Every year on the 28th January, Data Protection Day is celebrated globally to mark the date that Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data was open for signature. On this day, national governments, parliaments and other data protection bodies are encouraged to carry out activities to raise awareness of the importance personal data protection and privacy data.

This article looks at recent developments in the field of Data Protection, including use of live facial recognition, the leaking of Schengen Information System (SIS) data and Huawei.

 

Facial Recognition

On 27th January in an exchange of views with Margrethe Vestager, Executive Vice-President of the European Commission for a Europe Fit for the Digital Age. The Commissioner said that they are aiming to adopt a White Paper on Artificial Intelligence and Strategy Data on the 19 February 2020. Ms Vestager said that the Commission are currently looking closely at sensitive technologies such as facial recognition, and how it may be used in ways that would raise serious concerns when it comes to not only Data Protection, but also Fundamental Values such as the ‘Right to Assemble’. The Commission said that they may need a different approach to be able to deal with such forms of sensitive technologies to ensure that they are used in an appropriate manner.

Also, on the 27 January 2020, Sarah Olney, MP (Lib Dem) asked the Secretary of State of the Home Department, an urgent question: ‘Will she make a statement on police use of automated facial recognition surveillance?’ Kit Malthouse, Minister for Crime, Policing and the Fire Service spoke on behalf of the UK Government by saying: “The High Court has found that there is an appropriate legal framework for the police use of live facial recognition, and that includes police common-law powers, data protection and human rights legislation, and the surveillance camera code.”[1] Malthouse commented on police use of sensitive personal data and that it is only used when it is appropriate and proportionate to do so. He commented on the fact that police have a watchlist, for which they apply strict controls when gathering data and delete all records immediately if the person’s face does not match, police do not share data with third parties.

Chi Onwurah (Shadow Industrial Strategy Minister) asked what minimum standards the Government will be putting in place before facial recognition technology is rolled-out with regards to lack of diversity, which could lead to unequal opportunities. Kit Malthouse responded by saying that the Government will consider changes which need to be incorporated into the legal framework to ensure a position of confidence with the public on new technologies.

 

UK’s use of Schengen Information System

In May 2018 the EU Observer obtained a secret EU Report that alleged the UK had been making illegal copies of classified personal information from the SIS database. On 18th September 2019 a question for written answer was put to the Commission by several members of the Renew Group on the Illegal use of Schengen Information System database by UK authorities. The matter was discussed publicly by the Civil Liberties, Justice and Home affairs (LIBE) Committee on 9th January 2020 and was rasied again by Lord Jay at the LIBE Committee meeting on 27th January 2020. Lord Jay (Chairman of the UK’s Home Affairs Committee) announced he had written to the UK Minister for security last week expressing concern over the issue and asking how the UK Government plans to address the breaches.

During discussions of the Committee on both occasions, MEPs from all corners made it abundantly clear their distrust of the UK government and their handling of sensitive data on EU citizens. MEPs also expressed their extreme dissatisfaction with the Commissions handling of matters and its failure to keep to the deadline to provide a written response to the question. At the time of writing there has been no written response from the Commission.

The question MEPs are now asking is if they cannot trust the UK government to protect sensitive data when they are inside the European Union – how can the UK be trusted when it is no longer a Member State? This is a question which may prove instrumental in the upcoming negotiations on the UK’s future relationship with the EU.

 

Huawei

On 28th January, Prime Minister Boris Johnson announced the UK will allow Huawei to supply the equipment for the 5G networks. This will include antennas, and stations which transmit but do not store personal data. Huawei will however have a limited role in the UK’s 5G network and will not have access to the core parts of the UK’s network which includes the processing and sorting of sensitive personal data. The UK has also limited Huawei’s market share to 35%.

The decision comes after months of discussions between British intelligence officials who believe that such an arrangement would be sufficient to significantly reduce the risk posed to consumers in the UK of theft of their personal data. The decision came despite repeated warnings from the US that the UK should impose a blanket ban on Huawei equipment in the UK. The timing of the decision could not be more crucial with Britain leaving the European Union on 31st January the UK will seek to build a close relationship with the US however the US has threatened to cut back on intelligence sharing with countries that allow Huawei into the networks.

 

 

[1] https://hansard.parliament.uk/Commons/2020-01-27/debates/9AEC6C71-400E-49D9-8B49-15D9ED8C693F/AutomatedFacialRecognitionSurveillance