The government claims a data bill introduced in the House of Lords today will improve public services and boost the UK economy by £10bn.
The Data Use and Access Bill will allow patient healthcare records to be accessed by all NHS trusts, GP surgeries and ambulance services.
The move, which is expected to save 140,000 hours a year in NHS staff time, will speed up treatment and could save lives, the Department for Science Innovation and Technology (DSIT) claims.
The 59-page bill, which underpins Labour’s 10-year health plan, will require technology suppliers to ensure their systems comply with technical standards that will allow health records to be shared across different IT systems.
Other measures include proposals to allow police to access personal data from police databases during investigations without having to manually record the “justification” for the search.
The government estimates that the move will free up 1.5 million hours of police time and save £43m in taxpayers’ money.
Technology secretary Peter Kyle said the plans would boost the NHS and reduce administration.
“With laws that help us to use data securely and effectively, this bill will help us boost the UK’s economy, free up vital time for our frontline workers, and relieve people from unnecessary admin so that they can get on with their lives,” he said.
Campaign groups, however, have raised concerns that the bill removes protection for individuals from companies and government departments using AI and automated decision-making to make significant decisions about people’s lives, and could lead to data being shared for purposes it was not intended for.
Digital IDs
DSIT also claims that better use of data enabled by the bill will make it easier for people to verify their identities online when, for example, renting a flat or starting a job.
The bill will legislate on digital verification services, allowing companies that provide tools to verify people’s identity to be certified and receive a government “trust mark”.
Julie Dawson, Yoti
“The bill will help make sure digital verification services are inclusive, secure and privacy-preserving, and will make it easier for people to know which services they can trust,” DSIT said in a statement.
The bill will create the right conditions to support the future of open banking and smart data schemes to allow the public to share data with third parties that can offer personalised financial advice and product comparisons, DSIT added.
Julie Dawson, chief policy and regulatory officer at biometric supplier Yoti, said the establishment of the Digital Verification Service (DVS) will enhance confidence in digital identities.
“Digital IDs have the potential to transform how we complete everyday tasks, such as purchasing age-restricted goods and services, collecting parcels, opening bank accounts, and even moving house. They are already being successfully used for employment checks, and this bill opens up further opportunities to make life simpler for UK citizens by expanding the practical applications of digital IDs,” she said.
“However, with countries like Australia and Germany already progressing their digital ID systems, and the US rolling out mobile driving licences, the UK risks falling behind if a comprehensive strategy for digital identities, accredited and listed on the Digital Verification Service, is not developed promptly.”
Online safety
In a move to support the Online Safety Bill, the proposed Data Use and Access Bill will also introduce powers to give researchers access to data held by online platforms to conduct independent research into online safety, seen as an important safeguard in monitoring harmful content on social media.
Other moves include a proposal to replace the paper-based registration of deaths in England and Wales with an electronic birth and death register. That will give people the choice to register deaths with local authorities by phone rather than in person.
The bill will place the National Underground Asset Register, which maps underground pipes and cables, on a statutory footing, making it mandatory for water and telecoms companies to register their assets.
The move is expected to reduce the risks of accidents to underground water, energy and broadband cables, which cost the economy £2.4bn a year, according to government estimates.
The measures will be underpinned by reforms to the Information Commissioner’s Office (ICO), which will be given a new structure and new powers of enforcement, the government said.
Radical data protection reforms dropped
The bill picks up measures that were proposed in the previous government’s Data Protection and Digital Information Bill, which failed to be passed before the general election.
Greg Palmer, a partner at law firm Linklaters, said the government had dropped more radical reforms of data protection that could have risked UK data sharing with the European Union (EU).
“The new Data Use and Access Bill builds on a number of concepts in the reform proposals of the previous government, whilst removing some of the perceived passion for reform of data protection for its own sake. This will be welcomed by UK businesses as it avoids unnecessary divergence from the EU data protection regime and reduces the risk of the EU deciding the UK is not an “adequate” jurisdiction for transfers of personal data,” he said.
Linklaters partner Richard Cumbley said the bill also addresses weaknesses in the current data protection regime. These include requiring the data protection commissioner to complete investigations within six months, rather than risking investigations running for years.
It also brings pixel tracking and device fingerprinting onto the same footing as cookies, restricting a perceived loophole widely used by online marketers to avoid cookie rules, he said.
The secretary of state will be able to find countries adequate or inadequate, and stop data transfers to the latter, he added.
Benefits to police and NHS
Vin Diwakar, national director of transformation at NHS England, said the bill will give health professionals more face-to-face time with patients and improve clinical outcomes.
“By simply using data more efficiently, we can save time and money, and create a modern, digital NHS that continues to improve care for patients,” he said.
Vin Diwakar, NHS England
Minister for crime, policing and fire, Diana Johnson, said the bill would allow police officers to spend time protecting the public rather than in the office dealing with administration.
“As part of our mission to make streets safer, this government will bring back neighbourhood policing, ensuring thousands of additional police and community officers are out patrolling our towns and communities,” she said.
Neil Ross, associate director for policy at industry trade body TechUK, said the bill was the start of a “welcome effort” by the government to unlock data.
“These legislative changes strike the right balance between maintaining the UK’s existing high data protection standards and driving forward essential reform. However, they must be coupled with the cultural and organisational mindset shift required to seize the full potential advantages of new data-driven technologies,” he added.
Areas of concern
The removal of police logging requirements, however, could represent a divergence from the EU’s Law Enforcement Directive (LED), which requires logs to be kept detailing how data is accessed and used.
“The logs of consultation and disclosure shall make it possible to establish the justification, date and time of such operations and, as far as possible, the identification of the person who consulted or disclosed personal data, and the identity of the recipients of such personal data,” it said.
Computer Weekly contacted DSIT about the removal of the logging requirements and whether it believes this measure represents a risk to the UK being able to renew its LED adequacy decision in April 2025, but DSIT declined to comment on the record.
A concern raised by digital rights campaigning organisation the Open Rights Group (ORG) is that the bill will fail to protect the public from harmful uses of artificial intelligence and automated decision-making.
ORG legal and policy officer Mariano Delli Santi said the Data Use and Access Bill gives governments and businesses powers to make automated decisions. “This is of particular concern in areas of policing, welfare and immigration, where life-changing decisions could be made without human review,” she said.
This could include using automated decision-making to fire workers, calculate wages, or decide on visa and benefits applications.
“It also gives the secretary of state the right to outright exempt automated decision-making systems from data protection safeguards regardless of the risk they pose to the public,” she said.
The bill will also make it easier for organisations to share data collected for one purpose with public authorities and private companies, which may use it for a different purpose, such as immigration control or predictive policing.
“For example, data collected by GPs could be shared with the police or Home Office,” she added. Personal data shared under the guise of research could potentially be used for commercial purposes.
The Open Rights Group also raised concerns that the government will be responsible for selecting members of the new Information Commissioner’s Office and determining their salaries. “This allows the government to interfere with the independence of the ICO,” the ORG said.
“There are no measures for Parliament to approve appointments, or for individuals to challenge the ICO in court, leaving it very hard for individuals to challenge substantive ICO decisions, even at Judicial Review,” the group said.