Data Protection and Digital Information Bill

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

The FCC’s Net Neutrality Order: Going Beyond Blocking, Throttling, and Fast Lanes | Privacy World

What Happened to the UK’s

The UK Parliament was dissolved on 30th May 2024 ahead of the upcoming July general election and before the Government’s Data Protection and Digital Information (DPDI) Bill could be passed in the “wash up period”1. Like other proposed laws which were not enacted prior to the dissolution of Parliament, the Bill is considered failed and will not be carried over to the new Parliament (even if the Conservatives are re-elected, it will need to be re-presented).

What was the DPDI Bill?

This Bill was the second version of the DPDI Bill – the first version was presented to Parliament in July 2022. Its stated goal was to revise the UK’s data protection laws post-Brexit and reduce red tape and paperwork for UK businesses2. However, as we observed in a previous post, the creation of a UK data protection regime that diverged further from the regime in the EU would have had the opposite effect for any international UK (and other) businesses already subject to EU GDPR and other data protection laws.

In addition, the DPDI Bill aimed to:

  • Reduce barriers to responsible innovation by, for example, amending the definition of “scientific research” to include commercial activities;
  • Boost trade and reduce barriers to data flows by, for example, keeping the existing EU Standard Contractual Clauses;
  • Deliver better public services by, for example, the facilitation of data sharing between public and private institutions including banks to prevent fraud; and
  • Reform the Information Commissioner’s Office by, for example, replacing the current Commissioner role with a statutory board of members appointed by the Secretary of State.

Continue Reading What Happened to the UK’s Data Protection and Digital Information Bill?

The UK’s Data Protection and Digital Information (No 2) Bill passed its second reading in the House of Commons on 17 April 2023. Completion of that formal stage in Parliamentary proceedings confirms approval of the Bill in principle. From there, the Bill moves into its committee stage for more detailed scrutiny. The second reading debate

The UK’s Data Protection and Digital information (No 2) Bill (the Bill) would remove the need for many organisations to appoint a Data Protection Officer. Instead, there would be an obligation on (i) public sector bodies, and (ii) organisations whose processing of personal data is likely to result in a “high risk” to the rights and freedoms of individuals to appoint a “Senior Responsible Individual” (SRI). Although presented as a measure to reduce administrative burdens and compliance costs, the requirement could have the opposite effect, also creating a role that carries significant personal risk for anyone willing to take it on.
Continue Reading UK Data Protection Reform: who would want to be a “Senior Responsible Individual”?

The second reading of the Data Protection and Digital Information Bill (the Bill) has been delayed following the election of the new Conservative Party leader. The new date is yet to be announced, but in the meantime, it is worth analysing some of the key changes the Bill proposes. While it promises more flexibility and less ambiguity, practically speaking, the Bill may not represent a fundamental divergence from the current regime.
Continue Reading Data Protection and Digital Information Bill Delayed – Aspects to Consider While We Wait