UK data guardian challenges government proposals on automated decision-making

Plans to change UK regulations could mean a 'significant departure' from EU law, watchdog says


The UK's National Data Guardian (NDG) has warned the government against watering down individuals' rights to challenge decisions made about them by artificial intelligence.

The independent healthcare data rights watchdog also said the government's consultation on changes to data protection law following the UK's departure from the EU makes proposals that would represent a "significant departure" from the General Data Protection Regulation (GDPR), potentially jeopardising data-sharing arrangements.

The UK's current implementation of the GDPR, the Data Protection Act 2018, stipulates in Article 22 that people have a right not to be made subject to a solely automated decision-making process if that decision has significant effects.

These rights should be reviewed, according to the consultation launched by the Department for Digital, Culture, Media and Sport (DCMS) in September. The proposals state that the need "to provide human review [of AI decisions] may, in future, not be practicable or proportionate."

In her response to DCMS's consultation, Data: a new direction, NDG Dr Nicola Byrne said: "The NDG has significant concerns about proposed reductions to existing protections and the ability of professionals, patients, and the public to be actively informed about decisions that can have significant impacts for them.

"Further, it may negatively impact people's trust in decisions made about them by solely automated means if the safeguards in Article 22 are not retained. In the health and care context, any removal of the ability to contest or ask for human intervention in relation to a decision could significantly affect the quality of care.

"As elements of healthcare become more efficiently managed through AI, the importance of the human nature of the relationship through which care is provided must not be lost."

Dr Byrne also said that government proposals – such as amendments to research provisions, rules on automated decision making, and changes to data subject rights – would represent a significant departure from EU data protection law.

The opinion gives weight to the view that changes to data protection law risk the EU's "adequacy" decision, which allows continued data sharing between the trading bloc and the UK.

The UK's previous digital secretary, Oliver Dowden, said the UK would continue to align with the GDPR and that Britain would set a "gold standard" in data regulation, "but do so in a way that is as light touch as possible."

Lawyers have pointed out that there is no specific end date to the adequacy decision and the EU could choose to review it at any time.

Other opinions slammed the whole consultation process. A blog from legal training firm Amberhawk said the consultation provided no evidence for most of the legislative changes it claims were needed.

It pointed out the consultation asks respondents to answer the same question many times. "Roughly speaking, this question goes: 'We know that controllers find the following data protection elements a right pain in the arse; please explain your answer, and provide supporting evidence where possible'.

"The consultation is largely drafted from a position where the controller becomes entitled to process the data subject's personal data without consideration of how the data subject's wishes or interests are protected."

Meanwhile, the UK's outgoing Information Commissioner has said there were reasons to be concerned about proposed changes to data regulations in the UK.

"Despite... broad support for the proposals to reform the ICO's constitution, there are some important specific proposals where I have strong concerns because of their risk to regulatory independence," Elizabeth Denham said in a statement in July.

DCMS is examining feedback on its consultation, which closed on 19 November. ®

Similar topics

Broader topics


Other stories you might like

  • India reveals home-grown server that won't worry the leading edge

    And a National Blockchain Strategy that calls for gov to host BaaS

    India's government has revealed a home-grown server design that is unlikely to threaten the pacesetters of high tech, but (it hopes) will attract domestic buyers and manufacturers and help to kickstart the nation's hardware industry.

    The "Rudra" design is a two-socket server that can run Intel's Cascade Lake Xeons. The machines are offered in 1U or 2U form factors, each at half-width. A pair of GPUs can be equipped, as can DDR4 RAM.

    Cascade Lake emerged in 2019 and has since been superseded by the Ice Lake architecture launched in April 2021. Indian authorities know Rudra is off the pace, and said a new design capable of supporting four GPUs is already in the works with a reveal planned for June 2022.

    Continue reading
  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading

Biting the hand that feeds IT © 1998–2021