This is the ODI’s response to the Data Protection and Digital Information (No 2) Bill committee's consultation on the Bill.
We at the ODI have spent more than a decade working to build an open, trustworthy data ecosystem. We want a world where data works for everyone, and where the UK builds on its well-deserved reputation as a centre of global excellence for data assurance, data practices, and data governance.
Any legislative change around data protection should pay due care to enabling, and ensuring, safe and trusted data-flows between the UK and other countries. This trusted flow of data would help to secure the economic benefits of data flows - such as increased productivity, increased trade, and increased levels of research - with trust and safety.
We believe that the Data Protection and Digital Information (No. 2) Bill goes some way to achieving a more open and trustworthy ecosystem, but that it should take into account a number of considerations that go beyond legislation, and require a commitment to building public trust, enhancing the data ecosystem, culture and practices around data use, and considering the potential future uses of data.
Key asks for the Bill
- Retain the requirement for Data Protection Impact Assessments, preventing the burden of accountability and redress being held by individual
- Mandatory reporting on algorithm use
- Maintain the requirement for human oversight on automated decision making
- Improving the processes for accountability and redress, and removing burden on impacted individuals
- Not allow companies to refuse to comply with Subject Access Requests. This is not justified by the economic benefit to SMEs. SARs promote record keeping and accountability
- The bill should outline how data intermediaries can be used; and improve data portability to make access continuous