Annual Report 2023–24

Foreword by Jeni Tennison Welcome to our second annual report! Here, you can learn more about what we’ve been up to, and the impact we’ve had, in a year when AI has become a headline topic. We took advantage of global attention on AI governance to amplify our messages about the importance of public voice and collective action. Around the UK’s AI Safety Summit, we partnered with the TUC and ORG to drive civil society and worker voice in AI to the top of the agenda, through an open letter that gathered over 100 signatories. We also organised a People’s Panel on AI to highlight the lack of public input; and had multiple high-profile media appearances. We brought together over 40 civil society organisations working around data and digital rights in the UK in a network that has successfully campaigned against the Data Protection and Digital Information Bill, ensuring that there was sufficient opposition to see it dropped during the wash-up process prior to the 2024 General Election period. We have targeted sectors that matter to people. We partnered with the TUC and the Wales TUC to emphasise union and worker voice in the adoption of data and AI in the workplace. We collaborated with Just Treatment to bring patient voices to the fore in the debates about health data. We joined forces with Defend Digital Me to explore governance gaps in the edtech ecosystem. We convened, catalysed and contributed to initiatives around the world. During RightsCon in Costa Rica, we brought together groups working to influence G20 conversations on collective data governance. During the Open Government Partnership Summit in Estonia, we facilitated the codesign of commitments for meaningful transparency, participation and accountability in data and AI governance. Finally, through our Connected Conversations, Design Labs, Fellowships, presentations, and social media, we have brought the idea of democratic and participatory decision making closer to reality. These have ranged from digging into the details of collective data rights, through developing a game that draws attention to the range of methods for bringing in public voice, to presenting to the Women’s Institute in Buckinghamshire. I am immensely grateful to our team, alumni, associates, fellows, partners, collaborators and funders for all their work to advance our vision of communities having a powerful say in decisions about data and AI. If you want to learn more about our plans for next year, do take a look at our Strategic Roadmap 2024-25. Jeni Tennison, Founder and Executive Director Our vision We want communities to have a powerful say in decisions about data and AI so that it is used to create a just, equitable and sustainable world. Our mission We campaign to put community at the centre of data narratives, practices and policies by advocating for collective and open data governance. We have three main strategic goals arising from our theory of change. Change data narratives: we develop compelling narratives of collective data governance, placing stories in the media and other key venues that influence communities and decision makers. Change governance practices: we surface and share examples of collective and participatory governance, convene a community of practitioners who lead and support collective data governance activities, and work alongside diverse communities to help define how data governance should work for them. Change public policies: we provide evidence-based public policy recommendations and language to create an environment for collective and participatory data governance. These goals are enabled by a strong community and an effective organisation. Responding to the AI Safety Summit In November 2023, the UK Government hosted the first AI Safety Summit. This was an opportunity to deliver on our mission at a national and international level. In the run-up we held a private Connected Conversation on AI Safety narratives to support common understanding and purpose amongst civil society organisations. We also led two activities to influence this and future Summits: an open letter, and the People’s Panel on AI. An Open Letter With the TUC and Open Rights Group we led on an Open Letter to Prime Minister Rishi Sunak, calling out the Summit’s marginalisation of civil society in favour of a select few companies and governments. The letter gained over 100 high profile signatories, including leading experts, international human rights organisations and unions representing millions of workers. It gained international media coverage, challenging the narrative of the Summit, lending weight to civil society actors who were present, and forcing politicians to address the role of workers and civil society in shaping the future of AI. View Tweet View Tweet View Tweet The People’s Panel on AI We organised the People’s Panel on AI, which brought together 11 representative members of the public randomly selected by the Sortition Foundation to attend, observe and discuss key events at the AI Fringe, which was held alongside the Summit. Through a deliberative process facilitated by Hopkins Van Mil, the panel worked towards a public report giving their verdict on AI and their recommendations to government, industry, civil society and academia for further action. By the end, we had a report by Hopkins Van Mil of the outcomes of the deliberation process, a written evaluation by the Independent Evaluator, a video promoting the process and Panel recommendations, a flyer displaying the recommendations, and a final report that included reflections and connections to other related participatory practice work. In addition, at the end of the week we hosted an open ‘verdict session’. At Tech UK we’re very keen to look directly at these recommendations and really think hard about what they mean in terms of policy formation around A.I. — Antony Walker, techUK As well as the recommendations themselves, the Panel started to prove to big tech, public sector and private sector that public participatory practices can be organised quickly, (relatively) cheaply, and with people knowing nothing of the (complex) subject in advance. It showed that the outcomes of such processes can be meaningful, insightful and supportive of better data and AI governance in the future. The impact of the Panel continued through the year. For example, TechUK asked representatives to speak about the experience and their recommendations at the top of their Digital Ethics 2023 national conference agenda, and a Panel member spoke at an ‘AI in Education’ conference in Cornwall. We also held a Connected Conversation on involving the public in AI policymaking, as part of the Turing Institute’s AI UK conference, which explored lessons from the experience. Members of the People’s Panel on AI deliberating on the AI Summit Fringe We didn’t stop talking about AI. It was exhausting. It overtook us. A number of us refer to the experience as life changing as the impact hasn’t gone away. During the week we were waking up at 3am and making notes about what we wanted to ask the next day. … In one session someone suggested to us that we didn’t know the tech and ordinary citizens can’t understand [ AI ]. I think the panel will come up against this all the time but the panel can ask the questions. What’s the value? Does society want it? — Janet, People's Panel on AI member The People’s Panel on AI was organised with support from the Mozilla Foundation, the Accelerate Programme for Scientific Discovery, the Kavli Centre for Ethics, Science, and the Public, and the Ada Lovelace Institute. Narrative We develop compelling narratives of collective data governance, placing stories in the media and other key venues that influence communities and decision makers. Understanding narratives and power Many organisations recognise the need to shift narratives about data and AI. Doing so requires an understanding of how those narratives currently work, and what they should be changed to. In May 2023, we hosted a ‘Future Narratives’ Design Lab, bringing together invited experts to start the co-creation of a strategy for shifting the inaccurate, damaging way data is currently framed & understood in media, policy and industry narratives. In the end it’s people coming together and demanding a powerful say that will ensure AI and data driven systems work for all of us. This is about ensuring systems that add positively to our lives and help build a caring society, not one constrained by unintelligent machines predicting, dividing and overseeing us for the benefits of those with the power. — Jonathan reflecting on what he learned Jeni and Tim explored the way current narratives can disempower the public in conversations about AI in an essay for the Joseph Rowntree Foundation. We also used these insights in our work with Brickwall to research and produce scripts for AI explainer videos for the Local Government Association and influence local authority adoption of AI. We need to shed light on the power of mainstream AI narratives, how they impact us, and how we can reshape them. Connected by Data doesn’t only understand these narratives but offers vital practical alternatives that centre those affected by AI. — Yasmin Ibison, Joseph Rowntree Foundation Amplifying people’s stories Narratives about data and AI can feel abstract and removed from day-to-day concerns. We aim to bring out individual stories that surface people’s lived experience and provide a way in to policy discussions. In April 2023, our first Our Data Stories report amplified