Fears AI overhaul could lead to personal data being accessed by US government

Gloucestershire County Council is planning a £3.4m overhaul of its services with a greater reliance on artificial intelligence

There are concerns that Gloucestershire residents’ personal data could be at risk of being accessed by the US Government. The UK relies heavily on American technology companies for cloud services, which enable the remote storage and processing of data.

With Gloucestershire County Council planning to modernise its operations and increase its dependence on artificial intelligence, questions have emerged over the implications this could have for residents’ data security.

Councillor Craig Horrocks (G, Rodborough) brought the matter to light at last week’s corporate overview and scrutiny committee, as a new £3.4m overhaul programme incorporating greater use of AI was under discussion.

He commended the council’s efforts in boosting productivity through technology, but voiced concerns regarding data security due to American legislation that could compel US firms to surrender data belonging to British citizens to the US Government.

“I don’t see any evidence of a focus on data security,” Cllr Horrocks said.

He described the situation as “particularly concerning”, noting that elsewhere across Europe there is “a move away from US-based systems to either self-hosted open source systems or European-hosted systems”.

“Because the Cloud Act in America means if America warrants are pushed forward our data is not safe,” he said.

He further clarified that the data does not need to be physically stored within the US for it to be at risk.

“Any company that is served a warrant, for example, Microsoft, by the US Government to look at data held on Microsoft systems through Microsoft AI, they have no ability to refuse that,” he said.

“My concern is that if we are going further into the Microsoft AI route that will get baked into a working practice which will almost inevitably go forward into the post-local government reorganisation.

“Has any consideration been given, not just that, because there are other data security issues as well.”

Deputy chief executive Nina Philippidis described it as “absolutely” a valid point to raise and confirmed the matter is something the council’s data and IT teams dedicate considerable time thinking about.

“Bearing in mind, this isn’t the start of our AI journey,” she said. “We have already been using Copilot in the organisation.

“We are already using Magic Notes and clearly it is looking at social work data, so again, we have had to spend an awful lot of time working through those issues to make sure we are fully compliant.”

She acknowledged Cllr Horrocks’ observation that “things are changing rapidly” and that it is something they are “keeping a very close eye on”.

“We won’t be doing anything that puts residents’ data at risk,” she concluded.

Cllr Horrocks responded arguing that “you can’t help but because of the Cloud Act and I’d also say there are many European national and local governments that are very rapidly moving away from it because they are concerned.” Ms Philippidis said she would take his points and discuss them with the team.