Today, the Government is introducing the Data Protection and Digital Information Bill in the House of Commons. The Bill is being introduced after the Government published its response to the Data: A New Direction consultation on 17th June 2022.
We now have the opportunity to seize the benefits of Brexit and transform the UK’s independent data laws. We have designed these new updates to our data protection framework so it works in our interests, protects our citizens, and unburdens our businesses..
Through this Bill we will realise the opportunities of responsible data use whilst maintaining the UK’s high data protection standards. The EU does not require countries to have the same rules to grant adequacy, so it is our belief that these reforms are compatible with maintaining a free flow of personal data from the European Economic Area.
Our Bill will improve people’s lives in many different ways. Firstly, we are increasing fines for nuisance calls and texts that break the rules. Telecoms network providers will also be required to notify the ICO when they have reasonable grounds for believing that unsolicited direct marketing is occurring on their networks.
Reforms to the Privacy and Electronic Communications Regulations will also remove the need for cookie banner pop ups for low risk activities, such as audience measurement, so it’s easier for businesses to use information to improve their services. The Bill will also pave the way for the removal of irritating banners for other types of cookies when browser-based or similar solutions are sufficiently developed.
The Bill will bring some everyday physical processes into the 21st century. It will be easier and more secure to use digital identities, which give people more choice and greater security when they want to prove things about themselves online or via apps instead of with physical documents. We will improve government data sharing to improve public services for businesses, and the Bill will also update the way births and deaths are registered by clerks, moving from a paper based system to an electronic register used by officials.
Our reforms to data protection laws will mean that UK scientists are no longer needlessly impeded by overcautious, unclear rules on how they can use people’s personal data. We will simplify the legal requirements around research, which will provide scientists the clarity and confidence they need to get on with life enhancing and life saving research.
We are reducing the burdens on businesses that have held the UK back from the benefits of greater personal data use before now. By focussing on outcomes not box-ticking, we will unburden businesses from prescriptive requirements and empower them to protect personal data in the most proportionate and appropriate way. Our changes could create around £1 billion in business savings over ten years.
The Bill will sustain and scale the UK’s approach to supporting international data flows by capitalising on its independent status to strike partnerships with some of the world’s fastest growing economies. Reforms will ensure that the mechanisms to transfer personal data internationally are secure and flexible to help British businesses grow.
The structure and objectives of the Information Commissioner’s Office (ICO) will be modernised so that it remains an internationally renowned regulator, including increased investigatory powers to help it keep pace with changing practices. New strategic objectives will have an emphasis on economic growth and innovation, while ensuring the ICO continues to produce high-quality codes of practice, and has the flexibility to allocate its resources appropriately. The ICO will remain operationally independent while enabling the public and parliament to more effectively hold it to account through key performance indicators.
Reforms will also confirm that elected representatives may process general personal data where necessary for the purposes of democratic engagement activities. The intent is to allow MPs, councillors and political parties to undertake the democratic engagement activities they have done for decades (such as opinion surveys of local residents, and targeted letters to constituents), without the unnecessary complexity and confusion of the EU’s GDPR. This builds on measures in the Data Protection Act 2018 which received broad cross-party support at the time.
The Bill will improve the efficiency of data protection for law enforcement and national security partners – encouraging better use of personal data where appropriate to help protect the public. Our proposed reforms create greater consistency between general, law enforcement and national security data processing. They will provide agencies with clarity on their obligations, boosting the confidence of the public on how their data is being used. These changes are vitally important for the work of our law enforcement and national security agencies who process personal data in the public interest, to prevent crime and safeguard national security.
New information standards for IT products and services supplied to the health and adult social care sector will ensure these are interoperable to make it easier for staff to access the information they need to help their patients.
The powers included in the Bill allow Government departments to establish sector based Smart Data schemes with supporting regulation, to ensure consumer and business protection. This is the secure and consented sharing of customer data with authorised third-party providers. These approved providers then use this data to deliver innovative services for the consumer or business, such as automatic bank account switching. This saves time, money and effort for customers who can more easily find and choose better-suited deals.
This statement has also been made in the House of Lords