Written questions by Davis.

Innovation and Technology, by how much they plan to reduce their Department's budget to help fund the digital ID scheme.

Digital Identity policy is in development, with a dedicated team inside the Cabinet Office working to develop the proposals.Costs in this Spending Review period will be met within the existing Spending Review settlements.We are inviting the public to have their say in the upcoming consultation as we develop a safe, secure, and inclusive system for the UK. No final decisions will be made until after the consultation.

Innovation and Technology, if he will take steps to ensure that the National Security Online Information Team's social media monitoring work can be scrutinised by (a) Parliament and (b) the public.

DSIT ministers remain accountable to parliament and routinely answer questions from parliamentarians and select committees, including on the work of the National Security Online Information Team (NSOIT).The department continues to respond to correspondence, Freedom of Information Act requests and Subject Access Requests from parliamentarians and members of the public. NSOIT has also published privacy notices which are accessible to the public on Gov.uk

Innovation and Technology, what assessment he has made of the potential impact of the National Security Online Information Team's policies on the collection of personal data on people's ability to establish what information the Government holds about them.

DSIT’s National Security Online Information Team (NSOIT) does not actively collect personal data. However, it may receive or process some personal data in the course of its work and follows the requirements of UK GDPR and any advice or guidance from the Information Commissioner’s Office. NSOIT has published privacy notices on Gov.uk which set out how personal data may be processed. These notices include a section explaining the public’s data protection rights and how to establish if NSOIT does hold any individual data.

Innovation and Technology, with reference to the report entitled Securing meaningful transparency of public sector use of AI: Comparative approaches across five jurisdictions, published by the Public Law Project in October 2024, whether he has made an assessment of the potential merits of putting public sector compliance with the Algorithmic Transparency Recording Standard on a statutory footing.

Central government departments and arm’s-length bodies (ALBs) have been working to draft Algorithmic Transparency Recording Standard (ATRS) records since this became mandatory earlier this year. Publication plans were disrupted by the general election, but multiple records are expected to be published soon. Since the introduction of a mandatory requirement for use of ATRS in cross-government policy, we have seen a significant acceleration in progress towards adopting it, which will be reflected soon in published records. As such, we do not believe that legislation is necessary at this time. We will continue to explore further options for encouraging and enforcing the use of the ATRS, and the need to extend the breadth of the policy beyond central government. In the UK’s data protection framework, Article 22 of the UK GDPR sets out the rules relating to solely automated decisions that have legal or similarly significant effects on individuals. Under these circumstances, individuals have the right to specific safeguards, including being notified of the decisions, being provided information about the solely automated decision making that has been carried out, and the right to contest those decisions and to obtain human intervention. These specific safeguards for solely automated decision making complement the wider data protection framework’s existing data subject rights, including the rights to transparency, objection and access. Organisations must also continue to observe the data protection principles to ensure personal data is processed lawfully, fairly and transparently. These rules apply to all organisations, including public bodies.

Innovation and Technology, with reference to the report entitled Securing meaningful transparency of public sector use of AI: Comparative approaches across five jurisdictions, published by the Public Law Project in October 2024, whether he has made an assessment of the potential merits of introducing a requirement on public bodies to notify individuals when a decision has been taken about them that was (a) made and (b) supported by (i) AI, (ii) an algorithmic and (iii) automated tool.

Central government departments and arm’s-length bodies (ALBs) have been working to draft Algorithmic Transparency Recording Standard (ATRS) records since this became mandatory earlier this year. Publication plans were disrupted by the general election, but multiple records are expected to be published soon. Since the introduction of a mandatory requirement for use of ATRS in cross-government policy, we have seen a significant acceleration in progress towards adopting it, which will be reflected soon in published records. As such, we do not believe that legislation is necessary at this time. We will continue to explore further options for encouraging and enforcing the use of the ATRS, and the need to extend the breadth of the policy beyond central government. In the UK’s data protection framework, Article 22 of the UK GDPR sets out the rules relating to solely automated decisions that have legal or similarly significant effects on individuals. Under these circumstances, individuals have the right to specific safeguards, including being notified of the decisions, being provided information about the solely automated decision making that has been carried out, and the right to contest those decisions and to obtain human intervention. These specific safeguards for solely automated decision making complement the wider data protection framework’s existing data subject rights, including the rights to transparency, objection and access. Organisations must also continue to observe the data protection principles to ensure personal data is processed lawfully, fairly and transparently. These rules apply to all organisations, including public bodies.

Innovation and Technology, with reference to the report entitled Securing meaningful transparency of public sector use of AI: Comparative approaches across five jurisdictions, published by the Public Law Project in October 2024, what assessment he has made of the potential merits of introducing a requirement on public bodies, when a decision has been taken about an individual that was (a) made and (b) supported by (i) AI, (ii) an algorithmic and (iii) automated tool, to proactively provide an explanation of (A) how and (B) why the decision was reached.

Central government departments and arm’s-length bodies (ALBs) have been working to draft Algorithmic Transparency Recording Standard (ATRS) records since this became mandatory earlier this year. Publication plans were disrupted by the general election, but multiple records are expected to be published soon. Since the introduction of a mandatory requirement for use of ATRS in cross-government policy, we have seen a significant acceleration in progress towards adopting it, which will be reflected soon in published records. As such, we do not believe that legislation is necessary at this time. We will continue to explore further options for encouraging and enforcing the use of the ATRS, and the need to extend the breadth of the policy beyond central government. In the UK’s data protection framework, Article 22 of the UK GDPR sets out the rules relating to solely automated decisions that have legal or similarly significant effects on individuals. Under these circumstances, individuals have the right to specific safeguards, including being notified of the decisions, being provided information about the solely automated decision making that has been carried out, and the right to contest those decisions and to obtain human intervention. These specific safeguards for solely automated decision making complement the wider data protection framework’s existing data subject rights, including the rights to transparency, objection and access. Organisations must also continue to observe the data protection principles to ensure personal data is processed lawfully, fairly and transparently. These rules apply to all organisations, including public bodies.

Innovation and Technology, with reference to the Answer of 14 May 2024 to Question 24976 on Artificial Intelligence: Government Departments, what recent estimate he has made of when phase one Departments will publish their first Algorithmic Transparency Recording Standard (ATRS) records on the ATRS hub.

Central government departments and arm’s-length bodies (ALBs) have been working to draft Algorithmic Transparency Recording Standard (ATRS) records since this became mandatory earlier this year. Publication plans were disrupted by the general election, but multiple records are expected to be published soon. Since the introduction of a mandatory requirement for use of ATRS in cross-government policy, we have seen a significant acceleration in progress towards adopting it, which will be reflected soon in published records. As such, we do not believe that legislation is necessary at this time. We will continue to explore further options for encouraging and enforcing the use of the ATRS, and the need to extend the breadth of the policy beyond central government. In the UK’s data protection framework, Article 22 of the UK GDPR sets out the rules relating to solely automated decisions that have legal or similarly significant effects on individuals. Under these circumstances, individuals have the right to specific safeguards, including being notified of the decisions, being provided information about the solely automated decision making that has been carried out, and the right to contest those decisions and to obtain human intervention. These specific safeguards for solely automated decision making complement the wider data protection framework’s existing data subject rights, including the rights to transparency, objection and access. Organisations must also continue to observe the data protection principles to ensure personal data is processed lawfully, fairly and transparently. These rules apply to all organisations, including public bodies.