Representing Govtech at IAPP's Data Protection Intensive UK Conference

Our technological world is ever changing and ever advancing, so it’s more important than ever that we keep up to date with the world of data protection so that we can continue to keep our customers data as safe and secure as ever before. 

As members of the IAPP (International Association of Privacy Professionals), Alan and I attended IAPP's Data Protection Intensive UK Conference as delegates in London on 8th and 9th March 2023. There we heard from guest speakers, most notably such as the UK Information Commissioner, John Edwards, and Secretary of State for Science, Innovation and Technology, Michelle Donelan. The Conference coincided with the announcement of new Data Protection Bill reforms and interesting discussions about the ICOs investigations into concerns surrounding algorithm bias and discrimination in some Local Authority benefits systems.

Let us take you through the highlights that John and Michelle had to offer over the course of the two-day event!

TUESDAY 8th MARCH

08:30am and we’re walking into the building in Houndsditch, London. We pick up our Delegates badges and walk into the main atrium where we’re met with stands for big names within the data protection industry... IAPP, OneTrust, Privacy Experience Agency, to name but a few.

The Conference, as always, had a very healthy attendance in terms of delegates and speakers, from all different walks of life, with big household names being in attendance, namely, Meta, OFCOM, Netflix, Pfizer, FIFA, and of course, Govtech Solutions!

As was the case last year, the Conference opening session was led by the UK Information Commissioner, John Edwards. He set the tone for the conference by placing emphasis on the future of technology in the UK, with heavy focus being placed upon AI and how it will fit in with the core principles of data protection legislation. The very first subject mentioned, had our ears perked up paying full attention, as he brought up the 2022 investigation into Local Authority Benefits Systems.

Concerns had been raised by the civil society about the use of AI by Local Authorities, for example any such AI and algorithm used into order to determine benefits entitlement for an individual.

Are these methods of processing fair? Do they discriminate against certain individuals? Are people experiencing any harm or financial detriment due to the use of these technologies? In order to find out, the ICO needed to understand how local authorities work. The ICO partnered up with 11 Local Authorities across the country to have a look into their use of AI. After an extensive investigation, no evidence could be found to suggest customers experience any harm or detriment due to the use of algorithms or similar technologies.

“Our investigation into that practice has finished, and I’m pleased to say that we didn’t find any evidence to suggest that people in the benefits and welfare system are subjected to any undue harm or financial detriment as a result of the algorithms used by local councils. We found that there was sufficient and meaningful human involvement in the process of benefit entitlement, and that the algorithm they deployed was to reduce administrative burdens, rather than to make decisions of consequence.”

Information Commissioner, John Edwards

WEDNESDAY 9th MARCH

With the announcement of the new Data Protection and Digital Information Bill (2) being published overnight, the atmosphere for day 2 is thick with excitement!

With the surprising statistics that 1 in 5 professionals struggle to find technology that makes them compliant with GDPR, and that same number knowing nothing of GDPR despite being bound by it, it's easy to see why an overhaul would be beneficial.

With this in mind, the importance of keeping the regulation simple to understand and easy to implement is paramount. The new Bill was codesigned by industry experts alongside the government, with an aim to correct some of the elements of GDPR that don’t work for us as a country and leads with an understanding there is no ‘one size fits all’ approach to data protection.

In the closing session, Michelle Donelan, Secretary of State for Science, Innovation and Technology, gave us her views…

“Our system will be easier to understand, easier to comply with, and take advantage of the many opportunities of post-Brexit Britain. No longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR.”

Michelle Donelan, Secretary of State for Science

Perhaps something we were all glad to hear, is that those organisations who are already compliant with the current UK GDPR, will not need to make any changes in order to be compliant with the new Bill, although fines for non-compliance are set to be up to 35x larger than under GDPR which is sure to act as a brilliant deterrent to those who are less willing to comply with the regulation.

One of the most notable takeaways is the movement away from both the office of the Information Commissioner and the DPO position within organisations. Under the new Bill, the office of the Information Commissioner will be abolished and replaced by a new body, the ‘Information Commission’. Likewise, the role of the DPO can be replaced by a ‘Senior Responsible Individual’. We’re told that SRIs will only be required for public bodies or where there is high risk processing. It will be interesting to see how these changes play out, and, as Dinah Washington might say, what a difference a name makes!