The UK’s new Data Protection and Digital Information Bill is set to reduce costs and burdens for British businesses and charities, and remove barriers to international trade.
We know from when it was first brought before parliament last summer that it will also cut the number of repetitive data collection and cookie pop-ups online.
Progress on the bill was paused in September 2022 so ministers could engage in a consultation process with business leaders and data experts. This aims to ensure that the new regime builds on the UK’s high standards for data protection and privacy, and seeks to ensure data adequacy while moving away from the ‘one-size-fits-all’ approach of European Union’s GDPR.
Key features of the revised bill include:
- Introducing a simple, clear and business-friendly framework that will not be difficult or costly to implement — taking the best elements of GDPR and providing businesses with more flexibility about how they comply with the new data laws.
- Ensuring the new regime maintains data adequacy with the EU, and wider international confidence in the UK’s comprehensive data protection standards.
- Further reducing the amount of paperwork organizations need to complete to demonstrate compliance.
“Co-designed with business from the start, this new Bill ensures that a vitally important data protection regime is tailored to the UK’s own needs and our customs,” says science, innovation and technology secretary Michelle Donelan. “Our system will be easier to understand, easier to comply with, and take advantage of the many opportunities of post-Brexit Britain. No longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR.”
Among other features are an increase in fines for nuisance calls and texts to be either up to four per cent of global turnover or £17.5 million, whichever is greater.
The Bill will also establish a framework for the use of trusted and secure digital verification services, which allow people to prove their identity digitally if they choose to do so. These measures will allow customers to create certified digital identities that make it easier and quicker to prove things about themselves.
Dr. Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network says:
The proposed bill, more specifically as an underlying purpose of de-complexification, may serve as a laudable example to EU lawmakers. Amid the rapidly growing EU GDPR fatigue, inconsistent enforcement among the EU member states and growing costs of formalistic compliance that merely fosters the tick-a-check-box-and-forget ‘security’, European companies would gain a significant competitive advantage on the global market if European GDPR goes through a similar set of improvements and simplifications.
The current EU’s cybersecurity regulatory landscape is commencing verging on overregulation, making it a disservice to both European individuals and businesses. In the meanwhile, even more EU-wide legislation on AI, cybersecurity and privacy is coming in 2023-2024 — often promoting hardly compatible values and objectives thereby making compliance extremely complicated and unnecessarily expensive.
If the trend of overregulation persists, we will probably see a massive and deliberate non-compliance as costs and penalties for non-major infringements will likely be much less important than costs of a holistic implementation of the mushrooming EU cybersecurity regulations and directives.
The Bill will also strengthen the Information Commissioner’s Office (ICO) through the creation of a statutory board with a chair and chief executive.
The full version the bill is available on the gov.uk website.