The Data Protection Bill is currently being debated in the House of Lords. An amendment has been tabled to create a Personal Data Ethics Advisory Board.

In a report earlier this year, the Royal Society and the British Academy recommended the creation of a stewardship body with many of the functions proposed for the Board, but also some differences. One of our major concerns in the report was the need to connect debates about the uses of data across sectors, so the body we recommended was concerned with all forms of data, rather than personal data specifically.

The below outlines why we recommended a stewardship body, that will hopefully inform debate of this amendment in the Lords. It will be helpful to hear Peers’ views on the need for connectedness in the governance of data across sectors, and their views on what form such a stewardship body might take.


The Data Protection Bill seeks to ensure that the UK’s data protection laws are fit for the digital age in which an ever increasing amount of data is being processed, and ensure that the UK is prepared for the future after we have left the EU. It was introduced to the Lords earlier this year, it has just entered Committee stage where it will be scrutinised clause by clause, and will then head to the Commons for further scrutiny. It did not originally contain any proposals for an ethics body but, alongside plans for a new Data Protection law, the Conservative manifesto outlined plans to “institute an expert Data Use and Ethics Commission to advise regulators and parliament on the nature of data use and how best to prevent its abuse. The Commission will help us to develop the principles and rules that will give people confidence that their data is being handled properly.” The government has not yet confirmed how it plans to take this forward. This amendment probes government’s plans in this space.

After Clause 13



Insert the following new Clause—

“Personal Data Ethics Advisory Board

(1) The Secretary of State must appoint an independent Personal Data Ethics Advisory Board as soon as reasonably practicable after the passing of this Act.

(2) The Personal Data Ethics Advisory Board’s functions, in relation to the processing of personal data to which the GDPR and this Act applies, are to—

(a) monitor further technical advances in the use and management of personal data and their implications for the rights of data subjects;

(b) protect the individual and collective rights and interests of data subjects in relation to their personal data;

(c) ensure that trade-offs between the rights of data subjects and the use and management of personal data are made transparently, accountably and inclusively;

(d) seek out good practices and learn from successes and failures in the use and management of personal data; and

(e) enhance the skills of data subjects and controllers in the use and management of personal data.

(3) The Personal Data Ethics Advisory Board must report annually to the Secretary of State.

(4) The report in subsection (3) may contain recommendations to the Secretary of State and the Commissioner relating to how they can improve the processing of personal data and the protection of data subjects’ rights by improving methods of—

(a) monitoring and evaluating the use and management of personal data;

(b) sharing best practice and setting standards for data controllers; and

(c) clarifying and enforcing data protection rules.

(5) The Secretary of State must lay the report in subsection (3) before both Houses of Parliament.”

What is the issue?

The amount of data generated from the world around us has reached levels that were previously unimaginable. Meanwhile, uses of data-enabled technologies promise benefits, from improving healthcare and treatment discovery, to better managing critical infrastructure such as transport and energy. See our interactive infographic to see how the data-enabled technology of machine learning – a form of AI that allows computer systems to learn – is already transforming our lives.

These new applications can make a great contribution to our lives but to realise these benefits, we must navigate significant choices and dilemmas: we must consider who reaps the most benefit from capturing, analysing and acting on different types of data, and who bears the most risk.

People’s views on data collection, sharing and use depend on purpose and context. For example, people take into account what the benefit(s) would be and who would receive those benefits.

In this fast-moving landscape, these questions need to be addressed in a timely manner if the overall system of governance for data management and data use is to maintain public trust.

This presents two challenges for policymakers:

  • Regulatory regimes may lack the agility required in this rapidly changing world. Technology moves faster than the law, which can create uncertainty in which organisations have to operate and can also erode public confidence.
  • Different sectors, such as health or transport, are developing different approaches to data, both personal and non-personal. Yet new ways of using data and the interconnected nature of digital systems means that governance frameworks and mechanisms designed for one purpose or application may have implications for its use in another.

A stewardship body

We need to take a connected approach to the governance of data and its uses across sectors. This is partly because of the interconnected nature of digital systems as described above, but also as different sectors grapple with challenges arising from themes such as privacy, consent, bias and quality, it is likely that there is much to be learned from each other.

There is already considerable regulation and a number of public and private actors with roles across the data governance landscape, including the ICO. However there are gaps and a need for stewardship of the landscape as the whole, including all types of data, personal and non-personal.

We recommend two things are needed:

  • A set of high-level principles to help visibly shape all forms of data governance and ensure trustworthiness and trust in the management and use of data as a whole.  These can fill the gap between law and fast-moving technology
  • A body to steward the evolution of the governance landscape as a whole. Such a stewardship body would be expected to conduct expert investigation into novel questions and issues, and enable new ways to anticipate the future consequences of today’s decisions

Our recommendations are not entirely reflected by this amendment. The body we recommend would look at all types of data use, personal and non-personal. And we do not go so far as to recommend what the stewardship body should look like or whether it should have a statutory basis in legislation as proposed by this amendment – recommending that its exact form and functions should be subject to political and public debate. We do give some suggestions of similar bodies that policymakers might draw from in developing this (see page 78 of our report for some reflections on this) and highlight that it is important to recognise that the role of any stewardship body and its place in the landscape are likely to change and develop as data-enabled technologies become even more widely adopted and new challenges  emerge. However there are two things that must be considered in its establishment to ensure it can be effective:

  • Being tightly coupled to decision processes: It might be set up to report to Parliament directly (as proposed in this amendment), for example. It might also feed into processes within relevant departments and regulators or other bodies. Depending on the exact arrangement desired, this might or might not require statutory grounding.
  • Being durable and visible: It will take time to build the reputation and legitimacy needed in diverse communities to carry out the body’s role effectively. Without secure funding from the start, a stewardship body is unlikely to have the freedoms needed to carry out ambitious functions and to meaningfully steer the landscape in a way that can demonstrate its value.

The debate in the Lords will be helpful in hearing peers views on the need for connectedness in the governance of data across sectors, and their views on what form such a stewardship body might take.