the problems created in 2020, when the DWP was wrongly instructing employers to deduct money directly from salaries.

Many MPs themselves object to how the government snuck this part in late after most debate was already over for the Commons before it went to the Lords, and Chris Bryant suggested it was sent back for redoing, saying “this is no way to scrutinise a Bill, particularly one that gives the Government sweeping powers and limits the rights of our fellow citizens, the public.”

Everyone wants misuses of public money to be dealt with, and the government already has strong powers to check the bank statements of suspects. “But this is a major expansion of government power that takes away our financial privacy like never before and does away with the presumption of innocence – the democratic principle that you shouldn’t be spied on unless police suspect you of wrongdoing. People who are disabled, sick, carers or looking for work or who make innocent mistakes should not be treated like criminals by default. None of us should.” You can also take action to object through the Big Brother Watch petition here.

In the Netherlands, in a similar programme when the full extent of harms from the “Toeslagenaffaire” emerged —it ranged from bankruptcy to trauma for more than 20,000 parents wrongly accused of fraud.

Defend Digital Me is still calling for the Data Protection and Digital Information Bill to be withdrawn, as we did in March 2023 already as part of a coalition of 25 further civil society organisations.

If you too want to stand up for your family’s and others’ safe digital life, very briefly write to your MP and /or a member of the House of Lords. The Lords most interested are those who spoke in the debate on December 19th. Ask them to recommend the new Data Protection and Digital Information Bill is withdrawn and to leave data protection law well alone. Write only to your own MP and explain in your own words why it matters to you.

It will next be debated in the House of Lords in mid-to-late March.