Viscount Camrose:

Moved by Viscount Camrose

73: After Clause 132, insert the following new Clause—“Data risks from systemic competitors and hostile actors(1) The Secretary of State, in consultation with the Information Commissioner, must conduct a risk assessment on the data privacy risks associated with genomics and DNA companies that are headquartered in countries the Government determines to be systemic competitors and hostile actors.(2) Within 12 months of the day on which this Act is passed, the Secretary of State must present a report on the risk assessment in subsection (1) to Parliament and consult the intelligence and security agencies on the findings, taking into account the need not to make public information critical to national defence or ongoing operations.(3) This risk assessment must evaluate—(a) the degree of access granted to foreign entities, particularly those linked to systemic competitors and hostile actors, to genomic and DNA data collected within the United Kingdom;(b) the potential for genomic and DNA data to be exfiltrated outside of the United Kingdom;(c) the potential misuse of United Kingdom genomic and DNA data for dual-use or nefarious purposes;(d) the potential for such data to be used in a manner that could compromise the privacy or security of United Kingdom citizens or undermine national security and strategic advantage.(4) The risk assessment must consider and include, but is not limited to—(a) an analysis of the data handling and storage practices of genomics companies that are based in countries designated as systemic competitors and hostile actors,(b) an independent audit, including digital and physical forensic examination, at any company site that could have access to United Kingdom genomics data, and(c) evidence of clear disclosure statements to consumers of products and services from genomics companies subject to data sharing requirements in the countries where they are headquartered. (5) This risk assessment must be conducted as frequently as deemed necessary by the Secretary of State or the Information Commissioner to address evolving threats and ensure continued protection of the genomics sector from entities controlled, directly or indirectly, by countries designated as systemic competitors and hostile actors.(6) The Secretary of State may issue directives or guidelines based on the findings of the risk assessment to ensure compliance by companies or personnel operating within the genomics sector in the United Kingdom, safeguarding against identified risks and vulnerabilities to data privacy.”Member's explanatory statementThis amendment seeks to ensure sufficient scrutiny of national security and data privacy risks related to advanced technology and areas of strategic interest for systemic competitors and hostile actors, inform the development of regulations or guidelines to mitigate those risks, and ensure security experts can scrutinise malign entities and guide researchers, consumers, businesses, and public bodies.

My Lords, I move Amendment 73 standing in my name which would require the Secretary of State to undertake a risk assessment on the data privacy risks associated with genomics and DNA companies that are headquartered in countries which the Government determine to be systemic competitors and hostile actors. The UK is a world leader in genomics research, and this a growing sector that makes an important contribution. The opportunities in genomics are enormous and we should take the steps needed to protect the UK’s leading role here.

I was pleased to hear from the noble Baroness, Lady Jones of Whitchurch, in Committee that:

“the Government have continued the important work of the UK Biological Security Strategy of 2023, including by conducting a full risk assessment and providing updated guidance to reduce the risks from the misuse of sensitive data”.

The Minister also gave the undertaking that the Government would

“brief the Joint Committee on the National Security Strategy on the findings of the risk assessment in the new year

I would be very grateful if the Minister could confirm whether the Joint Committee has been briefed and, if not, when that will happen.

I look forward to continuing to engage with Ministers on the issue of data security in the face of growing threats from international competitors and hostile actors.

I thank the noble Viscount, Lord Camrose, for giving me an opportunity to speak for 45 minutes on genomics, which I know everyone will be very grateful for. I shall resist that temptation and thank him for the amendment on security in genomic data.

As he is aware, the UK is a world leader in genomics, and its various datasets and studies have contributed to health globally. I also note that the UK Biological Security Strategy of 2023 has been endorsed by this Government and a variety of measures are under active consideration. I recognise the noble Viscount’s desire for quick movement on the issue and agree with him that this is of great importance. I reassure him that my officials are working at speed across government on this very issue. I would be very happy to brief him and other noble Lords present today on the findings of the risk assessment in due course. We have not yet engaged with the Joint Committee on National Security Strategy but will do shortly as per standard practice.

I hope that the noble Viscount will appreciate that this work is live and will grant a little patience on this issue. I look forward to engaging with him soon on this but, in the meantime, I would be grateful if he would withdraw his amendment.

I thank the Minister for his clear response and for taking pity on the House and not giving us the full benefit of his knowledge of genomics. Meanwhile, I recognise that we have to move with deliberateness here and not rush into the wrong solution. I gratefully accept his offer of further briefings and beg leave to withdraw my amendment.

Amendment 73 withdrawn.