Last chance to comment on the Government’s consultation to reform the UK’s data protection regime

The Department for Digital, Culture, Media & Sport (DCMS) is currently consulting on reforms to the UK’s data protection regime. The proposals would mean moving away from the standards that apply in the EU under the European General Data Protection Regulation (‘EU GDPR’) and making the use of data in the UK less restrictive to encourage innovation.

Details of the consultation can be found here and it closes at 11.40pm this Friday 19 November 2021.

In September 2020, the government published a National Data Strategy about how to make the most of data’s many opportunities.

Published on 10 September 2021, the 146-page consultation is the first stage in delivering on Mission 2 of the National Data Strategy, to secure a pro-growth and trusted data regime.

The Government states that the reforms will:

1. strengthen our position as a science superpower, simplifying data use by researchers and developers of AI and other cutting-edge technologies;
2. build on the unprecedented and life-saving use of data to tackle the COVID-19 pandemic;
3. secure the UK’s status as a global hub for the free and responsible flow of personal data – complementing our ambitious agenda for new trade deals and data partnerships with some of the world’s fastest growing economies;
4. reinforce the responsibility of businesses to keep personal information safe, while empowering them to grow and innovate; and
5. ensure that the ICO remains a world-leading regulator, enabling people to use data responsibly to achieve economic and social goals.

The proposals build on the current UK General Data Protection Regulation (UK GDPR), such as its data processing principles, its data rights for citizens, and its mechanisms for supervision and enforcement. The key areas within the consultation are:

1. reducing barriers to responsible innovation;
2. reducing compliance burdens on businesses;
3. boosting trade and reducing barriers to data flows;
4. delivering better public services; and
5. reforming the Information Commissioner’s Office (ICO).

The Government is looking to move away from what it calls the ‘box-ticking’ regime of the EU GDPR which places unnecessary burdens on businesses. Proposals include the removal of the requirement to:

• Designate a Data Protection Officer;
• Conduct data protection impact assessments;
• Consult with the ICO prior to high-risk processing; and
• Potentially charge fees to handle subject access requests.

There is concern that the EU may think the reforms mean that the UK no longer provides an adequate level of data protection and this would have a knock on effect on trade and the data that can flow freely between the EU and the UK.

In the ICO’s response to the consultation, it notes the importance for Government to ensure the final package of reforms maintains rights for individuals, minimises burdens for business and safeguards the independence of the regulator. The ICO has concerns about preserving its independence if, as proposed, the Secretary of State is to appoint the ICO’s CEO, and approve its guidance.

Innovation in data protection relies on individuals being willing to share their data. ICO research has shown that people who have heard about a data breach have lower levels of trust and confidence in all organisations using their data. The consultation states that ‘the reforms will keep people’s data safe and secure.’

As the proposals develop, providing individuals with sufficient information will be key to gaining their trust and providing clarity on how personal data will be used.

Please contact our information law team here to discuss any issues you have regarding the proposals, whether as they stand, or as they develop post-consultation.