DCMS launches a consultation on data protection reform

The government is consulting on UK data protection reform as part of the National Data Strategy’s aim to ‘secure a pro-growth and trusted data regime’.

Views are sought on a number of issues in this 146-page paper, including emerging policy areas, such as the governance of AI technologies. The consultation response will help the government to assess the case for legislative change, the DCMS says. However, ‘organisations that comply with the UK’s current regime should still be largely compliant with our future regime, except for only a small number of new requirements’.

The government aims to reduce compliance burdens for organisations. It is asking for example whether public authorities’ duty to appoint a DPO could be modified to be less onerous. For example, public authorities would only be required to make such an appointment if their core activities consist of large-scale monitoring of data subjects or large-scale use of sensitive data or data involving criminal convictions. The government also raises the question whether soft opt-in should be extended to non-commercial organisations, and whether fines under PECR could be raised to the same level as in the UK GDPR.

The government believes ‘it is perfectly possible and reasonable to expect the UK to maintain EU adequacy as it begins a dialogue about the future of its data protection regime and moves to implement any reforms in the future.’

The government intends to relax the requirement to review adequacy regulations every four years. ‘The priority will instead be investment in ongoing monitoring of countries' relevant laws and practices, which will help to ensure more efficiently that third countries continue to provide adequate standards of data protection.’

The consultation is open till 19 November 2021, see: GOV.UK - Data: a new direction