worker’s experiences of data and AI, placing the human firmly in the story. We worked with the Trades Union Congress (TUC) to host a parliamentary event for workers to be heard directly by politicians and policy makers, and with workers and unions to boost stories in a range of media, including the FT, the Guardian and Huck. This work was also quoted by the TUC in their ‘Work Intensification: The impact on workers and trade union strategies to tackle work intensification’ report. View Tweet Our Parliamentary event, co-hosted with the TUC, discussed the worker experience of the AI revolution (June 2023). Photo credit: Stephanie Peacock MP. Our second Our Health Data Stories report, in November 2023, produced in partnership with Just Treatment, focused on how people experience data when interacting with health services, especially in light of the controversy of the award of the NHS’s Federated Data Platform contract to Palantir. Jeni joined Hope from Just Treatment in a Byline Times podcast on the topic, based on the report. Telling our own story We aim to provide the media with a different perspective on issues of data governance and AI: one that centres the voice of affected communities, confronts power and challenges received wisdom. Determined to get beyond cliches of androids and lines of code, we created an explainer video that centres images of day-to-day life and key messages on how data is pervasive, yet about political choices. In the last year, we have significantly increased our profile and been quoted in a range of media, with repeat requests for comment from TalkTV, Channel 4 News and Politico. Here is a sample: UK bill waters down protections against ‘robo-firing’ in gig economy, say experts - The Guardian [news], July 2023. Interview for TX - Business Matters [audio], July 2023 Will AI free us from drudgery - or reduce us to robots? - The Bristol Cable [op-ed], August 2023 ‘We need protection’: How AI, algorithms and oppressive digital tech are pushing workers to the brink - The Big Issue [article], November 2023 G20 Brasil: an opportunity to shape how we shape technology - Estadao [op-ed], January 2024 (English translation on our website) AI doctors and chatbot nurses? Labour must show the future of the NHS isn’t so dystopian - The Guardian [op-ed], February 2024 Innovation or safety? How the UK plans to regulate AI - Channel 4 News [broadcast], February 2024 TUC publishes legislative proposal to protect workers from AI - Computer Weekly [article], April 2024 Our campaigning work around the UK’s AI Safety Summit established Connected by Data as a go-to authoritative voice. We had over 50 media hits within a week, from regional BBC to international broadcast and newspapers. Along with mainstream media, we’ve used social media accounts to share our responses to news items including a NHS contract being awarded to Palantir and the Post Office Horizon scandal. We also published a work of speculative fiction, called ‘Grab A Byte’, in which the reader takes a “choose your own adventure story” style exploration of how data and AI impacts on us. As we reflected on the short story that emerged, we thought about how this could be used in classroom or discussion group contexts to draw out different issues, so we added some prompts for discussion as opportunities to foster collective conversations around data governance in lectures, workshops and among groups. — Maria on reclaiming the narrative through speculative fiction Practice We surface and share examples of collective and participatory governance, convene a community of practitioners who lead and support collective data governance activities, and work alongside diverse communities to help define how data governance should work for them. Even if Sam Altman’s intervention was not an entirely serious call for global deliberation on AI, such deliberation and debate is not only desirable, but is eminently possible. So what might it take to be effective? — Tim on effective global deliberation on AI Supporting organisations with data and AI governance We aim to help organisations who are interested in working with their communities as they develop data and AI tools and services. We started the year commissioned by the Joseph Rowntree Foundation (JRF) to improve their understanding of the current landscape and stakeholders they want to support, work with, influence and inspire as they create a new insight and analysis infrastructure to help improve how the ecosystem understands inequalities, and how to solve them. The case for public engagement around data and AI decisions is only growing stronger. We’ve been working hard to help organisations move from aspiration to action, and to take approaches that support informed engagement and real community power. — Tim Davies (he/him), Research and Practice Director We have also developed an interactive card game that provides a creative way for individuals and organisations to think about planning, running and evaluating collective and participatory data governance activities. The Good Governance game being tested at CPDP LatAm2023 with Idec, InternetLab, ITS Rio, Instituto Fogo Cruzado, Ericà Bakonyi, Larissa Chen, Lab Jaca, Aqualtune Lab, and CyberBRICS Project. Developing resources for public deliberations Informed, empowered and deliberative dialogues about the impacts of data and AI requires capable practitioners. We aim to support people delivering these approaches with the tools and resources they need. In November 2023, we partnered with Iswe to convene a group of thinkers and practitioners who work on public engagement, data and AI to explore interventions that could support greater deliberative governance of technology. We explored three main challenges: Decision makers are often not convinced that they should be listening to public voices in the shaping of data and AI Running an effective deliberation on AI requires good background materials - focusing on the right topics, and recognising the different frames applied to discussion of AI Running a powerful deliberation on AI requires tailored facilitation You can access the full workshop notes here or review the summary on our website. Photos of the Design Lab exploring resources for public deliberation. Policy We provide evidence-based public policy recommendations and language to create an environment for collective and participatory data governance. Our strategy to shape the UK’s data and AI policy towards equitable outcomes consists of three workstreams: catalysing a powerful civil society community, policy development and deep dives into strategic verticals. We take what we learn in the UK into the wider international community to develop joint approaches and action. Catalysing civil society An effective civil society community is vital to counter big tech and government power. We aim to bring together diverse civil society organisations and campaigners to build relationships and collaborate on policy, campaigns and advocacy around data and AI. To that end, we convene the UK’s Data and AI Civil Society Network. Along with current affairs, the network digs into key issues with dedicated sessions such as a Connected Conversation on Impact Assessments, and showcases the work of its participants. We maintain the infrastructure of this network, with shared resources such as our publicly available list of Data Protection and Digital Information Bill resources, an active Signal group, a popular data policy newsletter and regular meetings and strategy sessions to support joint action and skill sharing within a growing community. This year, we expanded and diversified engagement with the Network. A workshop in February 2024, targeted at charities and campaigners who are new to these issues, surpassed our expectations with around 100 participants. Many of these have since joined the Network. As a human rights policy organisation, it’s been incredibly valuable to join the Network. Data protection is a relatively new policy area for us, so the ability to be able to connect with like-minded organisations and learn more has been helpful to ensure our work is aligned to the rest of the policy landscape. — Adam Freedman, Policy, Research & Influencing Manager, National AIDS Trust Centering community voice in data and AI policy The legislative and policy environment determines how and whether community voice is brought to bear in decisions about data and AI. Our aim is to advocate for evidence-based public policy recommendations for collective and participatory data governance. A key focus throughout the year has been the Data Protection and Digital Information Bill (DPDIB). We developed policy interventions as the Bill moved through the legislative process over the last twelve months, including written evidence, briefings and suggested amendments. In May 2023, we were invited to give oral evidence to the House of Commons Bill Committee, which was subsequently referenced by Lord Clement-Jones, a leading voice in the debate, in the Lords Grand Committee. Thanks to this opposition, alongside that of many other members of the Network, the Bill fell during the wash-up process prior to the 2024 General Election. The Post Office scandal has some stark lessons for how data and AI systems should be integrated into our lives and society. The Government’s Data Bill fails to learn them, and in multiple places makes it even harder for victims of computer errors to get justice. — Jeni on the Post Office 'Horizon' scandal Beyond the Bill, we responded to the Government’s AI White Paper