The Government has now published its much anticipated draft legislation to bring into effect its policy for the future of data protection in the UK.
The Data Protection & Digital Information Bill will receive its second reading on 5th September.
If passed in its current form, the Bill will mark a very significant shift in terms of the balancing of the rights of the individual on the one hand, and commercial interests on the other. The shift is very much away from the idea that data privacy is a fundamental right. The legislation will tip the balance in favour of Big Tech and consumer businesses of all shapes and sizes.
This Bill, taken together with the repeal of the Human Rights Act (which amongst other things protects our right to privacy) puts in doubt the survival of data protection as a fundamental legal right altogether.
The Government had been pretty up front about its intention to make it easier for businesses to exploit our data. But it also promised to make data protection law clearer and easier to implement. This Bill will not achieve that objective. It does not consolidate our data protection laws into a single piece of legislations. Instead, it rather clumsily amends several other pieces of legislation, namely the Data Protection Act 2018; the UK GDPR, and the Privacy & Electronic Communications Regulations.
This means that data controllers will still need to look at all three pieces of legislation and, what’s worse, will have to try and work out what changes have been made (since there is no published consolidated version of those laws). Perhaps I shouldn’t complain as a lawyer whose job it is to help clients make sense of all this.
There will be more change and uncertainty for data controllers because the Bill will remove the role of Data Protection Officer and will remove the need for Data Protection Impact Assessments (DPIAs) but proposes that they are replaced by things that sound very similar but are not fully defined.
The Bill may of course be subjected to any number of amendments as it passes through both Houses of Parliament, but the overall shift towards easier data exploitation seems certain to survive the debates.
Once it becomes an Act of Parliament (probably later this year or early next), data controllers of all shapes and sizes will want to ensure they are taking full account of the new regime and staying compliant by reviewing their policies and working practices.
Tim Heywood, solicitor, FRSA is a Partner at gunnercooke llp specialising in data protection and regulatory matters