Algorithm opt-out under scrutiny in data protection reform
By Michael Cross >>
(17 June 2022)
The right not to be subject to a decision based solely on automated processing could be watered down in reforms to data protection law – but the government appears to have backed away from the idea of abolishing it entirely. This is one of several concessions expected to be announced in the government’s long-awaited move to create a UK data protection regime distinct from the EU’s General Data Protection Regulation (GDPR).
Article 22 of the General Data Protection Regulation, now part of the so-called UK GDPR, states that data subjects ’shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her’. In its consultation on reform, the government last year proposed abolishing the opt-out to encourage the ‘data driven economy’.
However the Gazzette understands that article 22 will instead be amended to create specific safeguards, rather than as a general prohibition on solely automated decision-making.
Other changes in the Data Reform Bill, to be published today, include:
- Increased fines for nuisance calls and texts and other serious data breaches.
- Measures to reduce the number of ‘user consent’ pop-ups and banners on websites. Web users will be able to set an overall approach to how their data is collected and used, rather than having to give consent every time.
- A new governance regime for the Information Commissioner’s Office. This will put greater emphasis on taking into account growth, innovation and competition.
The government claims that reforms to data protection laws could save UK businesses £1bn a year. However its freedom of manoeuvre will be limited if it wishes to retain ‘data adequacy’ status with the EU.
Digital Secretary Nadine Dorries said: ’Today is an important step in cementing post-Brexit Britain’s position as a science and tech superpower. Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection. Outside of the EU we can ensure people can control their personal data, while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation.’
(Courtesy: The Law Society Gazette)