On 10 May 2022, Prince Charles announced the intention to reform the UK’s data protection regime with the Data Reform Bill. He did so as part of the Queen’s speech which he delivered to both Houses of Parliament, summarising bills that are proposed for the following year.
The Data Reform Bill will take advantage of the UK’s legislative freedom following its exit from the European Union (EU). The Bill will deviate from existing data protection laws, including the UK GDPR and Data Protection Act 2018.
The Government’s key aims are to simplify data protection law in order to reduce the compliance burden on UK businesses and promote innovation by creating “a more flexible, outcomes-focused approach to data protection”. The Government also intends to “modernise the Information Commissioner’s Office” to ensure appropriate action is taken by the regulator in response to data breaches, whilst increasing its accountability, both to the public and to Parliament.
Whilst a simplified, outcomes-based approach to data protection law will be welcomed by many UK businesses, a departure from EU legislation raises questions about the status of the UK’s EU adequacy decision. The Government is challenged with striking a balance between creating a pro-growth data regime and retaining the integrity offered by the current EU-derived framework. Loss of the UK’s adequacy status would jeopardise data flows between the EU and UK and could cause significant disruption for many organisations.
The text of the Bill is not yet available, however the draft Bill is expected to be released this summer. Once the full text is released, this will provide much needed clarity, however the impact of the Bill on future data processing within the UK will, to a degree, depend on the reaction of the EU.
For more information on this article, please contact our Data Protection team.