Our Data Futures
Influencing UK data policy
Over the next year the UK government will be looking at how it replaces GDPR following Brexit, through the Data Protection and Digital Information Bill. At the same time all the major political parties will be developing their manifestos in the run up to the next General Election, scheduled for 2024 if not before.
We think this means there is a unique opportunity to influence the democratic and participatory governance of data, to ensure it works for us all, as part of the UK’s post-GDPR future.
However, we are also clear that there are real risks that future changes or possible policy directions could do the opposite: reducing individual citizens’ control and influence; removing transparency and key safeguards; limiting opportunities for engagement and ignoring evidence about the collective and equality impacts of data processing and AI.
That’s why for the next 12 months we will be focusing on campaigning to make sure communities get a powerful say in how the data that affects them is collected and used now and in the future by influencing this legislation to:
- ensure risk assessments, balancing tests, the design of codes of conduct factor in collective, societal, equality and environmental impacts
- protect the rights of the direct, indirect and group subjects of automated decision making
- increase democratic accountability on data decisions through better transparency, greater participation, and collective complaint and redress mechanism
We’ll also be working to bring together a group of diverse friends and partners to create an even stronger voice for change - including organisations from across data, tech and civil society, as well as the communities who are directly affected themselves.
Alongside this we’ll be connecting with MPs, Lords, advisors and civil servants to support them to better understand the issues involved and ensure they are informed and able to speak up, so data is both collectively and democratically governed in all our interests.
We are particularly grateful to the Joseph Rowntree Reform Trust for their generous help and support for this work.
Resources
This is a living document collating resources – background, briefings, and commentary – about the UK’s Data Protection and Digital Information Bill. It’s open, so do suggest any additions that you find useful.
This is our public briefing note for the Lords’ Second Reading on the UK’s Data Protection and Digital Information Bill. Our main points are:
- Data is a significant driver of power and progress in modern democratic societies. It is the foundation of AI and automated decision making and has become the medium of relationships between citizens and the state, and between consumers and companies. How it’s regulated affects almost every aspect of our work and lives.
- The Data Protection and Digital Information Bill is the only legislation of this Parliament with direct relevance to AI regulation, but contains provisions that run counter to the government’s AI White Paper. It is out of step with comparator jurisdictions including the EU and USA. It misses a critical opportunity to build public confidence in technology and innovation and deliver business and public benefit.
- The Government added 240 amendments just before Commons Second reading, some of them controversial and consequential, such as DWP access to benefit claimants’ bank accounts and the use of data by political parties. This risks undermining public confidence further and makes scrutiny by the Lords even more vital.
- The Bill trades off citizen data rights for marginal and unproven economic benefits while undermining existing safeguards, parliamentary sovereignty, and democratic governance of data. Instead, it should give citizens and communities a powerful say through a combination of meaningful individual rights, powerful collective representation, and proper democratic scrutiny and accountability.
CONNECTED BY DATA is conducting collaborative work on building a progressive vision for data and tech, with the aim of influencing party manifestos in the run up to the next General Election. As part of that, we are undertaking a project to consider:
- What principles should underpin progressive data, digital and technology policy with a focus on the impact on citizens, consumers and communities.
- What specific policies could look like to deliver these.
The need for collective action to counter harms caused by AI and algorithms processing non-personal data is one factor that has led to calls for improved collective data governance, underpinned by group privacy and collective data rights.
Much of the literature on these rights remains abstract, and there are counterarguments to the introduction of collective data rights in law. Asaf Lubin has argued that there’s a risk that collective data rights could lead to “unjust collectives” that prioritise the rights and interests of the majority over those of the minority. Others point to the existing set of legal tools available to people and groups harmed by data and algorithms, such as equality, public administration, consumer protection or employment law, and ask whether additional rights arising from the use of data or algorithms are really necessary.
We wanted to shed light on the need for collective data rights by examining legal remedies currently available in the UK in three scenarios where the people affected by algorithmic decision making are not data subjects. Our goal was to identify whether and where new collective data rights might be needed to avoid or gain redress for collective data harms, and hence to inform future regulation of data and AI.
As part of this work, we commissioned the law firm AWO to conduct a legal analysis of three hypothetical scenarios where automated decisions may be made based on non-personal data:
- a police force using historic crime data to determine patrol allocations in ways that increase Stop and Search use in over-policed neighbourhoods
- a train operating company using algorithms based on historic data to determine surge prices in ways that disadvantage consumers
- a social media company removing legitimate content in ways that undermine the free expression rights of those interested in LGBTQ+ or non-English content
They found there is less protection for people harmed by ADM when they are not data subjects; gaps when harms are indirect and diffuse, such as arising out of biases in ADM; and significant barriers to access to justice through equalities or sectoral legislation due to low transparency of automated data processing and constraints on who can bring claims for algorithmic harms.
Their full report is linked below; we also hosted a Connected Conversation on the topic with further discussion in September 2023.
This is our response to the Government’s consultation around its AI White Paper: A pro-innovation approach to AI regulation. Our main points are:
- The development and deployment of AI systems presents significant opportunities and threats to individuals, groups, and the broader public interest, including economic growth and the health of democratic processes. Near-term harms and benefits must not be overlooked through an overfocus on remote and extreme risks.
