The Labour party didn’t mention data protection in its manifesto, so it wasn’t clear until the King’s Speech whether they would pursue the work completed for the Data Protection and Digital Information Bill (DPDI). Now we know… sort of.
DPDI was designed as the UK’s replacement for the GDPR and was a key area where the previous Conservative government hoped to find “Brexit benefits”. It had cross-party support and got far enough through the legislative process that bodies like the Data and Marketing Association (DMA) and TechUK were lobbying hard for it to be included in the ‘washup’ before parliament was dissolved.
When that didn’t happen, the lobbying continued, with the DMA pushing hard for what it called a ‘Data Reform for Growth’ Bill. It looks like it might have got its wish.
We don’t have much detail yet – no draft text has been published, although there is some information on page 39 of the King’s Speech notes which you can read here. However, there are some things we can guess at or hope for.
What will the bill be like?
First, we know Labour will be looking for bills it can pass in its first 100 days, to show it is effective at changing things quickly. As DPDI was so close to being passed, a bill closely resembling DPDI that doesn’t need much extra scrutiny could well be on the list.
Second, the key deliverables listed in the King’s Speech notes are things that were included in DPDI, that have already been through scrutiny and that aren’t particularly controversial. It’s notable that some of the contentious elements – such as powers for the Department for Work and Pensions to access bank accounts belonging to benefits claimants – are not mentioned in the King’s Speech notes.
As it stands, it therefore looks like we might be getting a cut down version of DPDI that could be put before Parliament very quickly.
The third thing to note is that the phrase ‘data protection’ is no longer in the title of the bill and there’s nothing in the King’s Speech notes to suggest that it is intended to replace GDPR. A supplement to GDPR is likely to be much more palatable to the data protection and business community, who were worried that DPDI could cause issues for the continuation of the UK’s adequacy decision with the EU. The adequacy decision allows data to flow between the UK and EU as if the same laws apply in both places, so it is very important for reducing barriers to cross-border working.
What will the bill change?
Only time will tell whether the bill will be introduced quickly and whether it will augment or replace GDPR. However, we can see some specific inclusions that will make a difference to organisations in Gemserv’s target markets.
- Smart Data schemes will allow data sharing between customers. These are essentially mechanisms to facilitate the right to data portability. At present, we know that many organisations are concerned about sharing the data they hold because of concerns about its quality and accuracy. This is often more of an issue for large organisations with legacy systems and/or that have grown through acquisition and have complex data architecture. We can expect to see organisations wanting to participate in these schemes investing in remediating these issues.
- Digital Verification services should give customers a smoother user experience and make it harder for bad actors to steal identities. If verification services are compromised, the impact can be extreme. Verifications.io closed almost overnight after suffering ‘the largest data leak of US citizens PII data in recorded history’ in 2019. They are therefore likely to be subject to great scrutiny.
- Broad consent for scientists to reuse data collected for scientific research, which will make said research easier to carry out. This will have a narrow scope – commercial organisations are unlikely to be able to rely on it for market research for example – but it has the potential to make it easier to innovate in the UK, as long as people remain willing to give consent given its expanded scope.
- The National Underground Register will support Gemserv’s construction, energy and low carbon clients by providing them with a trusted source of data about the locations of critical national physical infrastructure. This is typically highly sensitive information due to the risk of abuse so we expect that it will be heavily protected.
- Reform of the Information Commissioner’s Office including expanded powers. It will be interesting to see how this interacts with the current strategy of using enforcement as a last resort and giving substantial discounts to public sector entities. Could we be in line for a change of approach?
There are also some elements of DPDI that weren’t mentioned in the King’s Speech that are likely to be the focus of lobbying, such as the plan to reintroduce soft opt-in for charity fundraising emails.
Overall, it is pleasing to see that the Labour government recognises the interaction between data laws and economic growth. We will await the published text with great interest.