Government continues work on UK reform bill

The government is finalising clauses of the draft Bill to be issued as soon as possible. Speaking today at Privacy Laws & Business 35th International Conference in Cambridge, Elizabeth Stafford from the data reform team at the Department for Digital, Culture, Media and Sport (DCMS) said that one of the areas that still needs to be finalised is the lawful basis available for automated decision making. The government’s intention is to clarify when automated decisions can take place.

Stafford said that the government wants to build on the GDPR rather than reinvent the wheel. The assumption is that organisations that are currently complying with the GDPR would not have to do much, or anything, to be compliant under the new law.

Responding to criticisms that the reform will be a threat for the UK’s EU data adequacy, she said that to receive adequacy was a rigorous process and this will be repeated with the new law. However, she emphasised that the UK will maintain its high data protection standards, as the law reform is not a significant diversion from the GDPR.

Today, the DCMS announced that it has, in principle, agreed data adequacy agreement with South Korea.

Mairead O’Reilly, ICO’s Senior Data Privacy Lawyer said that the ICO is supportive of the government’s reforms as many of them are aspects where there has been confusion under the current law. On the other hand, the ICO recognises that many stakeholders have invested heavily in GDPR compliance and wish to avoid further changes.

Peter Church, Partner at Linklaters said that the government aimed at maintaining high standards, adequacy, and delivering deregulatory benefits. The proposals do well on the first two aspects but not on the third, he said. A radical reform would look odd in the context of the rest of the world that aims at meeting GDPR standards.

PL&B's Conference continues tomorrow.

See: GOV.UK - Data adequacy agreement in principle between the UK and Republic of Korea