UK’s proposed new data protection law

New UK data protection law: worthwhile divergence or political point-scoring?

What is proposed?

On 10 September 2021, the UK government published its proposals to reform UK data protection law. Whilst current UK data protection law in the form of UK GDPR mirrors EU data protection law, the proposals represent the UK government seizing the opportunity given by Brexit to set separate UK rules for data protection. Their objective, set out in the ministerial forward is to:

“…create a more pro-growth and pro-innovation data regime whilst maintaining the UK’s world-leading data protection standards.”

Oliver Dowden, (the then) Secretary of State for Digital, Culture, Media and Sport

Policy objectives

In more detail, the proposals seek to:

  1. Support vibrant competition and innovation to drive economic growth
  2. Maintain high data protection standards without creating unnecessary barriers to responsible data use
  3. Keep pace with the rapid innovation of data-intensive technologies
  4. Help innovative businesses of all sizes to use data responsibly without undue uncertainty or risk, both in the UK and internationally
  5. Ensure the ICO is equipped to regulate effectively in an increasingly data-driven world

Regulatory principles

The Government explains that its decisions will be guided by the following principles:

  1. The UK’s data protection regime should create a net benefit for the whole of the UK, unlocking new economic opportunities both at home and abroad, and keeping our society safe and secure
  2. The UK’s data protection regime should be future-proofed with a responsive framework that enables responsible innovation and a focus on privacy outcomes that avoids imposing any rules today that become obsolete as the technological landscape evolves
  3. The UK’s data protection regime should deliver a high standard of data protection for citizens whilst offering organisations flexibility in determining how to comply most effectively
  4. Organisations that comply with the UK’s current regime should still be largely compliant with our future regime, except for only a small number of new requirements
  5. The government’s approach to data protection should actively take into account the benefits of responsible use of personal data, while proactively maintaining public trust in such uses
  6. Effective, risk-based and preventative supervision is critical to realising a pro-growth and trusted data regime, and the ICO’s world-leading status as the UK’s independent data protection regulator should be sustained

Consultation questions

The document then seeks views on a range of potential measures, grouped by the five policy objectives and informed by the regulatory principles.

The consultation closed on 19 November 2021.