The UK Parliament was dissolved on 30th May 2024 ahead of the upcoming July general election and before the Government’s Data Protection and Digital Information (DPDI) Bill could be passed in the “wash up period”1. Like other proposed laws which were not enacted prior to the dissolution of Parliament, the Bill is considered failed and will not be carried over to the new Parliament (even if the Conservatives are re-elected, it will need to be re-presented).

What was the DPDI Bill?

This Bill was the second version of the DPDI Bill – the first version was presented to Parliament in July 2022. Its stated goal was to revise the UK’s data protection laws post-Brexit and reduce red tape and paperwork for UK businesses2. However, as we observed in a previous post, the creation of a UK data protection regime that diverged further from the regime in the EU would have had the opposite effect for any international UK (and other) businesses already subject to EU GDPR and other data protection laws.

In addition, the DPDI Bill aimed to:

  • Reduce barriers to responsible innovation by, for example, amending the definition of “scientific research” to include commercial activities;
  • Boost trade and reduce barriers to data flows by, for example, keeping the existing EU Standard Contractual Clauses;
  • Deliver better public services by, for example, the facilitation of data sharing between public and private institutions including banks to prevent fraud; and
  • Reform the Information Commissioner’s Office by, for example, replacing the current Commissioner role with a statutory board of members appointed by the Secretary of State.
What happened to the DPDI Bill?

The Bill was scheduled to enter the House of Lords’ Report stage on 10th June 2024 with the expectation that it would receive Royal Assent before the summer recess. The Bill had passed the Committee stage on 24th April 20243, which involves a line-by-line examination of each clause plus experts and interest groups providing evidence. The revised version of the Bill had been published by the House of Lords and included the insertion of a provision on the admissibility of computer records as evidence (in light of the Post Office Horizon scandal), the amendment of OFCOM’s power to issue a notice requiring internet companies to retain internet usage information of a deceased child (whether or not they died by suicide), and the inclusion of a provision requiring a review of the current form of the register of births and deaths (with the view to create a single digital register)4.

Unlike the Digital Markets Bill, it was understood that the DPDI Bill failed to be fast-tracked through Parliament during the wash-up period because of controversy surrounding last-minute proposed amendments to the Bill by the Department of Work and Pensions (DWP)5. These revisions would have obligated banks at the government’s discretion to share details of account holders who claimed almost any form of state funds such as benefits (the current position is that the DWP can request information if there are “reasonable grounds to suspect fraud”)6.

What could happen after July’s general election?

After urging the Government to pass the DPDI Bill (to no success), industry groups have continued to lobby for reform to the UK’s data protection regime. The Data & Marketing Association for example has released a data protection reform manifesto urging the new government to build on the general principles of the DPDI Bill and enact new legislation modifying the UK’s data protection regime7.

If the Conservatives are re-elected, it seems likely that the DPDI Bill will be reintroduced but it is unclear whether it would be the version published after the House of Lords’ Committee stage or a previous version. The Conservatives’ manifesto published this week included more promises to cut red tape and make things simpler for businesses, but the only reference to data privacy was regarding children’s online safety including the Online Safety Act and banning mobile phones during the school day8.

While the DPDI Bill enjoyed cross-party support, if Labour is elected, the party is likely to introduce a fresh bill with certain issues cherry-picked from it. We would expect any future bill to include measures that achieved industry support, for example, provisions supporting the creation of a regulatory framework to facilitate data sharing in Open Banking and Smart Data schemes9, or that align with Labour’s overall policies such as driving innovation. Labour’s 2024 manifesto reiterated the party’s support for developing the UK’s AI sector, removing planning barriers to build new datacentres and co-ordinating data-focused research programmes through a National Data Library10. Labour also wants to create a Regulatory Innovation Office that oversees other regulators and helps them to balance their mandates with a pro-innovation approach11, including around key areas like AI safety.

For now, the failure of the DPDI Bill will provide temporary relief for international businesses already burdened with compliance obligations under an increasing range of data privacy laws. Privacy World will continue to monitor UK data privacy legislative development after the July general election, and keep you in the loop on new developments related to data privacy, cybersecurity and artificial intelligence.

Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only, and is not intended to constitute or be relied upon as legal advice.

  1. ↩︎
  2. ↩︎
  3. ↩︎
  4. ↩︎
  5. ↩︎
  6. ↩︎
  7. ↩︎
  8. ↩︎
  9. ↩︎
  10. ↩︎
  11. ↩︎