The National Data Guardian (NDG) for health and social care has issued a cautionary response to the Government’s proposals to change the regulatory regime for data in the UK.
It has published its formal response to the consultation run by the Department for Digital, Culture, Media and Sport (DCMS), saying there is a need for more evidence of the positives and negatives of changing the regulations relevant to care.
It points out that some of the proposals – such as amendments to research provisions, rules on automated decision making and changes to data subject rights – would represent a significant departure from EU data protection law. This would require careful scrutiny as it could affect the UK’s data adequacy arrangement with the EU.
The NDG cites an example of clarifying rules of consent to support research, where consent is not the usual lawful basis, being outweighed by a loss of adequacy that would see UK research organisations having to implement standard contractual clauses to receive data from the EU in pan-European clinical trials and digital research projects.
“The NDG encourages the Government to provide further evidence to support the proposals in the consultation, so as to be clearer about both the nature and degree of the current problems that it is seeking to address, and thereby to ensure the balance is in favour for any proposed solutions against their potential risks,” the response document says.
“The Government should take an iterative approach and engage with key stakeholders within the heath and care system. This will help the government to understand the issues that are of significant importance, and ensure any unintended consequences are avoided.”
It also comes up with a series of recommended actions in relation to the proposals in regard to research, legitimate interest, artificial intelligence, data subject rights, data minimisation and anonymisation, data intermediaries and the use of personal data in the Covid-19 pandemic.
The NDG’s contribution comes after a response to the proposals, which were first published in September, from the Information Commissioner’s Office (ICO). This expressed broad support but also caution in a number of areas, including the processing of health data, saying it was against a proposal to remove the safeguard of a healthcare professional having oversight of the process, although recognising a need for some flexibility when this is not possible.
It also registered a strong concern that the proposals for the future status of the ICO, notably that the chief minister of the DCMS, would have to approve its guidance and appoint a chief executive officer, would not safeguard its independence.
Information Commissioner Elizabeth Denham urged the Government to reconsider this element of the proposals.
Image from iStock, maxkabakov