In the Queen’s Speech, the government has announced plans to reform UK data protection law. The stated aim is to create a bold data regime that allows UK businesses to take advantage of the power of data in a responsible way. The sub-text is that the UK wants to jettison some the GDPR’s red tape – so all eyes will be on the EU’s reaction. For international businesses, this could mean that the UK becomes a sandbox for innovative data uses, but – for businesses that want a one-size-fits-all approach to privacy compliance – there’s likely to be little respite from the GDPR.
The purpose of the Bill
The purpose of the Data Reform Bill follows the strategic focus of the 2021 DCMS Consultation ‘Data: A New Direction’.
- Create a new pro-growth and trusted UK data protection framework - securing the UK’s status as a global leader, building public trust in data security while allowing scientific and technological innovation to continue.
- Modernise the ICO – to ensure that the ICO has the power to take appropriate action against organisations that breach data rights.
- Increase industry participation in Smart Data Schemes - systems through which consumers and businesses can choose to share their data easily and securely to authorised third parties, which can then be used by service providers to provide innovative services.
What can we expect
- A simpler regime for businesses - We may see a consolidation or simplification of requirements currently imposed under the UK GDPR and Data Protection Act 2018. The main benefit of the Bill would be to increase competitiveness and efficiencies of UK businesses by reducing the burdens they face. The government’s Lobby Pack, released on Wednesday 11 May, provides commentary on the current UK GDPR and DPA 2018, calling it “highly complex and prescriptive”. The Bill aims to reduce that.
- New grounds of lawful processing for data-powered science and technology - It will become easier to use data for research. There is a specific focus on simplifying the rules around research to cement the UK’s position as a science and technology superpower.
- Reform of the Information Commissioner’s Office - The ICO’s commitments will change from handling a high volume of low-level complaints, towards upholding data rights and encouraging trustworthy and responsible data use. This will allow the ICO to take a risk-based and proactive approach to its regulatory activities in line with best practice of other regulators, both in and out of the UK.
So what is next?
The proposed Bill shows a clear direction of the UK government on data: it is a valuable commodity for the economy. Data protection should be maintained, but the protection must not hinder innovation and research.
While the proposed changes will be welcomed by many businesses burdened by the requirements of the current data protection regime, it is unclear how much the Bill will actually help international businesses given the geographical scope of the proposed Bill.