The UK government has revealed intentions to create a new Data Reform Bill, which will differ from the General Data Protection Regulation (GDPR) and Data Protection Act of the European Union.
The announcement [pdf] regarding the new bill was made on Tuesday during the Queen’s Speech at the Opening of Parliament. However, this year, the Queen did not attend for health reasons, and the government’s agenda was presented by Princes Charles and William.
“The United Kingdom’s data protection regime will be reformed,” Prince Charles said.
The new Data Reform Bill aims to reform the United Kingdom’s existing data protection system, potentially causing substantial revisions to the UK GDPR and Data Protection Act.
The government has said earlier that it intends to use Brexit to overhaul “highly complex” data protection rules inherited from the EU.
The revisions are part of a larger package of legislative changes aimed at maximising the benefits of Brexit, including the ability for the UK Parliament to diverge from areas of laws previously regulated by the EU.
The Data Reform Bill follows the Government’s Consultation Paper on Reforms to the UK Data Protection Regime – ‘Data: A New Direction’ – which was released in September last year.
The new bill, according to the government, will simplify data-protection legislation and reduce red tape, easing the burden on companies by establishing a more flexible, outcomes-focused approach and bringing clearer guidelines surrounding personal data usage.
This is considered as a step forward from present legislation, which is said to encourage “excessive paperwork.”
While detailed proposals have not been made public, it has been reported that the web cookie consent banners that display when visiting a website may be removed as part of the revisions.
The measures also include ideas to modernise the UK’s data watchdog, the Information Commissioner’s Office (ICO), to ensure that it has the resources and authority to take tough action against companies that break privacy regulations.
The draught bill is expected to be released this summer.
The EU GDPR is presently the basis for UK data privacy legislation, but the government has indicated on several occasions that it wishes to dilute several of its provisions.
This includes replacing GDPR Article 22, which protects individuals’ right not to be subjected to decisions based solely on automated processing, as well as Article 5, which requires personal data collection to be limited to specific, explicit, and legitimate purposes, and to be adequate, relevant, and limited to what is required.
Rafi Azim-Khan, the head of data privacy at law firm Pillsbury, said the government’s intentions for data reform were not surprising, although he warned against a substantial deviation from EU legislation, which might jeopardise the UK’s EU data adequacy ruling.
Last year, the non-profit advocacy group Open Rights Group (ORG) said that the government was planning to water down people’ data protections.
The ORG said that the government was looking to undermine individual data protection rights as well as accountability and transparency into how personal data is used by businesses and government agencies.
The government was vague on another technology issue: the regulation of big tech.
Earlier reports said it was about to abandon plans to give the regulator the Competition and Markets Authority powers to fine large technology companies for breaches of the competition rules and that it had been removed the provision from the Queen’s Speech, while later it was reported that the UK would align with Europe on the issue and bolster the Digital Markets Unit (DMU), a division of the CMA, and enable it to punish technology platforms for transgressions.
In the event, it delayed the decision, saying a draft version of the Digital Markets, Competition and Consumer Bill will be published during the course of the parliament.
