Late on Good Friday (a very good time to bury “bad” news), the Government quietly tabled an amendment to the Data Protection and Digital Information Bill  (DPDI Bill) which extends the definition of personal data to include bequests and comments, made by a deceased, in his or her will.  The ICO has welcomed this amendment as a positive change to the law. Although the amendment makes a somewhat quirky change to the Wills Act 1837,  an impeccable sauce has indicated that its main motive is to protect the privacy of bequests of large financial donations to the ruling Conservative P ..read more

Speakers at the Data Protection Forum in early March reinforced my reasoning that the Data Protection and Digital Information Bill  (“DPDI Bill”) should be used as a vehicle to implement the EU’s AI Act.  [Obviously my Petition which states this should also be supported: so please sign it! – see references]. One speaker, at the end of her presentation, made several personal comments about the risks associated with the fragmentary, “wait and see” approach of the UK Government towards AI regulation. She pointed out that, in the UK, this meant that the five pillars of AI trustworthiness ..read more

I am asking readers to sign my Petition on the Parliamentary web-site (see end of this blog); most of the blog's text explains why you should sign. In summary, the Petition states that the Government would be negligent if it failed to draft clauses for the Data Protection and Digital Information Bill  (“DPDI Bill”) to protect data subjects from the harmful impact of Artificial Intelligence (AI). I have suggested that these AI clauses should be aligned with the EU Data Act (see references) and added to the DPDI Bill at Report stage in the House of Lords.  This will preserve the abilit ..read more

Most people will agree that the promised “Brexit benefits” have yet to manifest themselves in physical form.  This is especially the case with the Data Protection and Digital Information (“DPDI”) Bill which for three years been touted by Ministers as the pre-eminent Brexit Bonus for Britain. The Bill, it is claimed, combines a high level of data protection for data subjects with easier compliance for controllers and the wider exploitation of personal data:- such data being the new oil in a free-running, modern, data-driven UK economy. Readers of this blog will know I think this claim to b ..read more

Last week, Prime Minister asked  “how can we write laws [to regulate AI] that make sense for something we don’t yet fully understand?”.  The PM does not appreciate that his Government has already drafted a law that applies to the processing of personal data for AI purposes but which has the objective of diminishing the protection afforded to data subjects. In this blog, I show, in the context of scientific research, how the proposed DPDI No 2 Bill” (the “Bill” ) permits personal data to be used,  disclosed or transferred outside the UK for AI training and development purposes, i ..read more

I was surprised by the recent Tribunal Decision (the “Decision”) which quashed Clearview’s £7.5 million fine on the grounds the UK_GDPR did not apply.   My puzzlement has given rise to several important questions about the Decision. These questions need an urgent answer; hence this blog. Clearview is a USA company which has scraped billions of photos and personal data from the Internet and used them to sell services to law enforcement/national security agencies and similar agencies in other countries (e.g. notably in USA and in South America) but not the EU or UK (wonder why?). Clear ..read more

I have atoned for not delivering a blog for two months by reading Schedule 13 of the Data Protection and Digital Information No 2 Bill (the “Bill”).  As readers know, the Information Commissioner (ICO) is to be replaced by an Information Commission, and Schedule 13 outlines the procedural arrangements for the operation of the Commission. Schedule 13 is not “a gripping read”.  With all its provisions about voting, quorums, Committees, Board Members, Chairs and Chief Executives, the text can be described in two words: one is a swear word and the other is “boring”. H ..read more

Who should prepare Codes of Practice that describe good practice in data protection? Should a Code’s final content be the responsibility of the data protection regulator or a government minister? I can sense your reaction to these two questions.  A longish blog on Codes of Practice--oh dear.  On the standard scale found on most data protection “Yawnometers”,  the topic of “Codes of Practice” is usually found on the far right of the scale, just before “Registration fees”. However, this view is mistaken.  If, as this blog explains, the development methodology for producing a ..read more

Last week, the Prime Minister was quoted concerning the need to ensure Artificial Intelligence (AI)  is “introduced safely and securely with guard-rails in place”.  Strange to find that he appears to be unaware that several of these urgently needed guard-rails are being dismantled by the DPDI No.2 Bill (the “Bill”). On June 6th, I delivered a presentation to the Data Protection Forum where there was lively discussion concerning the weakening of data protection within several identified issues of the Bill. I have decided to repeat that lecture, this time as a video so readers can foll ..read more

The DPDI No.2 Bill (the “Bill”) overturns the Third Party direct marketing rules in relation to data subject’s consent that have applied for 40 years, ever since the DPA1984.  This blog illustrates how Third Party marketeers will be able to lawfully rely on legitimate interest for such marketing. For the purposes of this blog, the old ICO DPA1988 Guidance on the processing of personal data for a direct marketing purpose had a useful summary concerning the use of data subject’s consent.  This summary is unchanged by the UK_GDPR except consent has to be obtained by “opt-in”. “Consent i ..read more