Peter Macdiarmid/Getty Images for Somerset House
show image

Darren Jones

MP for Bristol North West and director of Labour Digital

The Data Protection Bill fails at properly regulating the digital world

The Data Protection Bill has been a missed opportunity to debate the pressing issue of the regulation of the fuel that powers the internet economy: our personal data.

The government missed the opportunity to discuss the big issues of data ownership, the use and regulation of algorithms, the value of our personal data (to us as citizens and to the state) and the global co-operation that is needed to ensure a harmonised high standard of compliance in the face of global technology companies.

Instead, the government sought only to extend broad powers for the state, to remove fundamental legal principals that guarantee our rights to privacy, and to react – at the last minute and with little debate – to the obvious need for stronger enforcement powers for the Information Commissioner.

In the face of the Cambridge Analytica scandal, the tragedy of failed algorithms in the NHS (for the recall of breast cancer screening) and our lack of authority in the world when our Parliament is ignored by the likes of Mark Zuckerberg (but not in the US or the EU), those of us who watch these issues closely throw our hands in the air.

As a Member of Parliament, I’ve all but given up in trying to improve this Bill. Through days of line-by-line assessment in Committee, perfectly credible and sensible arguments were made for improvements. All were rejected without any proper engagement in the debate, with Conservative MPs who just read what their civil servants handed them and just voted how their whips told them. I’d encourage readers to read the transcripts of the debate in the House and in Committee. And I apologise in advance, on behalf of Parliament, for the poor quality of it all.

Because the Data Protection Bill was steam rolled through the House with the somewhat plausible concern about the limited amount of time left to prepare for the direct application of EU law in the UK (namely the General Data Protection Regulation, or GDPR, and the Law Enforcement Directive). The irony, therefore, when it became clear that the UK was due to miss the EU deadline for implementing the Law Enforcement Directive is evident. That legislation had to be on the books by the 6th but here on the 9th, we’re still debating it in the House of Commons.

And what news of the all important decision to get an agreement of adequate data protection laws from the EU? Nothing. No doubt held back by the continued and unacceptable delays on all aspects of Brexit legislation, and a failure to move on in negotiations due to a complete inability to solve party political problems in the shadow of the risk of breaching the Good Friday Agreement through border controls in Northern Ireland. For the individuals and companies who share 70% of UK data flows with the EU, any failure to secure that adequacy agreement would result in a digital disruption on a scale never seen before.

As often seems to be the case, technological advancement zooms past the ability for Parliament to regulate quickly enough. But don’t believe the stories that it’s because politicians don’t understand the issue. Just look at the excellent select committee reports that come out frequently, from DCMS, the Health and Social Care Committee, the Justice Committee and the two committees I sit on, EU Scrutiny and Science & Technology.

We had the opportunity with the Data Protection Bill to set our standards high, and to lead a cutting edge legislative debate in the world. Instead, we’ve ended up with a rushed, inadequate Bill which serves certain time pressures but fails at properly understanding and regulating the digital world within which an increasing amount of our daily lives are lived. And to complete the humour of this whole sorry show, the Government will no doubt seek to claim credit for the very changes in the law that came directly from the European Union that it now seeks to exit from.

It’s vital that politicians – not just in Britain, but around the world – don’t consider the issue of internet and data privacy regulation to now be “done”. But we must recognise, instead, that our new laws are already old and that the debate must not only go on, but get significantly better too.

Darren Jones is the Labour MP for Bristol North West, is a member of the EU Scrutiny and Science & Technology Select Committees and was a member of the Public Bill Committee for the Data Protection Bill. He tweets at @darrenpjones.