Data protection and digital information bill changes wording on which requests for personal data can be refused
Individuals’ control over and access to their data is being undermined by a post-Brexit bill that favours big business and “shady” technology companies, a digital rights group has claimed.
The data protection and digital information bill includes changes to rules on subject access requests (SARs), which allow an individual to ask an organisation for copies of personal information that it holds about them, and automated decision-making.
Greatly expanded the situations in which AI and other automated decision-making was permitted and made it even more difficult to challenge or understand when it was being used.
Granted vast powers to the secretary of state to direct the Information Commissioner’s Office and more controls over how data is collected and re-used without proper parliamentary oversight.
Created “extremely vague” exemptions for re-use of data – collected for routine things such as housing or social benefits – for “national security” and “crime prevention purposes”, which would expand surveillance.