The government welcomes views on the following issues: Q1.5.18. Please share your views on the effectiveness and proportionality of data protection tools, provisions and definitions to address profiling issues and their impact on specific groups (as described in the section on public trust in the use of data-driven systems), including whether or not you think it is necessary for the government to address this in data protection legislation.
Q1.5.19. Please share your views on what, if any, further legislative changes the government can consider to enhance public scrutiny of automated decision-making and to encourage the types of transparency that demonstrate accountability (e.g. revealing the purposes and training data behind algorithms, as well as looking at their impacts).
Q1.5.20. Please share your views on whether data protection is the right legislative framework to evaluate collective data-driven harms for a specific AI use case, including detail on which tools and/or provisions could be bolstered in the data protection framework, or which other legislative frameworks are more appropriate. 113. Further work is underway, as part of the National AI Strategy and Centre for Data Ethics and Innovation’s AI Assurance workstream, to assess the need for broader algorithmic impact assessments. The responses to the above questions will inform that work. This consultation document also covers algorithmic transparency in the public sector specifically, detailed in section 4.4. 1.6 Data Minimisation and Anonymisation 114. The UK's data protection legislation requires that personal data is adequate, relevant and limited to what is necessary, or not excessive, in relation to the purposes for which it is processed; this is commonly known as the data minimisation principle. This principle requires, for example, that organisations employ methods for processing that achieve their ends without making use of personal data unnecessarily. 115. Data minimisation techniques, such as pseudonymisation, can be applied to safeguard personal data, which in turn may allow for such data to be shared in safer ways. Sharing data openly but safely can be highly valuable - for example, in the research community it can allow for crossvalidation of scientific results, significantly improving the reliability of findings. 116. Personal data is defined as any information relating to an identified or identifiable individual. There is a spectrum of identifiability: the process of safeguarding a dataset with data minimisation techniques should make it less easy to use on its own or in combination with other information to identify a person either directly or indirectly. For example, pseudonymised data is personal data which has been put through a process so that it cannot be used to identify an individual without additional information. Personal data may also undergo the process of anonymisation, so that an individual is not or no longer identifiable. 44
