The draft Data Protection Bill (‘Bill’) has had its first and second readings in the House of Lords as part of the legislative process.

The Bill sets out the UK's derogations to the General Data Protection Regulation ('GDPR') as well as supplementing the GDPR with rules relating to the processing of personal data in the areas of law enforcement and national security. The Bill aims to ensure adequate and consistent data protection standards in the UK with Europe after Brexit. This is important to the UK in seeking an adequacy decision to facilitate cross-border transfers with Europe after the UK is no longer part of the EU.

The Bill includes new criminal offences such as altering, destroying or concealing information to be provided in a subject access request, and re-identifying de-identified personal data. It also lowers the age of consent for children on the processing of their personal data by information society services to 13.

The House of Lords at the second reading, whilst recognising the importance of updating the existing data protection laws, raised a number of concerns. These include concerns that after the UK is no longer part of the EU it will still struggle to obtain an adequacy decision as the Bill is not fully consistent with the GDPR and the EU may continue to update its policies on data protection without the UK’s input. The Lords also expressed concerns that the age of consent for children should be higher.

The Bill is now due to move on to the Committee Stage within the House of Lords.

Click here to read the current text of the Bill.

Click here (part 1) and here (part 2) to read the official record of the second reading of the Bill.