consultation and multiple parliamentary inquiries including Transforming the UK’s Evidence Base and Large Language Models, as well as regularly engaging with senior politicians across the political spectrum. Questions of data and AI policy are cross-cutting and far from settled. We have an opportunity to steer it towards equitable and democratic outcomes. — Adam Cantwell-Corn (he/him), Head of Campaigns and Policy Along with reacting to policy developments, we’re shaping perspectives for a progressive approach to data and AI policy. Working with a range of stakeholders including Labour Together, we sought to clarify high level thinking on the direction and purpose of data and AI policy into a progressive vision. As well as feeding into Labour policymaking, this helped inform the first Green Party of England and Wales policy on AI, which now includes a commitment to centre community voice. We launched the document at the Labour Party Autumn Conference (with Matt Rodda MP) and the Green Party Autumn Conference (with Baroness Natalie Bennett). Diving into verticals We need both cross-cutting and sector-specific data and AI policy. Our aim is to dive into strategically relevant verticals to develop context specific policy and boost capabilities of various stakeholders. Having identified ‘work and workers’ as a source of key questions about data, power and participation we developed relationships within the trade union movement. A research collaboration with Wales TUC on how AI is impacting workers is feeding into the Welsh Government’s pioneering social partnership agenda. Adam has joined the Wales TUC reference group on AI to support trade unionists within these processes regarding the public sector workforce. We took part in the Special Advisory Group on the TUC’s AI and Employment Bill project, a powerful intervention to emphasise collective data and AI rights at work, and collaborated on multiple joint events and media outputs. We also led on a project with the TUC to draft a strategy to take forward their work on AI. The strategy sets out how the TUC should innovate its processes to develop targeted policies, training and campaigning on AI. TUC Cymru worked with Connected by Data to produce a joint report on workers’ understanding of AI. The report led to extensive media coverage and the establishment of a government committee in Wales set to introduce guidance on the use of AI for key workers in the public sector. This would not have been possible without Connected by Data’s support. — Ceri Williams, Wales TUC We laid the groundwork for other verticals, health and education. We worked with Defend Digital Me to deliver a two part EdTech Design Lab to explore the growing use of data-driven educational technologies (EdTech) in UK schools; challenges around who has, and who does not, have a say in EdTech adoption and possible approaches to give affected communities a more powerful voice in EdTech decision making. Participants included teachers and school counsellors, teaching union representatives, and education researchers. We followed this up with a later Connected Conversation on the topic “How can affected communities have a powerful voice in shaping the adoption of data-driven technology in schools?” Amid the furore about Palantir’s NHS contract, the Our Health Data Stories report produced in partnership with Just Treatment didn’t just expose how patients think about data on a day-to-day basis; it also recommended further work around data opt-outs, data service procurement, community engagement, and digital health apps. We explored these in a Connected Conversation that asked “What would it take to secure full public support for NHS data re-use?” As we campaign for health justice, we need to navigate the complex impact of data and AI. Connected by Data has been a key ally in that work. — Diarmaid McDonald, Director, Just Treatment Politicians, press and public are becoming more aware that decisions about data are political, and fundamentally about power and priorities. But there’s still work to be done to make this democratic and support people, institutions and ideas to make data and AI work for us. — Gavin Freeguard, Policy associate Establishing international partnerships We want our work to be useful outside the UK, and build international partnerships to help that happen. In June 2023, in partnership with Aapti Institute, Research ICT Africa, and The Datasphere Initiative, we convened a workshop in Costa Rica to explore global policy agendas on collective data governance. The session explored building shared language, mapping policy landscapes, developing policies for collective data governance, and prioritising local and global advocacy opportunities. Thanks to this workshop, we collaborated with Mydata Global, Aapti Institute, and The Datasphere Initiative, to publish In This Together: Combining Individual and Collective Strategies to Confront Data Power, a think piece that looks at how advocacy for better data governance can draw upon the tools of both individual data rights, and collective data governance. This was the topic of a Connected Conversation on Combining Strategies to Confront Data Power in March 2024. The Connected by Data workshop as a Fringe of the OGP Summit (September 2023) We have undertaken a significant amount of work relating to the Open Government Partnership (OGP). In September 2023, we brought together a diverse group of civil society, government and academic stakeholders on the fringes of the 2023 Open Government Partnership Summit in Tallinn, Estonia, to co-design model policy commitments that could deliver meaningful transparency, participation and accountability in data and AI governance. We followed this with a Connected Conversation to share these resulting commitment areas in more detail, and invited responses from a range of experts to explore the opportunities and challenges for putting these ideas into practice. Connected by Data plays an important and unique role connecting organizations working on different aspects of data governance and from different parts of the world, facilitating innovation and collaboration that wouldn’t happen otherwise. This is essential for helping the advocacy community adapt to a rapidly changing relationship between individuals and data. — Christopher Wilson, MyData Global Later in the year, Tim attended a global peer exchange workshop in Nairobi, organised by the OGP on governance of new and emerging technologies. The Governing New & Emerging Digital Technologies global peer exchange workshop brought together government officials and civil society representatives from twelve countries leading digital governance reforms, along with international experts, to address the challenges and opportunities presented by digital innovations, particularly Generative Artificial Intelligence, and their impact on democracy, human rights, and the economy. Building on this workshop we produced a response to the interim report of the UN Advisory Board on AI. And we worked with the Data Values Project and Global Data Barometer to explore approaches to benchmarking national frameworks for participatory data governance. We have participated in a number of other international initiatives. Jeni was part of the Council for a Fair Data Future, organised by the Aspen Institute, which met in New York in July 2023, as well as continuing to chair the GPAI Data Governance Working Group until December. Maria attended a number of C20 events (linked to the G20 presidency in Brasil) and Adam attended the Summer School on the Law, Ethics and Policy of Artificial Intelligence hosted by KU Leuven, an international community based in Belgium. With Liz Steele, we also started to explore how we might engage more actively in Europe, following the passing of the EU AI Act. Although the draft bill in Brazil has some way still to go if it is to become law, the journey outlined above demonstrates the vital importance, and impact of a process that looks beyond industry interests when regulating data and AI. — Maria on building trust through civil engagement in data and AI Jeni Tennison meeting with Minister Ed Husic from the Australian Government Department of Industry, Science and Resources alongside Abeba Birhane and Rachel Coldicutt (November 2023) Community Over the last two years, we have amassed over 1,600 followers on X (formerly Twitter), 234 Mastodon followers, 933 followers on LinkedIn and have over 160 members on our Discord server. We organised, spoke at or participated in almost 50 events and gained a deeper understanding of the kinds of spaces where conversations are happening, and what’s lacking. During 2023-24 we introduced a Data Policy Digest and a Connected by Data Newsletter, which have 324 subscribers. Jeni Tennison speaking at a Citizen-Centric AI Systems event (November 2023). Photo credit: Professor Sebastian Stein. Convening important conversations Thanks to funding from Omidyar Network, we have established our Connected Conversations programme. Connected conversations are a programme of informal, virtual, and usually international discussion sessions designed to support exploration and learning around the fundamentals of collective, democratic, participatory and deliberative data governance. People who attend discussions are expected to have strong opinions, weakly held, and to critique and question their own assumptions, as well as those of other people. We publish write ups of all Connected Conversations on our website as a further demonstration of our