- Technology Secretary Michelle Donnellan introduced the Data Protection and Digital Information Bill today.
- UK businesses and charities will benefit from the sense-based GDPR, which will reduce costs and burdens, eliminate trade barriers, and reduce the number of repetitive online data collection pop-ups.
- A robust data system will save the UK economy more than £4 billion over the next ten years and ensure that privacy and data security are securely protected.
The Government in Parliament is introducing new data laws today to reduce unnecessary business paperwork and annoying cookie pop-ups.
The Data Protection and Digital Information Bill was introduced last summer and postponed until September 2022 so ministers can co-design with business leaders and data experts – ensuring the new regime meets the UK’s high data protection and privacy standards. It has been developed and seeks to provide data adequacy, moving away from the ‘one-size-fits-all’ approach of the EU GDPR.
From medical breakthroughs to travel, finances, and online shopping, data drives economic growth in every aspect of society. Developing and using innovative technologies such as artificial intelligence is essential.
Data-driven trade generated 85 per cent of the UK’s total services exports and contributed an estimated £259 billion to the economy in 2021.
The improved Bill will:
- Introduce a simple, transparent, business-friendly framework that will not be difficult or expensive to implement – taking the best elements of GDPR and giving businesses more flexibility in complying with the new data law.
- Ensure our new regime maintains data adequacy with the EU and broader international confidence in the UK’s comprehensive data protection standards.
- Further, it reduces the paperwork organizations need to complete to demonstrate compliance.
- Support even more international trade without creating extra business costs if they comply with current data regulations.
- Provide organizations with greater confidence about when they can process personal data without consent.
- Increase public and business confidence in AI technology by clarifying the circumstances under which strong protections for automated decision-making apply.
Today’s data reforms are expected to yield savings of £4.7 billion for the UK economy over the next ten years and maintain the UK’s internationally renowned data protection standards for businesses to continue to trade freely with global partners, including the EU.
The Science, Innovation and Technology Secretary Michelle Donnellan said:
“Co-designed with businesses from the outset, this new Bill ensures that a vital data protection system is tailored to the UK’s own needs and our customs.
“Our system will make it easier to understand, comply with and take advantage of the many opportunities for a post-Brexit Britain. Our businesses and citizens will no longer have to tangle themselves around the hurdle-based European GDPR.”
“Our new laws release British businesses from unnecessary red tape to unlock discoveries, drive forward next-generation technologies, create jobs and boost our economy.”
Additionally, the Bill raises the fine for nuisance calls and texts to four per cent of global turnover or £17.5 million, whichever is more significant. It also aims to reduce consent pop-ups that websites use to collect data about a person’s visits, which are displayed online.
The Bill would also establish a framework for using trusted and secure digital verification services, allowing people to prove their identity digitally if they choose to do so. These steps will enable customers to create certified digital identities that make it easier and faster for people to prove things about themselves.
The Bill will strengthen the Information Commissioner’s Office (ICO) by creating a statutory board with a chair and chief executive. In addition to remaining a world-leading independent data regulator, it can assist organizations with complying with data protection laws.
TechUK CEO, Julian David, said:
“TechUK welcomes the new, targeted package of reforms to the UK’s data protection laws, which build on the ambition to bring organizations transparency and flexibility when using personal data.”
With the changes announced today, organizations can conduct research, provide essential business services, and develop new technologies such as artificial intelligence more confidently, all while maintaining data protection levels on par with the highest global standards, including EU data adequacy.
DPDI Business Advisory Group Chair and CEO Chris Combemale said:
“The DMA has collaborated with the Government throughout the Development of Data Protection and Digital Information Bill (DPDI) to champion the best interests of both businesses and their customers. The Bill should catalyze innovation and growth while maintaining robust privacy protections across the UK, and this essential balance will build consumer trust in the digital economy.”
The Information Commissioner of the United Kingdom, John Edwards, said:
My support goes to reintroducing the Data Protection and Digital Information Bill, which aims to enable organizations to thrive by fostering innovation and growth. Data protection law must give people the confidence to share information to use the products and services that power our economy and society.
“The Bill will ensure that my office can continue to act as a credible, fair and independent regulator. It will be important to monitor these reforms in the Bill as it continues to make its way through Parliament as we work constructively with the Government.”
FURTHER INFORMATION
Ministers have co-designed the Bill with key industry stakeholders and private partners on amendments that will give companies greater flexibility in complying with the Government while maintaining high data protection standards.
Unleashing more scientific research
Current data laws must clarify how scientists can process personal data for research purposes, and this prevents them from completing vital research that can improve people’s lives nationwide.
The Bill updated the definition of scientific research to clarify that commercial institutions would benefit from the same freedom to conduct innovative scientific research as academics, such as by making it easier to reuse data for research purposes. As a result, researchers will have to deal with less paperwork and legal expenses, leading to more scientific research in the commercial sector. The definition of scientific research in the new Bill needs to be completed. It remains any processing that can be ‘reasonably described as scientific’ and can include activities such as innovative research into technological development.
Reducing redundant paperwork even more
The existing European version of the GDPR adopts a highly prescriptive, top-down approach to data protection regulation that can limit organizations’ flexibility to manage risks and impose a disproportionate burden on small businesses.
Ministers have improved the Bill to reduce the paperwork organizations must complete to show compliance. It is only required to keep processing records by organizations whose activities pose a high risk to the rights and freedoms of individuals. For example, this could include organizations processing large volumes of sensitive data about people’s health.
The new rules will give organizations more clarity on when they can process personal data without consent or without weighing their interests in processing data against an individual’s right to perform certain public interest activities. Circumstances in the general welfare may include sharing personal data to prevent crime, protect national security or protect vulnerable individuals.
Increasing public and business trust in AI technology
Innovative technologies such as AI and quantum computing have the potential to create far-reaching benefits, such as improving healthcare service delivery and reducing the risk of fraud. These technologies often rely on automated decision-making, where important decisions are made about people without human involvement or profiling, where a computerized process analyzes or predicts aspects of a person, such as their capabilities or behaviour.
The UK’s existing data protection laws are complex, and they need more clarity for solely automated decision-making and profiling, making it difficult for organizations to use these technologies responsibly.
The Bill ensures that organizations can use automated decision-making more confidently and have appropriate safeguards for those who make these decisions. This means that people will be aware of such decisions and can challenge and seek human review when they may be wrong or harmful.
The new measures today make clear that profiling is subject to the same solid protections for automated decision-making as when vital decisions are made about an individual without meaningful human involvement.
For example, suppose a person is denied a job or a loan because they made an automated decision without meaningful human input. In that case, they can challenge that decision and request a human review of the results.
Due to the reform, businesses, AI developers and individuals will get more clarity on when these essential safeguards apply to fully automated decision-making. These arrangements maintain the UK’s high data protection standards and help provide greater transparency and accountability for decisions made by computer algorithms.
International data-sharing support
UK is committed to maintaining high data protection standards with services such as GPS navigation, innovative home technologies and content streaming.
The updated Bill ensures that businesses can continue using their existing international data transfer mechanisms to share personal data overseas if they comply with current UK data laws. This will ensure British companies can avoid paying more costs or completing new checks to show they’re compliant with the updated rules.