The Department for Culture, Media & Sport has confirmed plans to present the Data Protection Bill to Parliament as soon as MPs return in early September, effectively copying GDPR into the UK statute book.
The Bill – first announced in the Queen’s Speech in June – is aimed at ensuring the UK retains the same data protection laws as the rest of the EU following Brexit.
Details of what extra protection will be included in the Bill – as well as what exemptions to UK will push for – have been not been disclosed, other than the measures already included in GDPR.
However, the Government has confirmed that new criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.
It also said that the reliance on default opt-out or pre-selected ‘tick boxes’, to give consent for organisations to collect personal data “will also become a thing of the past.”
Matt Hancock, Minister of State for Digital, said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”
The CBI, Tech UK and the DMA have all welcomed the move, insisting it will help the UK thrive.
CBI innovation director Tom Thackray said: “In the modern economy, data has huge value and its innovative use leads to better services and more productive businesses.
“But firms know that this ability to innovate is dependent on customers having confidence that their information is well protected. This legislation strikes the right balance in improving standards of protection while still enabling businesses to explore new products and services.”
And TechUK chief executive Julian David added: “This statement of intent is an important and welcome first step in that process. techUK supports the aim of a Data Protection Bill that implements GDPR in full, puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations.”
Meanwhile, DMA director of external affairs Mike Lordan said: “The new rules will modernise the way companies collect, share and use personal data. Organisations will need to change how they approach their data-driven marketing in order to be more transparent, more secure and more accountable.
“The new legislation also gives consumers more control over their data, which companies need to address as fines for breaches will be severe. But businesses should not view these new laws as shackles inhibiting innovation, but as opportunities to better serve customers in new and exciting ways.”
The Bill’s first reading is expected next month; but the real debate over the measures – which will start with its second reading – will not kick off until after the party conferences in October.
Industry backs new UK data laws but calls for dialogue
DPN joins calls for more urgency over GDPR guidance
UK bodies publish GDPR ‘legitimate interests’ guidance
GDPR fears mount over delay to ICO consent guidance
ICO insists GDPR guidance will cover legitimate interest
John Lewis and HSBC slam ‘ambiguous’ GDPR guidance
Lack of GDPR guidance fuels fears over bombardment
ICO rebuffs GDPR guidance failings despite RNLI rethink
Industry on alert over third-party data legal crackdown
DMA joins forces in bid to demystify legitimate interests
GDPR consent updates spark chilling warning to brands