Last week the UK Secretary of State for Science, Innovation and Technology, Michelle Donelan, introduced the Data Protection and Digital Information (No. 2) Bill to UK Parliament. The first version of the reform bill was initially proposed by the UK government in July 2022, but was put on pause during September 2022.
According to the UK government in its press release, the Bill will “introduce a simple, clear and business-friendly framework that will not be difficult or costly to implement – taking the best elements of GDPR and providing businesses with more flexibility about how they comply with the new data laws”. It further notes that the Bill will “ensure…[the] new regime maintains data adequacy with the EU”, a point which has been questioned since it was initially announced that the UK would reform its data protection laws.
The proposed changes that are likely to be the most well-received relate to scientific research — where the U.K. government has expanded the definition to make it easer for data to be reused for research. However, there may be concerns about the potential for misuse of a freer regime here.
The existence of an independent data protection regulator will be one of the key areas for the EU to scrutinize when it comes to assessing the U.K.’s “essential equivalence” with its data protection rules — so any moves that could be viewed as undermining the autonomy of the ICO look risky to say the least.