commitment to share learning as widely as possible. Aside from those already mentioned above, these included: Who is at the table? How are public voices currently heard in the governance of data and AI?, which brought in international experience of engaging communities around data and AI in cities, humanitarian aid, and the AI data supply chain Collective data rights: do we need them and what should they look like? in which we looked at gaps in regulatory frameworks for the governance of non-personal data, based on research we commissioned from AWO Community negotiation on data rights, which examined what we mean by ‘community’ when we advocate for greater community voice in data and AI governance Robust norms: creating and enforcing new data governance defaults at scale, which brought together different perspectives, including from climate change advocacy, to explore how to conceptualise global rights, harms, and norms and asked what is the data governance equivalent of the concept of ecocide Codesigning interventions Again thanks to funding from Omidyar Network, during 2023-24, we were able to convene six design labs, all of which we’ve described in more detail above. Future Data Narratives Design Lab in partnership with Future Narratives Lab to start the co-creation of a strategy for shifting the inaccurate, damaging way data is currently framed & understood in media, policy and industry narratives. Policy Design Lab - A global policy agenda on collective data governance, in partnership with the Aapti Institute, Research ICT Africa and the Datasphere Initiative to explore global policy agendas and practical policy asks on collective data governance, with a particular emphasis on influencing the G20 process under India, Brazil and South Africa presidencies. Participation Design Lab - Governance Game, a year-long iterative process to develop a ‘participatory governance game’, with three test sessions of the game including at the Data Justice Conference on June 20th. Policy Design Lab - Open Government Commitments, bringing together a diverse group of civil society, government and academic stakeholders on the fringes of the 2023 Open Government Partnership Summit in Tallinn, Estonia, to co-design model policy commitments that could deliver meaningful transparency, participation and accountability in data and AI governance. Practice Design Lab - Deliberation and AI, in partnership with Iswe, to convene a group of thinkers and practitioners who work on public engagement, data and artificial intelligence to explore interventions that could support greater deliberative governance of technology. Practice Design Lab - Edtech, in partnership with Defend Digital Me, to understand and analyse how EdTech is brought into schools in practice and map out routes for alternatives with the view to empowering all members of the school community to participate in the governance of these powerful tools. We deliberately organised these design labs in different ways and to different scales, to experiment and inform further design labs. Cultivating changemakers Our small, but global, fellowship programme grew, with four additional Fellows bringing new and diverse voices and perspectives to the group. Fellows are supported and mentored in a bespoke approach with a fortnightly collective online gathering. Judith Townend, Fellow Kristophina Shilongo, Fellow Libby Young, Research associate and Fellow Luke Richards, Fellow Aditya Singh, Fellow Maria Luciano, Fellow / Former Research associate Natalie Byrom, Fellow Nicola Hamilton, Fellow The fellowship has been an enriching experience and a fantastic opportunity for collaboration and exchange with a community passionate about collective and participatory data governance. I’ve enjoyed the opportunity to have greater insight into CbD’s work and have learned immensely from the amazing cohort of fellows and their diverse projects. — Aditya Singh, Fellow Organisation In the last twelve months we’ve been joined by Emily Macaulay (Head of Delivery and Operations) and Helena Hollis (Field Building Lead). Three members of the team have moved on to new adventures and we wish all good luck to Obioma, Jonathan and Maria in those. We’ve also had the good fortune to continue to work with Gavin Freeguard, focused on UK policy, and Liz Steele, who has been exploring opportunities within the EU. I’m proud to have joined a small but mighty organisation focused on working with care and generosity to have meaningful social impact. — Emily Macaulay (she/her), Head of Delivery and Operations Openness We aim to work in the open. Our strategic roadmap for 2023-24 reflected on what we had learned in our first set and set our intentions for this year. We continue to share our own resources and amplify those of others; write up the events we attend and organise; and regularly blog on topics we’re exploring. We also produce weeknotes which give a behind-the-scenes perspective on our work. Diversity, equity and inclusion Our work is founded on an awareness of power, privilege and pluralism inspired by feminism, intersectionality, and anti-colonialism. We continue, as individuals and collectively, to challenge ourselves to improve our understanding and implementation of inclusive practice. Over the last year we’ve focused on taking the time to understand individuals needs and prioritise time, effort and resources to meet those needs, with the aim of enabling them to be themselves and have everyone engage equitably. Examples have included meeting panel participants arriving on public transport, providing specific meal options, funding additional accommodation for those disproportionately negatively impacted by travel, providing information (such as meeting agendas) in advance, and providing 1:1 support to address low digital literacy. From the inclusivity of the recruitment process, to the warm welcome, and a great year working with different communities here at Connected by Data, I have loved working at an organisation that lives by the values it espouses. I have learned about the wealth of issues which communities are engaging with around data and AI, and the innovative and inclusive ways in which they are challenging power. — Helena Hollis (she/her), Field Building Lead Learning We are committed to continuously learning about what works and what doesn’t, and how to improve our impact. During 2023-24 we learned: AI is where the conversation is at. We know that non-AI uses of data have just as much influence on people’s lives, and indeed that “AI” is used as a byword for a broad set of technologies. Nevertheless, the public and political conversation is focused on AI. There is no AI governance without data governance. Notwithstanding that conversations often open with AI, governance of data remains fundamental, and there is growing recognition that AI governance can only be delivered through robust data governance. We need to build collective power. There is a fundamental difference between consultation to understand public attitudes and opinion, and interventions that democratise power over data and AI. Our orientation needs to be the latter; this means paying attention to civil society empowerment as well as public participation. How we work matters. We are committed to demonstrating care, generosity, agility, and openness. We’ve also seen the value of showing leadership to unite our community and amplify our joint interests, such as through Data and AI Civil Society Network and the open letter we initiated in partnership with the TUC and ORG around the AI Safety Summit. Practical demonstrations are useful. We co-convened events such as the Gloucestershire Data Day and the People’s Panel on AI that have proved to be useful examples to illustrate the importance and practicality of what we are advocating for. Diverse backgrounds make for the best conversations. As we have convened people during 2023-24 through our series of Connected Conversations and Design Labs, we’ve seen the most valuable conversations arising from bringing people together with experience outside data and AI, such as learning from climate campaigners. We’ve taken these lessons into our plans for next year, which you can learn more about in our Strategic Roadmap 2024-25. Governance We are a non-profit company limited by guarantee and charitable objectives (including an asset lock). Our Governing Board is chaired by Karin Christiansen (Chair) with Non-Executive Directors Louise Crow; Karien Bezuidenhout; and Hera Hussain. Their Terms of Reference and meeting minutes are published on our website. In February 2024, we updated our articles of association to be explicit about our not-for-profit operating model, thanks to pro-bono support from Hogan Lovells’ social enterprise lawyer training programme (HL BaSE). Funders Thanks to our funders for their generous support during this year. Finances Our full financial statements have been filed with Companies House and are summarised below.   2023/24 2022/23 Income 611 325 Unrestricted grants 376 264 Restricted grants 186 15 Sales 38 46 Costs 604 315 Staff costs 508 255 Other costs 94 58 Corporation tax 2 2 Capital and reserves (cumulative) 17 10 Accrued income 224 500

Data Policy Digest

Hello, and welcome to our sweet sixteenth Data Policy Digest, bringing you all the latest data and AI policy developments. From April showers to a May data deluge - with details of Lords committee stage for the Data Protection Bill, more AI developments than you can shake a large language model at and much more besides.

