UK Government Introduces New Data Protection Bill

Tom Jowitt,
Linkedin
government parliament big ben public sector clouds bird © Samot Shutterstock

Britain makes fresh attempt to reform its data protection law, to ease compliance burden for UK businesses, yet remain in step with EU laws

The UK Government has introduced its new Data Protection and Digital Information Bill that could potentially put it at odds with European data protection regulators.

The government on Wednesday introduced the new data laws by technology secretary Michelle Donelan, and said it was an effort to cut down pointless paperwork for businesses, reduce annoying cookie pops-up, but at the same time remain in step with EU data protection laws.

It was back in August 2021 when the UK had first stated its intention to overhaul the UK’s privacy and data protection rules, as it sought to establish global data partnerships also with countries outside the European Union, such as the United States, Australia and Republic of Korea.

ICO, data protection, GDPR

Data Protection and Digital Information Bill

One of the government’s aims was to end red tape and the bane for many web surfers at the moment, namely the highly annoying and frequent cookie pop-ups when a person is browsing multiple websites.

It comes as the UK seeks to establish its own data protection and privacy stance, thanks to its ability negotiate agreements by itself, in a post Brexit world.

In June 2021 European Union officially recognised the UK’s data protection standards, after more than a year of constructive talks

The UK’s Data Protection and Digital Information Bill announced this week was actually first introduced last summer and paused in September 2022 so ministers could engage in a co-design process with business leaders and data experts.

This process was to ensure the new regime would maintain “the UK’s high standards for data protection and privacy, and seeks to ensure data adequacy while moving away from the ‘one-size-fits-all’ approach of European Union’s GDPR.”

Specific aims

So what exactly is the new improved bill proposing?

  • Introduce a simple, clear and business-friendly framework that will not be difficult or costly to implement – taking the best elements of GDPR and providing businesses with more flexibility about how they comply with the new data laws
  • Ensure the UK’s new regime maintains data adequacy with the EU, and wider international confidence in the UK’s comprehensive data protection standards
  • Further reduce the amount of paperwork organisations need to complete to demonstrate compliance
  • Support even more international trade without creating extra costs for businesses if they’re already compliant with current data regulation
  • Provide organisations with greater confidence about when they can process personal data without consent
  • Increase public and business confidence in AI technologies by clarifying the circumstances when robust safeguards apply to automated decision-making.

The government said that today’s data reforms are expected to unlock £4.7 billion in savings for the UK economy over the next 10 years and maintain the UK’s data protection standards so businesses can continue to trade freely with global partners, including the EU.

Easier to understand

“Co-designed with business from the start, this new Bill ensures that a vitally important data protection regime is tailored to the UK’s own needs and our customs,” explained science, innovation and technology secretary Michelle Donelan.

“Our system will be easier to understand, easier to comply with, and take advantage of the many opportunities of post-Brexit Britain,” said Donelan. “No longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR.”

“Our new laws release British businesses from unnecessary red tape to unlock new discoveries, drive forward next generation technologies, create jobs and boost our economy,” Donelan added.

Other provisions of the new bill is the intention to increase fines for nuisance calls and texts to be either up to four percent of global turnover or £17.5 million, whichever is greater; alongside the goal to reduce the number of consent pop-ups people see online, which allow websites to collect data about an individual’s visit.

The Bill will also establish a framework for the use of trusted and secure digital verification services, which allow people to prove their identity digitally if they choose to do so. The measures will allow customers to create certified digital identities that make it easier and quicker for people to prove things about themselves, the government stated.

It also said the Bill will strengthen the Information Commissioner’s Office (ICO) through the creation of a statutory board with a chair and chief executive, so it can remain a world-leading, independent data regulator.

Welcomed development

“I welcome the reintroduction of the Data Protection and Digital Information Bill and support its ambition to enable organisations to grow and innovate whilst maintaining high standards of data protection rights,” said John Edwards, UK Information Commissioner.

“Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society,” said Edwards.

“The Bill will ensure my office can continue to operate as a trusted, fair and independent regulator. We look forward to continuing to work constructively with the Government to monitor how these reforms are expressed in the Bill as it continues its journey through Parliament.”

The UK government decision to update its data protection laws was also welcomed by Chris Combemale, chair of the DPDI Business Advisory Group, and CEO of the Data & Marketing Association (DMA UK).

“We are confident that DPDI should act as a catalyst for innovation and growth, while maintaining robust privacy protections across the UK – an essential balance which will build consumer trust in the digital economy,” noted Combemale.

“Attracting and retaining customers and donors is a fundamental legitimate interest of businesses and charities, so we are delighted the government has acknowledged this in the reforms to help drive innovation and growth,” said Combemale.

“The DMA has collaborated with the government throughout the Data Protection and Digital Information Bill (DPDI)’s development to champion the best interests of both businesses and their customers,” Combemale added.

“We were well placed to advise on these developments over the past two years through our strong relations with UK businesses and government,” said Combemale. “It was important to our community that we focused reforms on the needs of both businesses and their customers to ensure the right balance was achieved for all.”

“Therefore, it was essential for the Bill to safeguard the key ethical principles of existing laws while clarifying areas of confusion and simplifying onerous administrative burdens on small businesses,” Combemale concluded.