The UK’s proposed new data laws, the Data Protection and Digital Information Bill, is set to be debated by MPs today. While culture secretary Nadine Dorries has hailed the bill, which is designed to replace the EU’s GDPR, as “one of Brexit’s biggest rewards”, critics say it threatens the independence of data watchdog the Information Commissioner’s Office (ICO), and could put the agreement that allows data to flow freely by Europe and Britain at risk.
Introduced as part of the Queen’s Speech earlier this year, the bill will get its second reading in Parliament when the House of Commons re-opens after summer recess later today.
What’s in the Data Protection and Digital Information Bill?
The Data Protection and Digital Information Bill promises a more flexible regime for businesses. Certain organisations, including small businesses, will no longer need a dedicated data protection officer, and will have more control over how they reach and maintain data protection standards.
Scientists and researchers will be able to use patient data more freely, with a consent process covering broad types of research replacing the GDPR requirement to obtain specific consent from patients about how their data is deployed.
Privacy and electronic communications rules, which dictate how websites collect data via cookies, will also be changed to cut down on the number of ‘user consent’ pop-ups and banners greeting internet users, while the Information Commissioner’s Office (ICO) will be governed by a new board of directors.
What does the government say about the Data Protection and Information Bill?
Claiming the changes in the bill will save businesses £1bn over the next decade, Dorries said the new legislation will bring an end to “prioritising process over results”.
In a speech to the House of Commons, she is expected to say: “With this Bill, we will build a new, independent data regime. One that with a number of common-sense changes, frees up our businesses and unlocks scientific and economic growth, while maintaining our high data protection standards.
“This data Bill is one of Brexit’s biggest rewards. It allows us to create a pro-growth, trusted system – one that is designed not for Brussels, but for the people of the UK.”
New data bill could “codify cronyism”
However, not everyone is as positive about the Data Protection and Digital Information Bill. As reported by Tech Monitor, the Open Rights Group was critical of the consultation process which led to the new legislation being drawn up, publishing a letter signed by 30 other civil society groups describing the process as “rigged” and saying that their views had not been taken into consideration.
The group believes the impact of the new laws of the role of the ICO will be detrimental. Speaking to Tech Monitor in June, Mariano delli Santi, legal and policy officer at the Open Rights Group, said the bill “will codify cronyism into law.” He explained: “The secretary of state is being given the power to arbitrarily amend the Commissioner’s salary, issue ‘a statement of priorities’ to their office, and vetoing the adoption of statutory codes and guidance, thus exposing the ICO to political direction, corporate capture and corruption.”
Others have raised fears that the move away from GDPR could threaten the data adequacy agreement between the UK and the EU, which allows businesses in Britain and Europe to share information.
However, Pete Church, counsel in the data team at law firm Linklaters, said the proposed changes are unlikely to threaten the agreement as the government has “opted for incremental reform of the current framework.” He added: “This is hardly a surprise given data protection laws are now a global norm and the GDPR is the template upon which many of those laws are based.
“This is good news for data flows between the EU and the UK, as these more modest reforms mean the EU Commission is less likely to revoke the UK’s adequacy finding, which would have caused significant disruption.”