Moved by
Lord Clement-Jones
295G: After Clause 149, insert the following new Clause—
“Data risks from systemic competitors and hostile actors
(1) The Secretary of State, in consultation with the Information Commissioner, must conduct a risk assessment on the data privacy risks associated with genomics and DNA companies that are headquartered in countries they determine to be systemic competitors and hostile actors.
(2) Within 12 months of the passage of this Act, the Secretary of State must present this risk assessment report to Parliament and consult the intelligence and security agencies on the findings, taking into account the need to not make public information critical to national defence or ongoing operations.
(3) This risk assessment must evaluate—
(a) the potential for genomic and DNA data to be exfiltrated outside of the UK,
(b) the degree of access granted to foreign entities, particularly those linked to systemic competitors and hostile actors, to the genomic and DNA data collected within the UK,
(c) the potential misuse of genomic and DNA data for dual-use or other nefarious purposes,
(d) the implications for UK national security and strategic advantage,
(e) the risks to the privacy and rights of UK citizens, and
(f) the potential for such data to be used in a manner that could compromise the privacy or security of UK citizens or the national interest.
(4) The risk assessment must include, but is not limited to—
(a) an analysis of the data handling and storage practices of genomics companies that are based in countries designated as systemic competitors and hostile actors,
(b) an independent audit at any company site that could have access to UK genomics data, and
(c) evidence of clear disclosure statements to consumers of products and services from genomics companies subject to data handling and disclosure requirements in the countries they are headquartered.
(5) This risk assessment must be conducted as frequently as deemed necessary by the Secretary of State or the Information Commissioner to address evolving threats and ensure continued protection of the genomics sector from malign entities controlled, directly or indirectly, by countries designated as systemic competitors and hostile actors.
(6) The Secretary of State has the authority to issue directives or guidelines based on the findings of the risk assessment to ensure compliance by companies or personnel operating within the genomics sector in the UK, safeguarding against identified risks and vulnerabilities to data privacy.”
Member’s explanatory statement
This amendment seeks to ensure sufficient scrutiny of emerging national security and data privacy risks related to advanced technology and areas of strategic interest for systemic competitors and hostile actors. It aims to inform the development of regulations or guidelines necessary to mitigate risks and protect the data privacy of UK citizens’ genomics data and the national interest. It seeks to ensure security experts can scrutinise malign entities and guide researchers, consumers, businesses, and public bodies.