Thirty civil society organisations have accused the Department for Digital, Culture, Media and Sports (DCMS) of conducting “rigged” and potentially unlawful consultation process around its new Data Reform Bill, the UK’s proposed replacement for GDPR.
In a letter to Nadine Dorries, Secretary of State for DCMS, seen by Tech Monitor, organisations including human rights group Liberty, Index on Censorship, Big Brother Watch, Privacy International and the Open Rights Group (ORG) say DCMS refused to meet and engage with them as part of the consultation process for the Data Reform Bill, which was announced in last month’s Queen’s Speech.
This breaks the department’s promise to engage equally with representative groups, the letter alleges, and that it potentially violates the “Government’s Code of Practice on Consultations”, which requires it to consult with groups disproportionately affected by law changes. The signatories of the letter believe the changes to data laws could have a big impact on the rights of groups across society.
DCMS denies the claims, and says it carried out a full consultation.
What is the Data Reform Bill?
The UK government has made replacing GDPR with a more flexible data regime one of its post-Brexit goals, and the ten tech priorities listed in its National Data Strategy include “unlocking the power of data”. While the government believes it can establish a more agile data regime to encourage innovation, critics say the changes could weaken protections for citizens and put the data adequacy agreement with the EU, which allows information to flow between the UK and Europe, at risk.
In the letter, the civil society organisations are referring to the consultation that took place between September and November 2021 on reforming the UK’s data protection regime. DCMS launched a consultation, ‘Data: a new direction’ to help shape the new data laws. “Outside of the EU, the UK can reshape its approach to regulation and seize opportunities with its new regulatory freedoms, helping to drive growth, innovation and competition across the country,” the DCMS said at the time.
The bill itself was announced during the Queen’s Speech, and included plans to modernise the Information Commissioner’s Office (ICO) and increase industry participation in Smart Data Schemes.
Content from our partners
‘Government is eager to work with sympathising businesses’
In its letter, the collective of civil society organisations expressed concern that since the bill was announced DCMS had invited a “select and limited number of interested parties” to continue discussing it with the department outside of the formal consultation period.
The letter says the groups believe ‘Data: a new direction’ “put forward worrying and, in some cases, dangerous proposals to scrap the GDPR and the protections it affords to women, workers, patients, migrants, ethnic minorities, LGBT communities, and everyone else.
“A formal response to the consultation addressing the concerns expressed by many has not been published yet. According to DCMS officials, the content of this response has not yet been finalised. DCMS invited a select and limited number of interested parties to continue engagement with their department beyond the formal consultation period, and reiterated such invitations in the days immediately after the Queen’s Speech, indicating that discussions had not yet closed.”
The organisations go on to write that DCMS turned down the offer to organise initial meetings with a “wide range of civil society organisations representing some of the groups that may be disproportionately impacted by any changes to data protection law.”
“This reversal of DCMS’ offer of engagement has led to a suspicion that DCMS is keen to work with sympathising businesses and respondents of their choice while ignoring ordinary citizens and everyone who criticises their proposals,” the letter says. “The undersigned organisations are appalled at this decision.”
Commenting on the letter, Jim Killock, executive director of the ORG, criticised the government for the way it handled the consultation. “This rigged consultation process is a classic government stitch-up aimed at uprooting some of the most fundamental protections enjoyed by citizens,” he said.
Potential problems with the Data Reform Bill
In its correspondence with the DCMS, the group said they fear that the new bill would “undermine effective legal remedies and independent oversight”, promoting toxic business practices instead of innovation and growth.
They use the example of workers in the gig economy who they believe could be stripped of important protections “such as the ability to challenge unfair automated decision making as well as the right to inspect and port their data.”
It says the new framework may conflict with the UK’s obligations under the Council of Europe Convention 108, the international instrument for protecting personal data, and the European Convention of Human Rights. “In turn, this would undermine the adequacy status that UK businesses and organisations rely on for international data transfers,” the letter says.
It adds that trust in the government using data is already very low and that what is currently being proposed will increase distrust and decrease public participation in data gathering initiatives.
Why are critics calling the Data Reform Bill consultation unlawful?
As part of any consultation on legislation, the UK Government has a code of practice on how to undertake the process.
The letter says that the DCMS has not followed this code. Section 3.4 of the code explains: “Consideration should also be given to asking questions about which groups or sectors would be affected by the policy in question, and about any groups or sectors (eg small businesses or third sector organisations) that may be disproportionately affected by the proposals as presented in the consultation document.”
Killock argues that the wide-ranging impact of data laws means civil groups should have been consulted. “GDPR affords important protections to women, workers, patients, migrants, ethnic minorities, LGBT communities, and everyone else,” he says. “The Data Reform Bill will endanger all this if the DCMS makes the wrong calls and keep carrying out their consultation without regard of due process.”
Government Consultation Principles guidelines say that consultations should be targeted and should consider the full range of people, business and voluntary bodies affected by the policy. This includes ensuring people are aware of the consultation, can access it and considering the needs and preferences of particular groups such as older people, young people and people with disabilities.
A spokesman for DCMS said: “It is not true to suggest that we have not engaged with civil society organisations. We have done so, among many stakeholders, to receive views on our data reform consultation. Like all public consultations it has been available online for anyone to read and put their views forward and we will publish our response to it shortly. We have received almost 3,000 responses that range from civil society groups, to businesses and members of the public.”
