UK Bill lost in the data jungle?

The recent weeks’ comings and goings within government have left me astonished. However, for data protection purposes, Michelle Donelan returns as Secretary of State for the Department for Digital, Culture, Media and Sport (DCMS), and Julia Lopez was reappointed to her Minister of State role at the DCMS, both of them representing policy continuity.

We expect to see the Data Protection and Digital Information Bill (DPDI) reintroduced in Parliament before the year end and hopefully there will also soon be a declaration of UK-US adequacy for data flows.

What can we now expect in the longer term? In his detailed analysis of the Bill, Professor David Erdos (Professor of Law and the Open Society; Co-Director, Centre for Intellectual Property and Information Law) at the University of Cambridge says that in some way, this is a missed opportunity for a more substantial reform. It must be remembered that the government’s original proposals were much more radical than what was eventually in the Bill.

“The DPDI Bill augments the existing powers included in section 16 of the Data Protection Act 2018 to grant the Government further powers to amend both data protection and e-privacy instruments under statutory instrument. This, alongside the relevant nascent stage of post-Brexit developments, may indicate that the direct changes set out in this Bill may simply be a first stage in UK data protection reform1,” Erdos writes.

The reform will mean changes for the ICO in terms of powers and structure. Also important in the regulatory ecosystem is the Digital Regulation Cooperation Forum, where the ICO is a member together with the Competition and Markets Authority, the Office of Communications and the Financial Conduct Authority. The group aims to deliver coherent approaches to digital regulation and an avoidance of double jeopardy, sanctions from two or more regulators for the same offence. This year’s priorities are, for example, to monitor the effectiveness of Google’s commitments made about its Privacy Sandbox proposals (separate from the ICO’s sandbox) and to ensure close collaboration in relation to Apple’s App tracking transparency requirement and intelligent tracking prevention.

In the fines for Easylife, the ICO stresses harm caused to vulnerable people by nuisance calls. Specific risks to vulnerable groups was also a topic discussed at the Global Privacy Assembly in Turkey, which Stewart Dresner and I attended at the end of October.

Laura Linkomies
Editor, Privacy Laws & Business

November 2022