Data Protection and Digital Information Bill: Resources

This is a living document collating resources – background, briefings, and commentary – about the UK’s Data Protection and Digital Information Bill. It’s open, so do suggest any additions that you find useful.

Data Protection and Digital Information Bill: Lords 2nd Reading Summary

Data Protection and Digital Information Bill: what happened at Lords Second Reading? Introduction On Tuesday 19 December 2023 – the last day before their Christmas break – the House of Lords got to debate the Data Protection and Digital Information Bill for the first time. This is known as Second Reading – First Reading is a formality, where the Bill is introduced to the House after moving through the Commons, and it will next go to Committee stage (for detailed scrutiny), then Report Stage and Third Reading (for amendments and further debate in the Chamber). Below is a brief summary of the debate (starting with a table of contents). You can also read the debate in full, read my live tweeting, watch the debate or check out our page of resources on the Bill and its parliamentary passage. Opening statements from government and opposition Subjects raised in the debate Data adequacy with the EU Business impact Length and complexity Lack of scrutiny Children’s data rights Coroner access to data Weakening of individual rights Collective data rights and use Importance of trust DWP access to bank account data Secretary of State powers Henry VIII clauses Artificial Intelligence Definitions Health data Expanded powers for police and security services The Information Commission Abolition of the Biometrics and Surveillance Camera Commissioner Cookie consent Direct marketing Digital identity Smart data Democratic engagement Horizon Death registration Work to do Closing statements Next steps Opening statements from government and opposition Opening for the government, AI minister Viscount Camrose said the proposed reforms to the UK’s existing data protection regime (including the General Data Protection Regulation, or GDPR) ‘deliver on the Government’s promise to use the opportunity afforded to us by leaving the European Union to create a new and improved UK data rights regime’. He ran through the five parts of the Bill, arguing it would unlock the potential of data ‘not only for businesses but for people going about their everyday lives’, while ‘continu[ing] to maintain the highest standards of data protection that people rightly expect’; these are not ‘contradictory objectives’. He noted the Bill as it now stood – following some amendments tabled below Report Stage in the Commons (many of them very late and some of them controversial) – had doubled the estimated economic benefits, to £10.6bn over 10 years. The Bill, according to Camrose, would ensure organisational compliance would be directly related to the risk its data processing posed to individuals; modernise an already ‘world-leading independent regulator’, the ICO; allow ‘responsible automated decision-making’ with human intervention where requested; seize billions of pounds in ‘the booming global data-driven trade’; ‘allow people to control more of their data’; make digital identity easier and more secure; and improve data for the NHS and adult social care, law enforcement and national security. Camrose highlighted amendments on the National Underground Asset Register and coroner access to social media data from deceased children (acknowledging complaints from bereaved families that it did not go as far as promised, pledging to listen to their arguments) – but touched only lightly on new DWP powers ‘to protect taxpayers’ money from falling into the hands of fraudsters’. Opening for Labour, Lord (Jim) Knight – standing in for an unwell Baroness (Maggie) Jones – quoted his 2017 speech on the Data Protection Bill (later Act), about the ‘need to power the economy and innovation with data while protecting the rights of the individual and of wider society from exploitation by those who hold our data’. That remained the vision for him – but the weakening of protections in this Bill would not achieve it. He felt the opportunity to strengthen the ICO to better regulate the use of data in AI had been missed, providing no new oversight of cutting-edge technologies (quoting the Ada Lovelace Institute); that the Bill weakened ‘the already limited safeguards’ around automated decision-making, especially in the workplace; quoted Stephen Cragg KC on the ability of the Secretary of State to add to the list of ‘legitimate interests’ without scrutiny; and further criticised the Bill for not empowering regulators for the government’s AI regulation plans, and for lost opportunities to build public trust in developing better technology and generate revenue for the taxpayer through data trusts. Knight moved onto ‘broken promises and lessons not learned’, beginning with the coroner access to data promise and expressing confidence that another discussion carried over from the Online Safety Act discussion, around researchers being able to access data from social media platforms, would be actioned. Another failing was the Bill’s length and the late addition of amendments post-Commons scrutiny – ‘the more I read the Bill and various interpretations of its impact, the more I worry about it’. Businesses need to understand it – Knight asked for the government to share its assessment on the Bill’s impact on EU adequacy. The Bill seemed design to meet the government’s own interests, on changing direct marketing rules during elections and the DWP bank account powers (which, he noted, the ICO was not convinced by), and asked which other countries had such provisions, what consultation had been carried out, and whether HMRC already had such powers. Knight also wanted to see changes or clarity in other areas, including a clear definition of high-risk processing; not weakening subject access requests; needing more information on smart data schemes; the workability of nuisance call proposals; and appropriate consultation on changes to cookies. He said ‘a new data protection Bill is needed, but perhaps not this one… there is much to do.’ Subjects raised in the debate There was lots of praise for the many briefings peers had received. There was also a lot of agreement that current data regulation was ‘outdated and in urgent need of reform’ (Bishop of Southwell and Nottingham); Lord Kirkhope (Con), who had been involved in drafting GDPR, noted it was a significant achievement (‘done by Brits in Europe’) but ‘not without need for enhancement or improvement’. But there was also widespread agreement that there were many problems with the Bill. Lord McNally (Lib Dem) said government rhetoric that the Bill balanced reducing burdens while maintaining high data protection standards as having ‘met with scepticism and outright criticism’. Baroness Bennett joked that the government had avoided its favourite word in presenting the reforms, ‘world-leading’. Concerns included: Data adequacy with the EU Lord Allan (Lib Dem) said the ‘alarm bells ring’ on this and had three main concerns: that the core regime would be seen as too weak to protect EU data subjects, security-related surveillance measures would create an unacceptable risk and redress mechanisms would be ‘inaccessible or ineffective’. Lord Kirkhope urged ‘extreme caution’ around some of the nations the UK wanted data adequacy with, as they might not align with the EU. Baroness Young (Lab) thought the EU would be concerned about the excessive powers granted to the Secretary of State. The Lord Bishop of St. Albans noted briefings highlighting a divergence of data regimes did not ‘sound like less red tape, nor does it sound particularly pro-business’. Lord Kamall (Con) asked ‘Are we diverging just for the sake of divergence, or is there a good reason to diverge here, particularly when concerns have already been raised about security and privacy?’ Lord Vaux (crossbench) was pleased the government’s impact assessment had picked up the ‘significant negative impacts on trade and on the costs of doing business’ losing adequacy would have, though found the projected costs ‘surprisingly low’ (contrasting it with a higher ‘conservative’ estimate from the New Economics Foundation and UCL European Institute). He wondered what changes had been made to the Bill to take account of EU concerns; ‘I have to assume a responsible Government must have had discussions with the EU’. Business impact Lord de Clifford (crossbench) ‘feared’ that the Bill’s ‘complexity will mean that it will not be fully complied with by a number of small to medium-sized businesses that do not have the resources or time to research and instigate any changes that may be required’. The Bill could favour larger companies ‘whose ability to collect, process and monetise data is well known’, so new regulations should not require a lot of resource to implement. There should also be a publicity campaign. Length and complexity Several other peers expressed concern that it was ‘a long and very complex Bill’ (Lord Vaux). Lord McNally (Lib Dem) felt ‘its scale and how it has been dealt with by the Government in its preparation, false starts and in the other place mean that we are going to legislate for myriad issues, each of which are of importance to the sector, the individual concerned or society and will require our full due care and attention’. Lack of scrutiny The Lords echoed concerns from the Commons on this. Lord Bassam (Lab) described the late amendments as ‘an affront to our parliamentary system’. Baroness Bennett (Green) noted the late amendments: ‘That really does not look like a codesigning process’ (the non-affiliated Baroness Uddin wanted an assurance that advocacy and civil rights organisations had been involved, as well as industry). Baroness Young also noted an ‘absence of scrutiny’ from the Joint Committee on Human Rights. Children’s data rights Baroness Kidron, a key figure in the Online Safety Act debates whose words were echoed by several peers, was concerned that ‘children have not been explicitly protected from changes that lessen user data protections in the Bill’. She hoped this was inadvertent and the age appropriate design code would not be weakened. She also called for an AI code for children and for the ICO to set standards on edtech, and expressed concern that the law might not be fully equipped to deal with AI models trained on generating child sexual abuse material. Lord Bassam (Labour) highlighted clause 2 allowing companies ‘to exploit children’s data for commercial purposes’, and the need for further safeguards. Another specific issue was… Coroner access to data Following discussions on the Online Safety Act, Baroness Kidron said the government had agreed to ‘create a humane route to access data when a coroner had reason to suspect that a regulated company might have information relevant to the death of a child’, but were reneging on that to narrow the scope to suicide. Viscount Camrose said the government was firmly on the side of bereaved parents and would listen to this criticism (which it appears to have done). Weakening of individual rights Baroness Young was concerned the Bill ‘seems to tilt the balance of advantage to businesses and government authorities rather than to the individual’. This included not gripping the AI challenge: ‘it erodes further the already inadequate legal safeguards that should protect individuals from discrimination or disadvantage by AI systems making automated decisions’. Lord Kamall was one of those raising the weakening of subject access requests, citing his personal experience; the Bishop of Southwell and Nottingham ‘share[d] the concerns of many civil society groups that the Bill will reduce transparency by weakening the scope of subject access requests’. Collective data rights and use Baroness Kidron hoped the Bill would take the ‘wonderful opportunity’ to put ‘data power in the hands of new entrants to the market, be they businesses or communities, by allowing the sharing of individual data rights and being able to assign data rights to third parties for agreed purposes’. She also agreed with Lord Knight that routes to accessing commercial datasets should be found for public interest research, rather than ‘embed[ding] the asymmetries of power’. Baroness Bennett underlined the importance of data being made available, to be used for the public good, inviting NGOs to think about community uses as well as just research. Baroness Young wanted the ICO to be able to consider class action complaints brought by civil society organisations or trade unions, while Baroness Uddin wanted greater protection for consumers. Lord Kamall wondered who ‘owned’ data – for example, that which we had willingly given to social media companies who were now monetising it for commercial purposes – and wanted more accountability. Importance of trust The Bishop of Southwell and Nottingham said ‘it is worrying that, with some of the measures in the Bill, the Government seem to be reducing the levers and mechanisms that public trust depends upon’, and worried that protections were being weakened ‘to the extent that they will struggle to achieve their original purposes’ (referring to Public Law Project briefings). He quoted the chief executive of the Data Protection Officer Centre, who said ‘Whilst countries across the globe are implementing ever-more robust data protection legislation, the UK seems intent on going in the opposite direction and lowering standards’, and asked the government what reassurance it could give on maintaining public trust. DWP access to bank account data Lord Kamall (Con) shared Lord Knight’s concerns and asked for more clarity on the rules. Baroness Young thought it ‘a major intrusion into the privacy of pretty well all individuals in the UK’ – including most people in the Lords – ‘and, to some extent, an infringement on the confidential relationship that you ought to be able to expect between a bank and its customer’. Lord Vaux thought the powers ‘draconian’. The Bishop of Southwell and Nottingham wondered to what extent ‘the state demanding data without cause’ complied with the Nolan principles. Lord Sikka’s (Lab) speech was largely given over to this issue, criticising the government for making Orwell’s 1984 a reality, and questioning the expected saving given conflicting numbers. Baroness Bennett wondered where the powers to tackle economic crime were. Lord Davies (Lab) said UK Finance had criticised the powers – they weren’t part of the economic crime plan or fraud strategy, should be more narrowly focused and should not leave vulnerable customers disadvantaged. Lord Bassam (Lab) thought the powers covered 40% of the population, questioned the government’s ‘real need here’ and lack of consultation when the idea had been around for so long, and asked: ‘When were the Government planning to tell the citizens of this country that they were planning to take this new set of powers to look into their accounts?’ Secretary of State powers Lord Kamall thought ‘they lack the necessary scrutiny and safeguards’. Baroness Young thought the EU was enunciating a view that ‘the new powers of the Secretary of State to meddle with the objective and impartial functioning of the new Information Commission’ could threaten data adequacy with the EU. Henry VIII clauses Baroness Uddin said ‘Many fear that such extensive powers cannot possibly be for the public good’. Lord Bassam: ‘The Government’s answer to a lack of clarity in so many areas of the Bill is to build in huge, sweeping, Henry VIII powers. When reviewing the legislation recently, we managed to count more than 40 proposed statutory instruments. That is an immense amount of power in the hands of the Secretary of State. We do not believe that this is the right way to legislate on a Bill that is so fundamental to people’s lives and the future of our economy. We want to bring these powers back into play so that they have the appropriate level of parliamentary scrutiny.’ Artificial Intelligence Baroness Young agreed with Lord Knight and other speakers that the Bill was a missed opportunity for gripping some of the challenges presented by AI. Lord Holmes (Con) noted that ‘AI is nothing without data’, and wanted clear and transparent labelling of the uses of AI, especially in the public sector. He also asked how much line-by-line analysis there had been to ensure coherence with AI White Paper. Viscount Camrose acknowledged comments about a lack of AI regulation, but said that data protection legislation applies to the extent that personal data is involved. Definitions The Lord Bishop of St. Albans worried about the new definition of ‘personal data’, including the ‘imprecise and troubling’ definition of being able to identify an individual by ‘reasonable means’, and some genetic data no longer being classed as ‘personal data’. Baroness Bennett referred to a briefing from Understanding Patient Data which highlighted such decisions would now be a subjective test applied by data controllers – she noted the existing ‘very grave concern in our community about the use of medical data, the possible loss of anonymity, and the reuse of data for commercial research’ and urged the minister to take a look. Health data Lord Davies thought it clear the Bill had been written with and for industry, and worried (building on Understanding Patient Data and a briefing from the BMA) about less clear and straightforward rules, increased risks of disclosure, negative impact on public attitudes, the loose definition of