Cordery

Legal.Compliance.

UK Government Puts Forward Revised Data Protection Reform Bill

Introduction

Last year the United Kingdom government introduced a legislative proposal to change the UK privacy/data protection regime (which essentially consists of UK GDPR, PECR [E-Privacy rules] and the Data Protection Act 2018). Parliamentary work on this draft legislation was then put on hold and the UK government has now “reintroduced” the draft legislation, with changes. This article briefly looks at this development.

What is the Bill about?

Today the UK government introduced to the UK Parliament the “Data Protection and Digital Information (No. 2) Bill” (“the Bill”).

Work on the previous draft legislation was paused so that government ministers could engage in a so-called “co-design process” with business leaders and data experts to try and ensure that the proposed new UK data protection regime builds on the UK’s existing data protection standards and aims to ensure so-called “data adequacy” whilst moving away from what the UK government terms the EU GDPR “one-size-fits-all” approach.

According to the UK government, the Bill is a “common-sense-led UK version of the EU’s GDPR [which] will reduce costs and burdens for British businesses and charities, remove barriers to international trade and cut the number of repetitive data collection pop-ups online.” The Bill aims “to cut down pointless paperwork for businesses and reduce annoying cookie pops-up [sic]”.

According to the UK government, the Bill will:

  • “Introduce a simple, clear and business-friendly framework that will not be difficult or costly to implement – taking the best elements of GDPR and providing businesses with more flexibility about how they comply with the new data laws;
  • Ensure our new regime maintains data adequacy with the EU, and wider international confidence in the UK’s comprehensive data protection standards;
  • Further reduce the amount of paperwork organisations need to complete to demonstrate compliance;
  • Provide organisations with greater confidence about when they can process personal data without consent;
  • Increase public and business confidence in AI technologies by clarifying the circumstances when robust safeguards apply to automated decision-making;
  • [B]uild on the high standards we already have for personal data use, strengthening and modernising the regulator (the Information Commissioner’s Office) by making sure it has the capabilities and powers to tackle organisations who breach data rules – giving it the freedom to better allocate its resources; and,
  • [R]educe burdens by enabling businesses to continue to use their existing cross-border transfer mechanisms if they are already compliant.

What’s next?

The Bill is at the second reading stage and will now be debated by Parliament following which it can be expected that amendments will be proposed to the Bill.

What are the takeaways?

Much of the Bill overall seems to be about seeking to make clarifications. Whilst certain clarifications may be welcome (given the difficulties in interpreting some aspects of the existing data protection regime) whether the final legislation will deliver on making (claimed) substantive changes (such as getting rid of so-called Data Protection Representatives) rather than consisting in the end of a major tweaking exercise will have to be seen.

Whatever the final outcome, international organisations that have devoted much work, time and resources trying to ensure compliance with both the existing UK GDPR and EU GDPR may find that there is more work for them to do on the UK side of things (such as with regard to work to be done on the so-called “Senior Responsible Individual” or “Records of Processing”).

In any event, organisations should keep track of the Bill’s progress in order to be able plan ahead for any changes that they may eventually need to make to their UK data protection compliance.

More information

We have previously reported on plans to reform the UK data protection rules here https://www.corderycompliance.com/changes-uk-dp-regime-3/, here  https://www.corderycompliance.com/uk-dp-regime/ and here https://www.corderycompliance.com/ukgov-ukdpr/.

We report about data protection issues here: https://www.corderycompliance.com/category/data-protection-privacy/.

The “Data Protection and Digital Information (No. 2) Bill” can be found here https://bills.parliament.uk/bills/3430.

For more about GDPR please also see our GDPR FAQs which can be found here:  http://www.corderycompliance.com/eu-data-protection-regulation-faqs-3/ and our Data Protection Glossary which can be found here: http://www.corderycompliance.com/?s=glossary.

For more information please contact André Bywater or Jonathan Armstrong who are lawyers with Cordery in London where their focus is on compliance issues.

Jonathan Armstrong, Cordery, Lexis House, 30   Farringdon Street, London, EC4A 4HH André Bywater, Cordery, Lexis House, 30             Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 075 1784 Office: +44 (0)207 075 1785
Jonathan.armstrong@corderycompliance.com Andre.bywater@corderycompliance.com

 

Contact a Cordery Specialist +44(0)207 118 2700 | Contact Us

Cordery is a trading name of Cordery Compliance Limited. Authorised and regulated by the Solicitors Regulation Authority.
SRA number 608187. Company number 07931532 registered in England and Wales. VAT number: 730859520
Registered office: Lexis House, 30 Farringdon Street, London, EC4A 4HH, United Kingdom

Cordery Compliance Limited trading as Cordery provides some products and services which are not regulated by the Solicitors Regulation Authority; we will clearly state this to you if this is the case.

We use the word “partner” to refer to a shareowner or director of the company, or an employee or consultant who is a lawyer with equivalent standing and qualifications.

Cordery is a registered trademark of RELX (UK) Limited, used under license. The Knowledge Burst logo is a registered trademark of Reed Elsevier Properties Inc., used under license.

Copyright © 2021 Cordery. All rights reserved.