Site icon Bindmans

The future of UK Tech law – Data Privacy laws in the UK

close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept

It is party conference season for the political classes in the UK. For the uninitiated, this means bold policy statements and speeches setting out each party’s stall with the prospect of a general election on the not-too-distant horizon.

On Monday 4 October at the Conservative Party Conference, the Minister for Digital, Culture, Media & Sport (DCMS) took to the stage. In her speech, Michelle Donelan stated that the government would be ‘replacing GDPR with our own business and consumer-friendly, British data protection system’.

No prior warning had been given, nor further details provided to accompany this landmark announcement that the fundamentals of the UK’s current data protection regime since 2018 were about to be shaken up, possibly even placing the EU Commission’s adequacy decision in favour of the UK, which guarantees frictionless data transfers with the EEA, at risk.

The speech caused a stir in the privacy and tech community, not least because the statement seemed to conflict with legislation that the government was itself currently progressing through Parliament.

The Data Protection and Digital Information Bill

On 18 July 2022, the government introduced a Bill in the House of Commons, called the Data Protection and Digital Information Bill (DPDI). It amends (but does not replace) the UK’s current data protection and e-privacy regime, in particular the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations (PECR).

This Bill followed on from DCMS’s consultation on the future direction of data laws in the UK (Data: A New Direction), and it was intended to create an ‘ambitious, pro-growth and innovation-friendly data protection regime’.

The consultation was launched on 10 September 2021, therefore the DPDI had been progressed for over a year through consultation and Parliament (where it was on its second reading) before the announcement from the DCMS Minister on Monday night.

Key features of the Bill

There are a number of key features of the DPDI which are worth drawing attention to, including:

The future of the Bill (and of GDPR?)

It has been reported that DCMS confirmed work will be ‘paused’ on the DPDI for the government to rethink the provisions and revise the Bill. It is unclear whether any of the above provisions mooted in the original Bill will therefore be brought back before the House of Commons.

Alternatively, the intention may be to entirely repeal the underlying law (the GDPR) which the Bill was seeking to amend – as part of a ‘bonfire of regulations’ or otherwise.

However, it would be surprising if the amendments currently contained in the DPDI did not return in some form in a new, revised data protection bill – especially given that the aim of some of the provisions (e.g. new limited accountability requirements for controllers and processors, cookies consent through browser settings) were clearly intended to be ‘business and consumer friendly’ – aligning to the new DCMS Minister’s own aims.

Either way, the future of data protection law in the UK (and the ease of global data transfers to and from the UK to the many jurisdictions which have, or are planning, a GDPR-like law) hangs in the balance.  

The privacy and tech community will be watching eagerly for any indications of the future direction of the government.

Contact

For more information about our Data Protection and Cybersecurity team, visit our web page here.

Exit mobile version