View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
  2. Privacy and data protection
June 16, 2022updated 17 Jun 2022 11:25am

Data Reform Bill: updates to UK GDPR will ‘save £1bn in 10 years’

The UK's post-Brexit data regime will cut red tape without weakening data protection, government claims.

By Matthew Gooding

The UK government has revealed details of the upcoming Data Reform Bill, its proposed amendments to the country’s version of GDPR legislation. Proposed changes include new rules on web cookies, reforming data protection watchdog the Information Commissioner’s Office (ICO), and reducing compliance requirements for small businesses, which the government says will save £1bn over 10 years.

Trade body techUK, which represents technology suppliers, has welcomed the proposed reforms as an ‘evolution’, rather than a revolution, in UK data law.

The government has published details of the UK version of GDPR (pic: Lunamaria/iStock)

The Department for Digital, Culture, Media and Sport (DCMS) published its full response to the consultation on the Data Reform Bill on Friday morning, outlining its proposed reforms. It says these updates are focused on “outcomes to reduce unnecessary burdens on businesses”.

DCMS claims the reforms will not create significant additional compliance burdens. “Almost all organisations that comply with the UK’s current regime will comply with our future regime,” it said. “The limited number of new requirements are things that are already good or best practice and that many businesses already have in place.”

“Today is an important step in cementing post-Brexit Britain’s position as a science and tech superpower,” said culture secretary Nadine Dorries. “Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection.”

UK GDPR: What’s in the Data Reform Bill?

The Data Reform Bill proposes to remove the need for certain organisations, such as small businesses, to have a data protection officer and to undertake lengthy impact assessments. Organisations will still be expected to meet the same high data protection standards, the government says, but will have more flexibility to determine how they meet these standards. DCMS claims reducing this burden will save UK businesses £1bn over 10 years.

The requirement for researchers to obtain specific consent to use patient data in research will also be removed, and replaced with a broad consent process. For example, scientists will be able to rely on the consent a person has given for their data to be used for ‘cancer research’ as opposed to a particular cancer study.

Privacy and electronic communications regulations, which govern how websites collect data via cookies, will also be updated to cut down on the number of ‘user consent’ pop-ups and banners. The government wants internet users in the UK to be able set an overall approach to how their data is collected and used online, rather than having to opt in for each individual website they visit. This could be done via settings in the user’s browser, the consultation response says.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The set-up of the ICO will also be changed, with a chair, chief executive and a board introduced “to make sure it remains an internationally renowned regulator.” The bill will set out new strategic objectives for the ICO, as well as new ways for it to develop statutory codes and guidance.

Information commissioner John Edwards has given his backing to the changes, saying: “Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society. The proposed changes will ensure my office can continue to operate as a trusted, fair and impartial regulator, and enable us to be more flexible and target our action in response to the greatest harms.”

‘Evolution, not revolution’ on UK GDPR reform

Trade body techUK, one of the first groups to respond to the reforms, has welcomed the proposals. “When GDPR was introduced everyone recognised it wasn’t perfect, and probably not ready for things like the massive increase in data driven innovation we’ve seen,” said Neil Ross, head of policy at techUK. “But it was a really important evolution in consumer protection and gave businesses a great reference point.”

Ross added: “We’re happy with the reforms proposed, they help make GDPR clearer and more flexible without entirely ripping up the system in a way that would cost businesses a huge amount of money. This is an evolution rather than revolution approach which is very welcome.”

However, Ross said more clarity is required in some areas. “We want to see more detail on their AI policy,” he explained. “There are two strands to this; data protection, which is reasonably well dealt with here, and AI governance, which the government says will be brought forward in a white paper towards the end of the year. Businesses really need to see a clear direction on this as soon as possible.”

More detail is also needed on the policy around cookies, Ross said. “We need to know how this will work in practice,” he says. “There are questions about how widely available the technology is to implement an opt-out system, and whether this would give the company running your browser or operating system undue influence over the market.”

Earlier this week, critics of the reforms warn they would weaken the control that citizens have over their data, particularly those from minority groups. As reported by Tech Monitor, a group of 30 civil society organisations wrote to DCMS this week to express their displeasure at being “excluded” from the consultation for the data reform bill, describing the process as “rigged”. DCMS denies this claim.

Read more: Data Reform Bill consultation ‘rigged’ say civil rights groups

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.