Following the British referendum on June 23, 2016, where a majority of voters voted for the UK to withdraw from the European Union, the country has not been part of the EU since January 31, 2020. Wanting to accentuate its detachment from the European political-economic body and boost the nation’s economy, the British government has introduced its plan to reform its personal data protection regulations. Unlike the RGPD which governs in the EU, the British text considers that the management of this data is more about managing a risk that should not materialize more than a set of rules to follow.
The four areas where the new UK data protection law should be more flexible are
Human oversight: a disproportionate practice for the UK government
The right to human intervention in an automated decision is defined by Article 22 of the GDPR. Unlike the EU regulation, the new UK text wants to stop imposing human supervision on AI algorithms whose analyses may affect the lives of individuals in one way or another.
Currently, most automatic AI decisions already involve human intervention at some point. According to the UK government, this human oversight is disproportionate and tends to be increasingly so as AI’s presence in our society increases.
At the same time, the British are looking at creating data couriers that would facilitate exchanges in order to boost innovation. This would make it easier for organizations to share their data without feeling spied on and hamstrung by strict regulations, with the help of specialists who are well versed in data management. This would be a third party, a sort of impartial referee who would help organisations in the exchange, management and sharing of confidential data.
One of the main thrusts of the proposed text: revisiting legitimate interest
Legitimate interest refers to cases where it is not necessary to ask for the consent of the individual in order to use or exploit certain things related to that person. For example, in the area of data, this includes the processing of data to perform a service to which a person has subscribed or to respond to a legal request.
For the UK, legitimate interest is still a vague concept and it wants to limit this vagueness. Thus, the government wants to design an exhaustive list where legitimate interest is the order of the day to avoid asking for additional consents that it considers unnecessary. Basically, when an AI will process personal data, the consent of the individuals involved will not necessarily be requested unless the context requires it, as it is present in the government’s list.
The issue of fairness: the UK government’s transparent response
In Article 15 and 22 of the GDPR, the concept of fairness is mentioned. This concept implies that individuals’ personal data should be used in the way people expect. In addition, the outcome of any application of AI must be fair, i.e. not discriminate against any individual or group of individuals on the basis of external criteria (demographic, geographic, ethnic, etc.).
Policy makers in the UK consider this concept to be unclear in terms of its pure application. In terms of data protection, they consider that it is sufficient that the process of data processing and the purposes of its use should be transparent.
A better definition of research in AI and data
The last point concerns research: the government wants to facilitate the use of personal data as long as this data is used for research. It is therefore important and necessary according to the United Kingdom to better define what is AI research in order to give a concrete framework to the legal use of personal data.
As such, the management of personal data is now seen by the UK government as the management of a risk that should not materialize and not as a set of rules to be followed. One of the questions that it is now legitimate to ask is whether the UK will remain in the equivalence agreement with the European Union that allows unrestricted transfers of personal data?
Translated from Vers la fin du RGPD au Royaume-Uni : quatre mesures phares pour être moins restrictif et stimuler la croissance du pays
