Government introduces new data bill in Parliament

As we were going to print, the government introduced the Data (Use and Access) Bill in the House of Lords on 23 October. The Data Bill amends the UK GDPR and the 2018 Data Protection Act on certain aspects of individual rights, purpose limitation, scientific research and automated decision-making. But it does not propose changes to the accountability framework (for example the Data Protection Officer role and requirements for Data Protection Impact Assessments) that were put forward in the previous government’s Data Protection and Digital Information Bill.

The Bill will legislate on digital verification services that will be delivered against the government’s trust framework of standards. It will also modernise the ICO’s structure and add to its enforcement powers. The ICO will be able to compel witnesses to answer questions with respect to any matter relevant to an investigation. The Information Commissioner’s Office is to become a body corporate and will be called the Information Commission, and it will be required to issue an Annual Report on its regulatory action.

The 250+ page Data Bill covers many new subjects of immediate interest to the private and public sectors. PL&B has organised an in-person event in London to hear about the details of this Bill.

In this issue, we report on the ICO’s provisional decision that it would fine a processor. Is this a new trend, our correspondents ask? The ICO is becoming more selective to be more effective. As explained by Information Commissioner John Edwards at the ICO’s Annual DPO Conference, it has stepped up its enforcement effort to catch the biggest fish, ideally before non-compliance even takes place.

Laura Linkomies
Editor, Privacy Laws & Business

November 2024

Previous

Contents

Next