scientific research, and a fear that the new rules were in ‘grave danger’ of moving beyond the protection provided by the Caldicott principles. Expanded powers for police and security services The Bishop of St. Albans worried clauses 19 and 28 to 30 did not provide proper accountability and could give the police immunity, even if they had committed a crime – ‘an extraordinary amount of unchecked power’. The National AIDS Trust had highlighted police officers sharing an individual’s HIV status without their consent. The Information Commission Lord Kamall worried about the Commission’s bandwidth, given all the powers it was being given. Baroness Young didn’t think its existing record was sparkling, and wanted improvements to the Bill to ensure clear statutory objectives and clear independence alongside the ability to scrutinise it. She noted: ‘In my experience, all too often, Governments plural, not just the current Government, establish watchdogs, then act surprised when they bark, and go and buy a muzzle. If the public are to have trust in our digital economy, we need a robust independent watchdog with teeth that government responds to’. Lord Kamall also wanted to understand government thinking on whether new powers, requiring people to attend interviews as part of an ICO investigation, were too Big Brother-ish. Abolition of the Biometrics and Surveillance Camera Commissioner Lord Kamall was concerned about whether the ICO would have the bandwidth to absorb these powers. Lord Vaux thought it ‘interesting’ Camrose had not mentioned this in his speech, and referred to a report by the Centre for Research into Information Surveillance and Privacy (CRISP) that said none of the government’s arguments that the functions would be covered elsewhere ‘bear robust scrutiny’. He had real worries about the misuse of surveillance powers. Cookie consent Lord Kamall understood they had become annoying, but – as someone who had been in the European Parliament for those debates – noted they had been supported because users should be told what was being done with their information. Direct marketing Lord Kamall said the industry was concerned that a recent case between Experian and the ICO had led to confusion about the use the open electoral register for direct marketing purposes – the ICO interpretation would require a notification to every individual for every issue affecting their ability to target customers, though there were clear concerns about privacy. Digital identity Lord Holmes thought this could be very positive, but wondered what areas were being looked at. Lord Clement-Jones (Lib Dem) wondered why the UK had chosen not to allow private sector digital ID systems to be used for access to services. Lord Kamall echoed some concerns from the Commons around digital exclusion. Smart data Lords were positive about this – Lord de Clifford noted open banking had brought ‘immense efficiencies and security for small businesses’, though urged caution in extending such schemes so open APIs could not be infiltrated or hacked. Lord Holmes thought there were ‘clearly extraordinary opportunities but they are not inevitabilities’, and that we need to understand consent mechanisms and for citizens to be enabled to understand it is their data. Democratic engagement Lord McNally thought these new powers ‘may invite abuse. I put that mildly’, referring to a Financial Times article that morning. Baroness Bennett said the Bill would allow the Government to tear up long-standing campaign rules with new exemptions and safeguards being removed. She noted what the ICO had said during public consultation: ‘This is an area in which there are significant potential risks to people if any future policy is not implemented very carefully’. Baroness Uddin said the Direct Marketing Association thought this could be open to abuse. Lord Bassam said ‘These powers were opposed in the public consultation on the Bill; this is not what the public want. We have to wonder at the motives of the Government in trying to change these rules at such a late stage and with the minimum of scrutiny’. Horizon Lord Arbuthnot (Con): ‘I have learned in relation to the Post Office scandal that the complexity of computers is such that nobody really fully understands exactly what programs will do, so it is absurd that there is still in law a presumption that computers will operate as they are intended to. I hope that noble Lords will be able to turn their minds to changing that in the relatively near future.’ Death registration The Bishop of Southwell and Nottingham commended the move from a paper to an electronic register, but noted the UK Commission on Bereavement had recommended more could be done to reduce the administrative burden on bereaved people (including notifying private companies). Work to do Peers were agreed that there was ‘an enormous amount of work to do’ on the Bill (Baroness Bennett); ‘The Bill will need a lot of work, and there are hours and hours of happy fun in front of us’ (Baroness Young). They also thought the stakes were high: Lord Davies said ‘the Bill is consistently behind the curve, always fighting the last war… I am not convinced that sufficient thought has been given to how developments in digital technology require developments in how it is tackled in legislation’, and Lord Vaux that: ‘We must get this Bill right. If we do not, we risk substantial damage to the economy, businesses, individuals’ privacy rights—especially children—and even, as far as the surveillance elements go, to our status as a free and open democratic society.’ Closing statements For the Lib Dems, Lord Clement-Jones noted that ‘not a single speaker failed to express concerns about the contents of the Bill… so much of the Bill seems almost entirely motivated by the Government’s desire to be divergent from the EU to get some kind of Brexit dividend’. He complained that ‘the Bill dilutes where it should strengthen the rights of data subjects’ and wanted a strengthening of article 22, to include partly as well as fully automated decisions; worried the move from data protection officers and data protection impact assessments ‘simply sets up a potential dual compliance system with less assurance—with what benefit?’ Given the ‘catalogue’ of problems, it was no surprise so many peers raised data adequacy; he hoped the minster ‘has some pretty good answers, because there is certainly a considerable degree of concern’. He was concerned about biometrics (which need new legislation) and DWP powers (‘entirely disproportionate and we will be strongly opposing them’. There was a ‘whole series of missed opportunities’ to ‘create ethical, transparent and safe standards for AI systems’ and for greater imagination around new models of personal data control. The Bill is ‘a dangerous distraction. It waters down rights, it is a huge risk to data adequacy, it is wrong in many areas and it is a great missed opportunity in many others.’ The Bill ‘appears to have very few friends around the House’ and should expect ‘to have a pretty rough passage’. For Labour, Lord Bassam concluded that ‘The range of concerns raised is a good indication of the complexity of this Bill and the issues which will keep us pretty busy in Committee’. While supporting ‘the principle of modernising data protection legislation and making it suitable for a rapidly changing technological landscape’, the Bill was ‘a missed opportunity to grasp the challenges in front of us. It tinkers rather than reforms, it fails to offer a new direction and it fails to capitalise on the positive opportunities the use of data affords, including making data work for the wider social good’. He agreed with Lord Holmes that it did not treat our data with respect. He worried that all too soon we would be back with a No. 3 Bill to ‘address the more profound issues at the frontier of data use’. Rights were being ‘watered down or compromised’ and the ‘widespread fear of machines making fundamental decisions about our lives with no recourse to a human being to moderate the decision’ were felt more widely than individual data subjects. The coroner access to data amendment had ‘broken the trust of bereaved parents who were expecting this issue to be resolved in the Bill’. All in all: ‘we regard the Bill as a disappointment that fails to harness the huge opportunities that data affords and to build in the appropriate safeguards. My noble friend Lord Knight put his finger on it well, at the front of the debate, when he said that we need a data protection Bill, but not this Bill… we look forward to a long and fruitful exchange with the Government over the coming months. This will be a Bill that challenges the Government’. For the government, Viscount Camrose thanked peers for their ‘powerful and learned contributions