The shake-up of the UK’s data protection laws has been given priority over all other new legislation, with the second reading of the Bill scheduled for the first debate on MPs’ return from the summer recess, two weeks today.
The Data Protection & Digital Information Bill 2022-23 was introduced in the House of Commons in July and is intended to update and simplify the UK’s data protection framework, although experts believe it is more a case of tinkering with the existing legislation – now dubbed UK GDPR – rather than a complete overhaul.
Among ministers’ claims is that the reforms will benefit business, providing savings of up to £1bn and reducing the “burdens on businesses”. However, with exact details of how this will be achieved still not forthcoming, some maintain British businesses will actually be paying more under the new regime.
The Government also insists consumers will benefit by being better protected from the scourge of nuisance callers, with increased fines for breaches of the Privacy & Electronic Communications Regulations (PECR). It will also cut down on user consent pop-ups and banners.
In response, Mishcon de Reya senior data protection specialist Jon Baines has said that, despite best intentions, if enacted the reforms would still leave a patchwork of laws for companies to have to negotiate and comply with.
One thing which seems to be certain, however, is that the governance structure and powers of the Information Commissioner’s Office will see the biggest shake-up of the ICO since Eric Howe was appointed as the UK’s first Data Protection Registrar back in 1984.
The move is designed to mirror the governance structures of other regulators such as the Competition & Markets Authority, Financial Conduct Authority and Ofcom, which have a chairman and chief executive supported by an independent non-executive board.
The executive members will include a chief executive, appointed by the non-executive members, although they must consult the Secretary of State before the appointment is made.
Under the proposals, the ICO will be abolished and be replaced by the Information Commission, with commissioner John Edwards becoming the chairman. However, any chairman can only be in place for a maximum of seven years. His predecessor, Elizabeth Denham, served just over five years, prior to that, Christopher Graham was in office seven years.
In a blog post from law firm Latham & Watkins LLP, its data protection experts said: “While broad in scope, the proposals do not amount to a wholesale change in direction for UK data protection laws. Assuming the Bill is passed without amendment, the UK regime would largely build on the current EU GDPR-style framework, albeit with UK-specific provisions.
“The Bill’s provisions are likely to develop over the coming weeks and months as it progresses through the Parliamentary process. While it is unclear when a future act might be adopted, the legislative priorities of the future UK government — and the new Prime Minister — will be significant factors.”
Related stories
Firms ‘face higher costs, not savings, under data laws’
Govt claims business will save £1bn from new data laws
Data Reform Bill back on track in Tory leadership race
ICO regulatory masterplan barely raises an eyebrow
ICO vows to get tough on predatory calls and FoI mess
Axe data fines for charities, too, say agency chiefs
Industry claims victory as Data Reform Bill is revealed
ICO claims FoI is a priority as criticism of delays grows
ICO courts industry as John Edwards takes the reins
ICO says it has ‘limited resources’ to enforce kids code
Data reforms could lead to Govt meddling, ICO warns
Privacy group slams ‘bonfire of rights’ in data reforms
