UK: Data Protection and Digital Information Bill introduced in Parliament
The Department for Science, Innovation and Technology announced, on 8 March 2023, the introduction of the Data Protection and Digital Information (No. 2) Bill ('the Bill'), which passed its first reading in the House of Commons on the same day. In particular, the Department noted that the Data Protection and Digital Information Bill ('the No. 1 Bill') was first introduced on 18 July 2022 and paused in September 2022 in order for ministers to engage in a co-design process with business leaders and data experts. Notably, Parliament has simultaneously withdrawn the No. 1 Bill, on 8 March 2023.
Moreover, the Department emphasised that the Bill would:
- introduce a simple, clear, and business-friendly framework that will not be difficult or costly to implement, taking the best elements of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), and providing businesses with more flexibility about how they comply with the new data laws;
- ensure that the new regime maintains data adequacy with the EU, and wider international confidence in the UK's comprehensive data protection standards;
- further reduce the amount of paperwork organisations need to complete to demonstrate compliance;
- support even more international trade without creating extra costs for businesses if they are already compliant with current data regulation;
- provide organisations with greater confidence about when they can process personal data without consent; and
- increase public and business confidence in artificial intelligence ('AI') technologies by clarifying the circumstances when robust safeguards apply to automated decision-making.
Further to this, the Department informed that the Bill revisits the definition of scientific research, which is non-exhaustive, to clarify that commercial organisations will benefit from the same freedoms as academics to carry out innovative scientific research, such as making it easier to reuse data for research purposes. Additionally, the Department announced that the Bill ensures businesses can continue to use their existing international data transfer mechanisms to share personal data overseas if they are already compliant with current UK data laws.
Furthermore, Science, Innovation and Technology Secretary, Michelle Donelan, informed that, "[…] Alongside these new changes, the Bill will increase fines for nuisance calls and texts to be either up to four per cent of global turnover or £17.5 million, whichever is greater, and aims to reduce the number of consent pop-ups people see online, which allow websites to collect data about an individual's visit. The Bill will also establish a framework for the use of trusted and secure digital verification services, which allow people to prove their identity digitally if they choose to do so. The measures will allow customers to create certified digital identities that make it easier and quicker for people to prove things about themselves. The Bill will strengthen the Information Commissioner's Office [('ICO')] through the creation of a statutory board with a chair and chief executive, so it can remain a world-leading, independent data regulator and better support organisations to comply with data regulation".
In addition, the Department noted that the Information Commissioner, John Edwards, welcomed the Bill and supports its ambition to enable organisations to grow and innovate, whilst maintaining high standards of data protection rights.