to a fascinating and productive debate’. He underlined the support it enjoys from ‘both the ICO and industry groups’. It was ‘certainly not our intent’ that the Bill does not go far enough in protecting personal data rights and stressed that the fundamentals of GDPR remain at its heart. On democratic engagement, he said the government would always need to consult ICO, other interested parties and gain parliamentary approval. The ICO remains independent. ‘The Government believe that our reforms are compatible with maintaining our data adequacy decisions from the EU’. They would listen to bereaved parents (and appear to have done so). Abolishing the Surveillance Camera Commissioner would end duplication and improves consistency. And on DWP powers – the department was reliant on legislation over 20 years old, parliamentary time was tight, and DWP had been working closely with industry to test the proposals. Next steps The Bill goes to Lords Committee stage next, where the Lords will go through the Bill line-by-line. Dates have yet to be confirmed, but rumours suggest it will be late February. The committee will be a ‘Grand Committee’. This means any member of the Lords is welcome to go along, but there are no votes – any changes to the Bill have to be agreed unanimously. If an amendment is not generally agreed, the member is expected to withdraw it and instead bring it at the next stage, Report Stage, when Lords will hear and vote on amendments. After that, it’s Third Reading in the Lords – a final opportunity for Lords to make amendments – and then back to the Commons for them to consider the Lords’ amendments. The Bill will then ‘ping pong’ between the two Houses until all amendments are agreed. Some amendments have gone down already (and there are some updates to the supporting documentation, too). Committee will examine the Bill in the following order: Clauses 1 to 5: data protection definitions and lawfulness of processing Schedule 1: recognised legitimate interests Clause 6: purpose limitation Schedule 2: purpose limitation Clauses 7 to 14: processing and international law, and political opinions; data subjects’ rights; automated decision-making Schedule 3: automated decision-making Clauses 15 to 24: obligations of controllers and processors Schedule 4: obligations of controllers and processors Clause 25: transfers of data to third countries and international organisations Schedules 5 to 7: transfers of data to third countries Clauses 26 to 46: safeguards for processing for research; national security; intelligence services; the role of the Information Commissioner and enforcement Schedule 8: complaints Clauses 47 to 51: court procedures around subject access requests, Electronic Identification and Trust Services for Electronic Transactions Regulations; protection of prohibitions, restrictions and data subject’s rights; regulations under GDPR and minor amendments Schedule 9: data protection – minor amendments Clauses 52 to 117: digital verification services; customer data and business data; privacy and electronic communications Schedule 10: privacy and electronic communications Clauses 118 to 128: privacy and electronic communication – codes of conduct and consultation, trust services, information to improve public service delivery, law enforcement information-sharing agreements, information for social security services Schedule 11: power to require information for social security purposes Clauses 129 to 137: retention of information by providers of internet services, retention of biometric data, registers of births and deaths Schedule 12: registers of births and deaths Clause 138: National Underground Asset Register Schedule 13: National Underground Asset Register Clauses 139 to 142: National Underground Asset Register, information standards for health and social care Schedule 14: information standards for health and adult social care Clause 143: the Information Commission Schedule 15: the Information Commission Clauses 144 to 157: the Information Commission; final provisions Title.

Emily Weeknotes

I started 2023 in another role, another organisation. In a sector I’d worked in for almost ten years and felt confident in my topic, role and remit. I was excited, inspired and frankly grabbed, by the opportunity to join CONNECTED BY DATA when it unexpectedly crossed my path (I can’t recall how) and I am still thankful that Jeni, Jonathan and Tim liked what they saw enough to give me the job. Eight months later and I’m still on the learning curve but I’m listening, learning and 2024 will be the time to push myself to become involved in the discussions more, to contribute to (as well as lead) the delivery. I know well of myself that bringing value and having an impact are essential to who I am on a day to day and longer term basis. I feel I’ve succeeded in doing so in a number of organisational / administrative elements including holding participant logistics for two sizeable projects - our People’s Panel on AI and the AI Design Lab. It has been amazing to be part of an organisation delivering so much and impacting in the real world in small and bigger ways. The work of CONNECTED BY DATA ripples globally, nationally and locally. It ripples practically, through research, and in campaigns, and I have no doubt 2024 will be another successful year for a team committed to giving communities a powerful say in decisions about data to create a just, equitable and sustainable world. Reading Week We’ve finished 2023 with reading time. I have a lot that I haven’t been keeping up with and I want to do better with that in 2024 too. But during the reading time I have caught up on a bit and share my highlights (links and brief summary) below. An article about meetings - it’s not unusual to see people suggesting that we spend too much time in meetings and that we should bin them, but what I liked about this writing was also recognising the importance meetings can have (organisationally and individually). Different people will need and get different things from different meetings. This blog was a powerful read about fighting for liberation. The subject is the oppression of Palestianians which is obviously profound and timely. I also took some of these lessons for more generally ‘fighting the good fight’. I am a Trustee of a LGBT+ infrastructure charity and the rise of trans hate is unavoidable…a chance to reflect on how hard it can be, but how important, to keep pushing back against that hate and prejudice was well timed. I spent yesterday listening to the House of Lords receiving the Data Protection and Digital Information Bill for the second reading. I was reassured by those that reflected the observations of Prem Sikka (Labour Lord) in this article. The Bill uses developments in electronic transactions and artificial intelligence to place the poor, disabled, sick, old and pregnant women under surveillance. It gives Ministers and government agencies powers to direct businesses, particularly banks, and financial institutions, to mass monitor individuals receiving welfare payments, even when there is no suspicion or any sign of fraudulent activity. No court order is needed and affected individuals will not be informed. The Bill enables Ministers to make any further regulations without a vote in parliament. I re-read Jeni’s weeknotes from September in which she considered the discussion of ethics in AI. Beyond AI it comes down to treating with care and as individuals. This really resonates with me and my values, and underlines my equality and inclusion focus too (treating everyone as individuals rather than everyone the same). I also read a document Jeni authored after our Policy Lab in Costa Rica earlier this year, about collective data governance. The document considers the phrase, what is it, who does it affect, is it a thing, should it be a thing? Working for an organisation that literally acknowledges we are CONNECTED BY DATA in its name, it seems hard to suggest collective data governance isn’t needed, that there are evidently times when it is not individual data but group data upon which impactful decisions are made. There’s a link here with collective action and collective data rights, which I’ve mused on in a previous Weeknotes. Last, but by no means least, I also read the (not yet published) evaluation report on our People’s Panel on AI. As I mentioned above it was wonderful to play even a small part in this project and this report was a useful read - and reminded me I still want to write up my reflective notes on my learnings from the process.

UK bill waters down protections against ‘robo-firing’ in gig economy, say experts

Law would weaken right to force app-based firms to explain automated decisions, says research group

Data Protection Reform? – Regulatory developments