MPs will have to wait a little longer to debate the controversial Data Protection and Digital Information Bill after its second reading in Parliament was postponed following the announcement of Liz Truss as the UK’s new prime minister.
The second reading had been due to take place today in the House of Commons, but Leader of the House Mark Spencer announced that it and other motions relating to the bill would not move due to the election of Truss as the new leader of the Conservative Party. She will formally take over as PM from Boris Johnson tomorrow.
“Following the election of the new leader of the Conservative Party, the business managers have agreed that the government will not move the second reading and other motions relating to the data protection and digital information bill today,” Spencer said.
Given that the climax of the Conservative leadership election has been scheduled for some months, the postponement came as something of a surprise. Less than 24 hours ago, the Department for Digital, Culture, Media and Sport (DCMS) released a statement saying the bill, the UK’s post-Brexit replacement for the EU’s GDPR, would be debated today, with digital secretary Nadine Dorries describing it as “one of Brexit’s biggest rewards”.
What is different about the new Data Protection and Digital Information Bill?
According to the announcement from DCMS, the Data Protection and Digital Information bill will “free businesses and researchers from GDPR’s one-size-fits-all approach”, and could unlock economic and scientific growth. It will also “modernise” the structure and objectives of the Information Commissioner’s Office (ICO), which includes appointing a chair, chief executive and board to ensure it remains a “leading regulator” for data.
Dorries was expected to tell the House of Commons that the Bill would enable the UK to build a “new independent” data regime: “Data is now fundamental to our economy and to our society, and we need to ensure we’re making the most of every opportunity it presents,” the culture secretary was expected to say.
“With this Bill, we will build a new, independent data regime, one that with a number of common sense changes, frees up our businesses and unlocks scientific and economic growth, while maintaining our high data protection standards.”
Content from our partners
Spencer told the House that not moving the second reading would allow “ministers to further consider this legislation”.
Camilla Winlo, head of data privacy at professional services consultancy Gemserv, said the legislation’s focus on flexibility to enable “data-driven innovation” is unlikely to change now Truss is in Number 10, but it is possible other areas of the bill could be amended.
“With a long road ahead through parliament, under what looks likely to be a drastically changed cabinet, it is possible that the bill may be amended before it is passed,” Winlo says.
A government spokesperson said: “The second reading of the Data Protection and Digital Information Bill has been postponed. The bill will continue its journey through the House of Commons in due course.”
New bill could mean organisations slip into ‘non-compliant’ positions
Critics of the new legislation have argued it waters down the powers of the ICO, introducing more oversight for the government at the expense of the data watchdog’s independence.
The removal of a requirement for a designated data protection officer (DPO) for many organisations has also attracted scrutiny. The Local Government Association (LGA) released a statement about the bill this weekend, saying that they were disappointed it will remove the requirement for a DPO and the need for data protection impact assessments.
“Although the proposal is now to replace this with a senior responsible individual, this is a person at senior management team level who would not have the time or experience to undertake much of what the data protection officer did,” says the statement. “We believe the statutory role of DPO is vital to ensuring that data protection obligations are met.”
The association added that removing the DPO would “degrade” the function performed by them, weaken the culture it has created and will allow “organisations to slip into non-compliant positions”.