- The positive opportunities of AI for public benefit can only be achieved through the co-design of a regulatory regime that incorporates a wide range of perspectives, disciplines and interests: both when rules and principles are set, and when they are operationalised. This will enhance trust, strengthen outcomes, drive innovation and adoption, and anticipate and manage risks.
- The UK government’s ‘A pro-innovation approach to AI regulation’ white paper acknowledges the importance of hearing and considering public voice. However, there is no indication about how this will be implemented or the findings from it enforced either by regulators or by AI developers and users.
- The white paper fails to give sufficient legal and financial power and capabilities to the sector regulators who are the backbone of its regulatory approach. It also neglects the role of civil society groups as drivers of accountability, including for the public sector’s own use of data and AI.
- These omissions have created an unbalanced, narrow and technocratic proposal that has already been outpaced by political and technological developments.
- A renewed approach is needed that offers a positive framework for the development of cross-cutting AI technologies geared towards the most pressing socio-economic issues. Giving communities a powerful voice in this process will be critical to this approach.
- Data is a driver of power and progress in modern democratic societies. It has become the medium of relationships between citizens and the state, and between consumers and companies, as well as being the foundation of AI and automated decision making. How it’s regulated affects almost every aspect of our work and lives.
- The Data Protection and Digital Information (No.2) Bill removes important citizen data rights and undermines existing safeguards, parliamentary sovereignty, and democratic governance of data. It misses a critical opportunity to build public confidence in technology and innovation and deliver business and public benefit.
- At the same time, the Bill’s business benefits are minimal and its changes provoke the risk of a politicised decision on data adequacy by the European Commission at a time of already strained relations with the EU. Most SMEs are already exempt from the most costly aspects of GDPR. The largest companies will achieve negligible savings as they need to support new and multiple regimes. The Bill’s impact on public trust will counterproductively hamper data sharing and technology adoption.
- Amendments are needed to give citizens and communities a powerful say through a combination of meaningful individual rights, powerful collective representation, and proper democratic scrutiny and accountability. This will enable agile and context-aware regulation, protect citizens, and foster sustainable and responsible innovation.
Our lives have become digitised. Data about who we are, what we do and the environment we live and work in is collected about us constantly, whether we realise it or not. Whoever controls that data, be that big corporations or governments, has incredible power.
Yet, amid the hype and worry about the data-driven transformation of our world, there is often something conspicuously missing: personal stories. They ground our understanding that this change is not a remote future, but is a reality in progress that is affecting every relationship and interaction we have, as workers, family members, consumers and as citizens.
By hearing the voices of individuals we can better see the impacts of a datafied society. How we are affected is dependent on our individual circumstances, but the power of data is on a societal level. Whether at school, at work or in the justice system, there is a need to bring in this collective voice.
Through these stories, we aim to not only illustrate the reality of the impact of data on our lives, but to point the way towards a different approach, including:
- a focus on the wider impact of the collection and use of data
- rights for all those affected by data-driven decisions
- processes of participation for the public to help shape a datafied society
Our first data stories focus on people at work. Over time, we aim to add more, about people in education; interacting with health services; and within the justice system.
This is our public briefing note on the UK’s Data Protection and Digital Information (No.2) Bill. Our main points are:
- Data is a significant driver of power and progress in modern democratic societies. It has become the medium of relationships between citizens and the state, and between consumers and companies, as well as being the foundation of AI and automated decision making. How it’s regulated affects almost every aspect of our work and lives.
- The Data Protection and Digital Information (No.2) Bill trades off citizen data rights for marginal and unproven economic benefits while undermining existing safeguards, parliamentary sovereignty, and democratic governance of data.
- The Bill misses a critical opportunity to build public confidence in technology and innovation and deliver business and public benefit. It should give citizens and communities a powerful say through a combination of meaningful individual rights, powerful collective representation, and proper democratic scrutiny and accountability.
Note: This briefing has been superseded by our briefing on the second version of the Bill.
This was our public briefing note on the initial version of the UK’s Data Protection and Digital Information Bill. Our main points were:
- Data is a significant source of power in modern democratic societies. It is becoming fundamental to the social and political contract between citizens and the state, and to transactions between consumers and the private sector.
- The Data Protection and Digital Information Bill undermines existing safeguards and democratic governance of data and misses a critical opportunity to extend it for citizen, community, business and public benefit.
- Amendments are needed to: address the collective impacts and risks of modern data processing; empower those affected by automated decision making; and build trust through transparency, effective redress mechanisms, and public participation.
Events
How can we protect and empower communities in an era of artificial intelligence – and how should the Green Party approach the governance of data and AI? These were the overarching questions posed by our executive director, Jeni Tennison, to Natalie Bennett (former leader of the Green Party and now a member of the House of Lords) and Andy Stirling (Professor of Science and Technology Policy at the Science Policy Research Unit at the University of Sussex) at the Green Party conference in Brighton.
