Government report on overhauling GDPR alarms privacy campaigners

TIGRR report 'signals the Government’s desire to gut GDPR and your privacy rights' says Open Rights Group

A taskforce comprised of three Conservative MPs released a report yesterday outlining suggestions for reforming UK regulations for the Brexit era, including data protection legislation.

In March, Digital Secretary Oliver Dowden expressed the thought that Britain needs to "take a slightly less European approach to data privacy". The new report by the Task Force on Innovation Growth and Regulatory Reform, TIGRR, suggests the direction these musings might be headed, and it does not look good for privacy.

The task force, made up solely of Conservative MPs: Theresa Villiers, George Freeman and chair Ian Duncan Smith, describes GDPR as "stifling", "already out of date" and a cause of unnecessary confusion. It mentions the annoying cookie opt out boxes as an example of this, saying that the GDPR can overwhelm people with "consent requests and complexity they cannot understand, while unnecessarily restricting the use of data for worthwhile purposes".

This, of course, misses the fact that consent requests are an implementation loophole and often unlawful, which proper enforcement of the GDPR would eliminate.

The report calls for UK data protection legislation, which is currently aligned with GDPR, to remove the Article 22 provision, which covers the right of individuals not to be subject to a decision based solely on automated processing, including profiling.

Also in its sights is Article 5, which requires personal data collection to be restricted to "specified, explicit and legitimate purposes," and "adequate, relevant and limited to what is necessary", restrictions they say hinders the development of AI.

The clear aim of these suggestions is to ditch many of the current restrictions on the algorithmic processing of personal data.

The task force claims to have consulted widely with academics, parliamentarians, experts and think tanks, but the engagement list is decidedly industry heavy, featuring no named academics.

The review has been met with dismay by privacy campaigners.

"The report is significant, because it signals the Government's desire to gut GDPR and your privacy rights", said Mariano delli Santi of Open Rights Group in a blog post, seeing its suggestions as a dangerous attempt to remove any oversight, deferring decision-making to machines.

"If a decision that produces a legal obligation wasn't reviewable, AI would effectively become a backdoor to justify any kind of abuse: think of a company claiming a debt against you based on an automated decision that cannot be understood, or Government denying benefits to an individual based on criteria that cannot be scrutinised."

The think tank Institute for Government, which was consulted in its creation, described the report as a "positive vision", but criticises it for failing to acknowledge that divergence from EU rules may come at a cost.

"Major overhaul of GDPR data protection rules risk the EU withdrawing its (yet to be confirmed) data adequacy decision - without which businesses will find it much more difficult and costly to transfer personal data from the EU to the UK," wrote senior researcher Joe Marshall.

The TIGRR report also makes proposals in areas including as smart grids, Net Zero technologies and digital health.