To ask His Majesty’s Government what assessment they have made of the European Commission’s decision of 24 June to extend the United Kingdom’s data adequacy status until 27 December; and what steps they are taking to ensure that the United Kingdom’s new Data (Use and Access) Act 2025 maintains alignment with the EU data protection standards needed for a future adequacy agreement.
My Lords, the Government welcomed the publication of the European Commission’s draft adequacy decisions in July, which concluded that the UK continues to provide an essentially equivalent level of data protection. The EU’s six-month extension allowed the Commission to consider the reforms made by the Data (Use and Access) Act. I look forward to the successful completion of the adoption process ahead of the 27 December deadline this year.
My Lords, I am very pleased with that reply from the Minister. What I am mostly concerned about is the loss of the provisions relating to law enforcement, particularly the real-time exchange of information, on which our intelligence authorities and police authorities have historically relied. That is no longer available to us; in what is undoubtedly a very dangerous world, surely that is a priority for the discussions that will take place now and in the future on the whole question of data adequacy with our European neighbours.
I thank the noble Lord. He brings a great deal of experience over the years in many areas of data protection legislation, anti-money laundering and the security side. Since the UK and EU leaders’ summit on 19 May, we have been working with the EU to increase the safety and security of UK and EU citizens, to respond to shared threats, and to support police investigations, including through enhanced data exchange. We continue to work and meet closely with the EU on these matters.
My Lords, the Government are trying to hit a moving target, as far as I can see. The EU is adopting a new digital omnibus, which will change EU GDPR. How confident are the Government about being able to get a decision from the EU in time?
To take that question in two parts, we are confident about the EU’s scrutiny of our legislation. The Commission has started its review and published the report that I mentioned in July. The European Data Protection Board published a non-legally binding opinion on its draft decision on 20 October. We are confident that a member state vote will take place ahead of the 27 December deadline. The EU’s proposals to change its data protection framework have only recently been published. We will have a look at the details of those changes as and when they become clear and are confirmed.
My Lords, related to data security is superintelligent AI. Many recent reports have suggested that this is a huge threat to our global security. Are we discussing this with the EU and other international partners to try to mitigate some of the potential damage that could be caused by it?
We continue to look at all potential AI threats and are immensely assisted in this by the work of the AI Security Institute, which has deepened our understanding of critical security threats posed by all sorts of frontier AI and the type that the noble Lord mentioned. We continue to talk about this to international partners.
My Lords, this is not just about legal frameworks; what is also important is the physical security of some of the data structures. Are we in discussions with other European partners, in particular with Ireland, to ensure that their undersea cables are secure, not just undersea but when they enter the mainland?
The noble Baroness is right that there are risks to undersea cables. I shall have to come back to her on the precise discussions that we have had with Ireland, as I am not completely up to speed with those, but it is something that we are very well aware of in general. We have taken forward a lot of discussions with industry and others about it.
My Lords, when it comes to data adequacy, the Government are, of course, aware of a report from the UK Statistics Authority that said:
“Quality problems have manifested into published errors, delays, and de-accreditation of official statistics”.
That is pretty damning stuff. Can the Minister tell us what is going to be done now to improve the situation? Flying blind is surely really rather dangerous in the present world circumstances, particularly for this Government.
I thank the noble Lord for his question. I think about the adequacy of the Office for National Statistics and some of the information that it provides, which we all rely on. In terms of the particular programme of enhancement, I shall need to come back to him on that point to set out what is being done in that area.
On the issue of data adequacy agreements with the EU, I think we are proceeding quite adequately in terms of the process of it scrutinising our data protection regulations. We are confident that the 27 December deadline will be met.
The noble Earl asks a very interesting question but one which I am afraid, again, I am unable to give him any deep answer on. I shall have to revert to him on IP in particular.