A quietly announced adequacy decision from the EU may seem like a minor detail in the UK’s departure but is vital for many sectors.
General Data Protection Regulation 2016 (GDPR) is EU wide legislation on data safeguarding and privacy. This applies internally and to other countries dealing with EU citizens, part of the reason the legislation was absorbed into UK law before Brexit.
On that basis, the European Commission granted the UK a data sharing agreement. Whilst the agreement is only subject to four year reviews, there is a clause which allows the EU to cancel the deal at any time, should there be significant change in the UK.
The UK government has just launched a 10 week review into current legislation, following input from a group set up to look for deregulatory dividends from Brexit. They will consider broader aspects, although one piece of human protection is to be closely studied.
Automated Decision Making
Whether you apply for a loan, a job, or are being profiled for other reasons, decisions are now more likely to be made by computer algorithms than people. Under Article 22 of the EU data protection regulation, you have the right to ask for a human review.
The taskforce feeding into the government consultation have said this makes routine artificial intelligence processes burdensome, costly and impractical. If not entirely removed, they would at least like to see Article 22 reformed.
The focus is more on machine learning processes than basic algorithms, an approach which is being used to spot cancer tumours in scans, or predict legal decisions. Useful tools for a number of professions but humans remain involved in critical areas.
We have come to accept aspects which are fully automated, email filtering, or ad targeting but how far should this go is the decision, with notable implications.
Balancing Risk & Reward
The EU wants to maintain transparency on high risk applications, along with an ability to have results reviewed. Both have a cost, which can appear to be a business barrier, in opposition to the UK’s aim to create a data dividend.
A statement by the Culture Secretary referred to a system based on “common sense, not box ticking” and there is no doubt this happened to a degree following GDPR. Even so, operating a supportive system can also bring business dividends.
Our own field is an example, where ATA carnets can be more or less fully organised online. We offer clients an online management system, yet also pride ourselves on the direct support given, which helps to eliminate error, stress, or delay.
The same applies in many fields, as does maintaining trust and we should be careful on how far we go, in business, or consumer facing operations. Cost savings which inconvenience, or lose customers are not savings.
The Wider Implications
Decisions on data management systems influence all our lives, so matter in the UK but more so elsewhere. If we move too far from the preferences of the EU and other countries, we could lose the right to international data transfers.
This may sound a bit removed from life but is a modern foundation stone of trade. Business operations in many sectors would be hampered, not least logistics.
The Department of Culture are only at the consultation stage and we hope they do consult, rather than focus on post Brexit sovereignty. We need to look at and reform data handling but not at the cost of trade blocks.
The ATA carnets for the EU we issue are fortunately governed by a separate international agreement but of more use if trade itself remains viable.