Today, through the Queen’s Speech, the UK Government has set out its legislative program for the next Parliamentary term. The speech outlined 38 proposed laws, including the Data Reform Bill.
The introduction of the Data Reform Bill will reform the UK’s current data protection framework, bringing in potentially significant changes to the UK GDPR and Data Protection Act. The reforms are part of a wider package of legislative change designed to maximise the benefits of Brexit, with the freedom for UK Parliament to deviate from areas of law previously regulated by the EU.
The Data Reform Bill follows the Government’s Consultation Paper on Reforms to the UK Data Protection Regime – ‘Data: A New Direction’ (“Consultation Paper”). The Consultation Paper was published in September last year (see our previous blog post) and identifies five main areas for regulatory reform, including:
- supporting digital innovation in key growth areas, such as scientific research and AI, including an “adaptable and dynamic set of rules that are flexible enough to be interpreted quickly and clearly in order to fit the fast-changing world of data-driven technologies”;
- reducing the regulatory burden of compliance for business, including: removing certain prescriptive elements from the current legislation, such as the requirement to undertake Data Protection Impact Assessments; adopting a more flexible approach to record keeping; improving the data subject access regime; and changing some of the pop up rules relating to cookies;
- reducing barriers to international data flows, through a more flexible approach to adequacy decisions and approval of alternative transfer mechanisms;
- reforms to the flow of data within the public sector; and
- reforms to the status and powers of the ICO.
The consultation process closed in November last year. Today’s Queen’s Speech is the next formal step in the legislative process with publication of a Bill now likely in the summer.
Whilst we await with interest full details of the final proposals in the Bill, the direction of travel is clear – UK business should expect further changes to the privacy regime in the near term, focused on new rules designed to secure digital enabled growth, within a robust regulatory environment.
Please get in touch with any member of the UK data protection team if you have any questions.