New UK DP Bill starts its ­passage in Parliament

As we are going to print, the Data Protection and Digital Information Bill was due to have its second reading at the House of Commons. Some of the original proposals have been dropped, but new ones have emerged. A completely new area has been added to the Bill, namely digital verification services. This makes sense from the point of view of enabling the use of digital identities with confidence, but for those used to navigating the UK GDPR and the Data Protection Act 2018, additional change may be unwelcome.

Much of the proposed reform concentrates on the existing accountability framework, which the government sees as burdensome. Many of the changes would affect the day-to-day work of DPOs; even their own status is threatened by the proposals.

There are changes to come in the field of the Privacy and Electronic Communications Regulations (PECR), for example on banners and cookie pop-ups. PECR fines would be elevated to GDPR levels.

The government also seeks to win companies’ approval in terms of scientific research and AI. Unlike the EU, the UK is not, at the moment, legislating on AI. The Bill proposes to widen the concept of scientific research. Read our correspondents’ analysis of the proposed changes in the articles:

The DCMS says that the reform is “evolution rather than revolution”. However, much depends on whether all these proposals are adopted. In the worst case, UK’s EU adequacy decision could be threatened.

The question about the UK’s own adequacy decisions is an interesting one. PL&B has organised a Roundtable in London on 3 October so that you can learn from the DCMS about the proposed future framework for international transfers from the UK, and put your questions to the speakers from that department who have been drafting the Bill’s clauses and advising the Data Minister.

Laura Linkomies
Editor, Privacy Laws & Business

September 2022