UK government to introduce new Data Reform Bill
Bill intends to overhaul GDPR, while big tech regulation kicked into the long grass
The Government has announced its intent to create a new Data Reform Bill, which will differ from the European Union's General Data Protection Regulation (GDPR) and Data Protection Act.
The announcement [pdf] was made by Prince Charles - standing in for the Queen, who didn't attend due to health reasons - on Tuesday, during the Queen's Speech at the Opening of Parliament.
"The United Kingdom's data protection regime will be reformed."
The Data Reform Bill aims to overhaul the UK's existing data protection system, potentially causing substantial revisions to the GDPR and Data Protection Act.
The Government has previously said that it intends to use Brexit to overhaul 'highly complex' data protection rules inherited from the EU.
The revisions are part of a larger package of legislative changes aimed at 'maximising the benefits of Brexit', including the ability for Parliament to diverge from areas of laws previously regulated by the EU.
The Data Reform Bill follows the Government's Consultation Paper on Reforms to the UK Data Protection Regime - 'Data: A New Direction' - which was released in September last year.
The new bill will aim to simplify data-protection legislation and reduce red tape. The Government claims this will ease the burden on companies by establishing a more flexible, outcomes-focused approach and bringing clearer guidelines around personal data usage.
While detailed proposals have not been made public, one rumoured change is the removal of web cookie consent banners that display when visiting a website.
The measures also include ideas to modernise the UK's data watchdog, the Information Commissioner's Office (ICO), to ensure that it has the resources and authority to take tough action against companies that break privacy regulations.
The draft bill is expected to be released this summer.
The GDPR is presently the basis for UK data privacy legislation, but the Government has indicated on several occasions that it wishes to dilute several of the regulation's provisions.
That includes replacing Article 22 of the GDPR, which protects individuals' right not to be subjected to decisions based solely on automated processing, as well as Article 5, which requires personal data collection to be limited to specific, explicit, and legitimate purposes, and to be adequate, relevant, and limited to what is required.
Rafi Azim-Khan, the head of data privacy at law firm Pillsbury, said the Government's intentions for data reform were not surprising, although he warned against a substantial deviation from EU legislation, which might jeopardise the UK's EU data adequacy ruling.
Last year, the non-profit advocacy group Open Rights Group (ORG) said that the Government was planning to water down people' data protections.
The ORG said the Government was looking to undermine individual data protection rights as well as accountability and transparency into how personal data is used by businesses and government agencies.
The Government was vague on another technology issue: the regulation of big tech.
Earlier reports said it was about to abandon plans to give the Competition and Markets Authority powers to fine large technology companies for breaching competition rules, and that it had removed the provision from the Queen's Speech. Just days later, it was reported that the UK would align with Europe on the issue and bolster the Digital Markets Unit (DMU), a division of the CMA, to enable it to punish technology platforms for transgressions.
In the event, the Government delayed the decision, saying a draft version of the Digital Markets, Competition and Consumer Bill will be published during the course of this Parliament.