The right not to be subject to a decision based solely on automated processing could be watered down in reforms to data protection law - but the government has backed away from the idea of abolishing it entirely. This is one of several concessions expected to be announced in the government’s long-awaited move to create a UK data protection regime distinct from the EU’s General Data Protection Regulation (GDPR).  

Article 22 of the General Data Protection Regulation, now part of the so-called UK GDPR, states that data subjects ’shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her’. In its consultation on reform, the government last year  proposed abolishing the opt-out to encourage the 'data driven economy'.

However in its response published this morning the government said it would not 'pursue this proposal'. The response concedes that the vast majority of respondents opposed the proposal to remove Article 22, saying that the right to human review of important decisions taken by computer algorithm was a key safeguard. Instead, the response states, reforms will 'cast Article 22 as a right to specific safeguards, rather than as a general prohibition on solely automated decision-making'.

The concession to public opposition does not apply to another controversial proposal, removing the requirement to designate a data protection officer. The response states that the government plans to proceed with this proposal, requiring instead that organisations give the task to 'a designated senior individual'.

Other changes in the Data Reform Bill include:  

  • Increased fines for nuisance calls and texts and other serious data breaches. 
  • Measures to reduce the number of ‘user consent’ pop-ups and banners on websites. Web users will be able to set an overall approach to how their data is collected and used, rather than having to give consent every time. 
  • A new governance regime for the Information Commissioner's Office. This will put greater emphasis on taking into account growth, innovation and competition.

The government claims that reforms to data protection laws could save UK businesses £1bn a year. However its freedom of manoeuvre will be limited if it wishes to retain 'data adequacy' status with the EU.  'The shadow of the EU GDPR will still loom large over UK businesses that operate across the EU and UK,'  said Ross McKenzie, partner and data protection expert at international firm, Addleshaw Goddard LLP. 'Many businesses will struggle to benefit from streamlined laws as a result and will need to juggle a twin track regime.'

Digital Secretary Nadine Dorries said: ’Today is an important step in cementing post-Brexit Britain’s position as a science and tech superpower. Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection. Outside of the EU we can ensure people can control their personal data, while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation.’