Government announces more details of data protection bill

Posted on 8th August 2017
On 7 August the government published a ‘Statement of Intent’ in relation to the new Data Protection Bill.  The announcement attracted widespread positive media coverage, concentrating on new rights for individuals, such as a “right to be forgotten”, and new penalties for organisations that get it wrong.  But hang on, isn’t this all very familiar stuff from the General Data Protection Regulation?

To understand the context, you may remember that hidden away between the various Brexit bills in the Queen’s speech earlier this summer, a new Data Protection Bill was announced. For data protection practitioners, this was very welcome news.  Although we’ve all been working hard preparing for the GDPR, which will apply from 25 May 2018, the GDPR is only one (albeit very important) piece of the data protection jigsaw.  Reflecting the differences between the 28 EU member states, spread throughout the GDPR there are ‘derogations’, or areas where national law may depart from the GDPR text. This includes some pretty significant areas, such as criminal offences and exemptions. There is also the matter of the Law Enforcement Directive, which needs to be implemented into UK law by next May.

The new announcement fills in some, but not all, of these gaps.  For instance, we now know that many of the exemptions under the Data Protection Act will be retained under the new regime, including those for journalism and for research purposes. Most practitioners had been working on this assumption, but the confirmation is welcome. As well as retaining and expanding the existing ‘section 55’ criminal offence (for unlawfully obtaining or disclosing personal data), the government proposes new criminal offences for intentionally or recklessly re-identifying anonymised data, and for altering records to prevent disclosure under subject access rules.  The government has also confirmed that the age at which children may consent to information society services will be set, as expected, at 13.

But this is a statement of intent, not a draft bill, and so we will have to wait until next month before the full bill is published. Although the government does not command a parliamentary majority, it is likely that these measures will have cross-party support.

Perhaps more significant than the specifics is the tone of the announcement. The government is talking about data protection reform as a positive change to empower individuals, rather than as a damaging cost to organisations, and there is a strong emphasis on maintaining cross-border data flows. In the uncertain world of impending Brexit, that is something to be welcomed.

Enjoy That? You Might Like These:

Blake Morgan climbs the ranks in The Inclusive Top 50 UK Employers List
2 December
The Inclusive Top 50 UK Employers published on November 28th showcases leading organisations working across all strands of diversity. In recognition of their continued dedication to workplace diversity, Blake Morgan... Read More
Blake Morgan advises team behind £120m Cardiff Parkway development
22 November
Blake Morgan’s Cardiff-based team is pleased to act as legal advisors to the proposed Cardiff Parkway development. Public consultation on the project launched on November 20, with city residents being... Read More
Blake Morgan’s Family and Professional Negligence teams honoured by Times Best Law Firms 2020
15 November
This week the Times launched their inaugural Best Law Firms Guide. The listing recognises the expertise and quality of advice delivered by leading law firms and is entirely peer selected. Working... Read More
Click here for more news features