Wales TUC are looking into how AI is affecting workers across different sectors, and how trade unionists are managing the increasing roll out of data-driven technologies
Wales TUC - supported by Dr Juan Grigera from Kings College London and Adam Cantwell-Corn from Connected by Data - are investigating how workers in a range of sectors are responding to digitalisation and AI at work. This write up is intended to capture the key comments by the workers, which will later inform a full report.
Artificial intelligence is having a dehumanising effect on workers as they are continuously monitored. What’s more, it’s leading to workers being deskilled, their tasks restructured and sometimes managed out of their jobs.
New technology is being forced on workers without consent. But trade union members are determined to resist the negative aspects of artificial intelligence.
Wales TUC are looking into how AI is affecting workers across different sectors, and how trade unionists are managing the increasing roll out of data-driven technologies.
Wales TUC - supported by Dr Juan Grigera from Kings College London and Adam Cantwell-Corn from Connected by Data - are investigating how workers in a range of sectors are responding to digitalisation and AI at work. This write up is from the second workshop in the project. The first write up is available here.
Amid the hype and worry about the data-driven transformation of our world, there is often something conspicuously missing: personal stories. They ground our understanding that this change is not a remote future, but is a reality in progress that is affecting every relationship and interaction we have, as workers, family members, consumers and as citizens.
In an effort to address this and build on these case studies, Connected by Data worked with Mary Towers of the TUC’s AI project and affiliate unions to support three workers with direct experience of AI to be in conversation with MPs. On the 20th June, in the grand setting of Committee Room 9 of the House of Commons, a packed audience of trade unionists, policy professionals, politicians and journalists heard first hand how AI is affecting workers in the here and now.
Parliamentary scrutiny of the Data Protection and Digital Information Bill (No.2) kicked off on 10 May 2023 with the opening day of the Public Bill Committee.
The cross party Committee, comprised of 17 MPs and chaired by Ian Paisley Jr (DUP) and Philip Hollobone (Con), is charged with scrutinising the Bill line by line and will run to no later than 13 June.
On the first day, the Committee heard evidence from a range of stakeholders, including the ICO, business and tech interests and civil society, including CONNECTED BY DATA’s Jeni Tennison.
Jeni spoke on this panel, organised by the Joseph Rowntree Reform Trust and chaired by Cllr Lisa Smart, at the Liberal Democrat Spring Party Conference 2023, alongside Silkie Carlo from Big Brother Watch and Martha Dark from Foxglove Legal.
As the Data Protection and Digital Information Bill continues its erratic legislative journey, we convened an open call for interested parties to share, discuss and maybe act together. In this open Zoom meeting, Gavin Freeguard chaired an open discussion of first reactions and thoughts in a confidential and trusted space.
On Thursday 9 March 2023, CONNECTED BY DATA, working with Labour Together, convened a workshop with experts from civil society (and Labour advisers) to consider:
- what principles should underpin progressive data, digital and technology policy
- what some specific policies could look like
On 5th December 2022, CONNECTED BY DATA organised an event in parliament, hosted and chaired by Lord Tim Clement-Jones, to explore three key areas around the future of data governance: automated decision-making, data at work and data in schools.
These are all areas that could be affected by the Data Protection and Digital Information Bill, expected to return to parliament for its second reading at some point in 2023. We think the Bill represents an opportunity to influence how data is governed in a more democratic and participatory way, but worry that – in its present form – it undermines existing safeguards and misses the chance to extend democratic data governance.
The three areas under discussion also represent domains where growing data collection and use could have both significant benefits and harms in the future, regardless of what happens to the Bill. The event invited opening contributions from civil society and academic experts on each topic before opening up to a wider discussion. The experts were on the record unless they requested otherwise, with everyone else being unattributed under the Chatham House Rule.
On 30th September 2022, CONNECTED BY DATA organised a civil society workshop to explore the Data Protection and Digital Information Bill.
As we wait for the date for the second reading of the Data Protection and Digital Information Bill, many civil society organisations have different concerns and interests, and can see different opportunities and risks.
Here at CONNECTED BY DATA, for example, we think the Bill presents a real opportunity to influence how data is democratically and participatively governed, to ensure it works for us all, as part of the UK’s post-GDPR future. However, we also fear that, in its present form, the Bill reduces individual citizens’ control and influence, removes transparency and key safeguards, limits opportunities for engagement and ignores evidence about the collective and equality impacts of data processing and AI.
Opinion
Michelle Donelan, the Secretary of State for the Department of Digital, Culture, Media and Sport (DCMS), announced a new, British, approach to data protection at the October 2022 Conservative Party Conference. It seems the Johnson government’s new direction for data, which culminated in the Data Protection and Digital Information Bill introduced in Parliament in July, is to be revised through more consultation, though it appears not a public one.
GDPR isn’t perfect and it would be great if the UK could be bold in changing data protection laws to build on and move beyond GDPR. Unfortunately, the Bill as it stands takes backwards steps rather than confronting future – or even current – challenges. Its focus on simply reducing regulation, especially for small businesses, is misplaced and out of step with the kind of regulation the modern data economy needs.
Weeknotes