View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
  2. Privacy and data protection
September 5, 2022updated 31 Oct 2022 12:13pm

Could Liz Truss change the UK’s new data laws after parliamentary debate is postponed?

Less than 24 hours after it was announced, a debate on the UK's GDPR replacement was postponed. Are changes afoot?

By Sophia Waterfield

MPs will have to wait a little longer to debate the controversial Data Protection and Digital Information Bill after its second reading in Parliament was postponed following the announcement of Liz Truss as the UK’s new prime minister.

The second reading had been due to take place today in the House of Commons, but Leader of the House Mark Spencer announced that it and other motions relating to the bill would not move due to the election of Truss as the new leader of the Conservative Party. She will formally take over as PM from Boris Johnson tomorrow.

Data bill - image of Nadine Dorries MP at the cost of living telecoms meeting.
Nadine Dorries was expected to move the second reading of the Data Bill today, but it has been postponed. (Photo courtesy of DCMS)

“Following the election of the new leader of the Conservative Party, the business managers have agreed that the government will not move the second reading and other motions relating to the data protection and digital information bill today,” Spencer said.

Given that the climax of the Conservative leadership election has been scheduled for some months, the postponement came as something of a surprise. Less than 24 hours ago, the Department for Digital, Culture, Media and Sport (DCMS) released a statement saying the bill, the UK’s post-Brexit replacement for the EU’s GDPR, would be debated today, with digital secretary Nadine Dorries describing it as “one of Brexit’s biggest rewards”.

What is different about the new Data Protection and Digital Information Bill?

According to the announcement from DCMS, the Data Protection and Digital Information bill will “free businesses and researchers from GDPR’s one-size-fits-all approach”, and could unlock economic and scientific growth. It will also “modernise” the structure and objectives of the Information Commissioner’s Office (ICO), which includes appointing a chair, chief executive and board to ensure it remains a “leading regulator” for data.

Dorries was expected to tell the House of Commons that the Bill would enable the UK to build a “new independent” data regime: “Data is now fundamental to our economy and to our society, and we need to ensure we’re making the most of every opportunity it presents,” the culture secretary was expected to say.

“With this Bill, we will build a new, independent data regime, one that with a number of common sense changes, frees up our businesses and unlocks scientific and economic growth, while maintaining our high data protection standards.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Spencer told the House that not moving the second reading would allow “ministers to further consider this legislation”.

Camilla Winlo, head of data privacy at professional services consultancy Gemserv, said the legislation’s focus on flexibility to enable “data-driven innovation” is unlikely to change now Truss is in Number 10, but it is possible other areas of the bill could be amended.

“With a long road ahead through parliament, under what looks likely to be a drastically changed cabinet, it is possible that the bill may be amended before it is passed,” Winlo says.

A government spokesperson said: The second reading of the Data Protection and Digital Information Bill has been postponed. The bill will continue its journey through the House of Commons in due course.”

New bill could mean organisations slip into ‘non-compliant’ positions

Critics of the new legislation have argued it waters down the powers of the ICO, introducing more oversight for the government at the expense of the data watchdog’s independence.

The removal of a requirement for a designated data protection officer (DPO) for many organisations has also attracted scrutiny. The Local Government Association (LGA) released a statement about the bill this weekend, saying that they were disappointed it will remove the requirement for a DPO and the need for data protection impact assessments.

“Although the proposal is now to replace this with a senior responsible individual, this is a person at senior management team level who would not have the time or experience to undertake much of what the data protection officer did,” says the statement. “We believe the statutory role of DPO is vital to ensuring that data protection obligations are met.”

The association added that removing the DPO would “degrade” the function performed by them, weaken the culture it has created and will allow “organisations to slip into non-compliant positions”.

Read more: Will new UK data laws put adequacy agreement with EU at risk?

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.