My Lords, I rise to speak in support Amendments 79, 83, 85, 86, 93, 96, 97, 105 and 107, to which I have added my name. An awful lot has already been said. Given the hour of the day, I will try to be brief, but I want to speak to the child amendments I have put my name to and to the non-child ones and to raise things up a level.
The noble Lord, Lord Clement-Jones, talked about trust. I have spent the best part of the past 15 years running consumer and citizen digitally enabled services. The benefit that technology brings to life is clear to me but—this is a really important “but”—our customers and citizens need to trust what we do with their data, so establishing trust is really important.
One the bedrock of that trust is forcing—as a non-technologist, I use that word advisedly—technologists to set out what they are trying to do, what the technology they propose to build will do and what the risks and opportunities of that technology are. My experience as a non-engineer is that when you put engineers under pressure, they can speak English, but it is not their preferred language. They do not find it easy to articulate the risks and opportunities of the technology they are building, which is why forcing businesses that build these services to set out in advance the data protection impacts of the services they are building is so important. It is also why you have to design with safety in mind upfront because technology is so hard to retrofit. If you do not design it up front with ethics and safety at its core, it is gone by the time you see the impact in the real world.
3.15 pm
The architecture that GDPR has created for us does that with data protection officers, independent individuals with legal responsibilities to speak truth to power in companies, and DPIAs—data protection impact assessments, tedious though they are to pull together, and I have done that—which are a really important exercise in forcing technologists to speak in English and set out what the real risks are.
As I speak, I have this sinking feeling that the Minister is going to say that the Bill as set out does not change any of that really, but I feel that the noble Baroness, Lady Kidron, set out in quite a lot of detail—I am confident that there will be even more when she writes to him—where the regime being proposed in the Bill weakens, rather than strengthens, the transparency and trust-building that I think are so important. Rather than just repeat the same worry, I ask my noble friend whether between Committee and Report we could get engaged in that detail.
I would like to believe that we all want the same thing, which is that we do not want to diminish the trust that citizens hold in public and private services that use their data. We do not want to stop that process that forces engineers to set out what they are trying to do and what the risks are. I am willing to be open-minded that there may be some improvements in the Bill—I cannot see them at the moment—but I
think we have to go through that detail. As currently set out, it really looks to me that, as the noble Baroness, Lady Kidron, said, we are replacing granularity with general requirements, when it is granularity that we need. All my experience of building and running digital services is that the huge temptation as a non-technologist is to not get involved in the detail. I give everyone who is not a technologist and starts running a tech business this advice: do not be afraid of the detail, force your engineers to speak in English and get to the detail of what will change for your customers. I feel that we need to do the same with the Bill. I urge the Minister to engage with us between Committee and Report so that we are not voting on very high-end principles but are establishing the detail of what the Bill will do.