Gloucestershire Council's AI Overhaul Raises US Data Access Concerns
Gloucestershire County Council is planning a significant £3.4 million overhaul of its services, with a greater reliance on artificial intelligence to modernise operations and boost productivity. However, this ambitious technological shift has sparked serious concerns that residents' personal data could be at risk of being accessed by the United States government.
Scrutiny Committee Highlights Data Security Risks
The issue was brought to light by Councillor Craig Horrocks (G, Rodborough) during last week's corporate overview and scrutiny committee, where the new AI-focused programme was under discussion. While commending the council's efforts to enhance efficiency through technology, Cllr Horrocks voiced strong apprehensions regarding data security, pointing to American legislation that could compel US-based technology firms to surrender data belonging to British citizens to US authorities.
"I don't see any evidence of a focus on data security," Cllr Horrocks stated, describing the situation as "particularly concerning". He noted that across Europe, there is a growing trend away from US-based systems towards self-hosted open source solutions or European-hosted alternatives, driven by fears over data protection.
The Cloud Act and Its Implications
Cllr Horrocks specifically highlighted the US Cloud Act, which allows American warrants to compel companies like Microsoft to provide data stored on their systems, regardless of its physical location. "Because the Cloud Act in America means if America warrants are pushed forward our data is not safe," he explained. He emphasised that any company served such a warrant has no ability to refuse, putting data processed through Microsoft AI or similar platforms at potential risk.
His concern extends to the long-term integration of such systems, warning that reliance on US-based AI could become "baked into a working practice" that persists beyond local government reorganisation, without adequate safeguards against data breaches or unauthorised access.
Council's Response and Existing AI Use
Deputy chief executive Nina Philippidis acknowledged the validity of these points, confirming that the council's data and IT teams dedicate considerable time to addressing such security issues. "We won't be doing anything that puts residents' data at risk," she assured, while noting that this is not the beginning of the council's AI journey.
Ms Philippidis revealed that the council is already using AI tools like Copilot and Magic Notes, which handle sensitive data such as social work information. She stated that the organisation has spent significant effort ensuring compliance with data protection standards and is closely monitoring rapid technological changes to mitigate risks.
Ongoing Debate and European Comparisons
In response, Cllr Horrocks argued that data risk is inevitable under the Cloud Act, citing examples of European governments moving away from US systems due to similar concerns. Ms Philippidis agreed to take his points back to the team for further discussion, indicating that the debate over balancing technological advancement with data security will continue as the £3.4m overhaul progresses.
The council's reliance on American cloud services for data storage and processing underscores broader tensions between global tech integration and national data sovereignty, with Gloucestershire residents' privacy hanging in the balance.
