UK – Data Protection and Digital Information (No. 2) Bill

The Data Protection and Digital Information (No. 2) Bill is a UK Bill currently (July 2023) passing through the Committee stage of the Commons.  It covers much of the same ground as the existing UK GDPR legislation which at present is similar to the EU GDPR having been carried across and re-packaged following Brexit.   It will effect changes in UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.  The overarching aim is to take into account knowledge gained from running the existing GDPR and to make the legislation simpler and cheaper for businesses to implement.

It is unlikely that any major changes to the concept of GDPR will occur as the UK government will wish to maintain ‘adequacy’ with the existing EU GDPR.  The concept of ‘adequacy’ defines data protection legislation to be essentially equivalent across borders and permits the free flow of personal data between UK and EU based organisations.

Unravelling the impact of the law is confused by the now defunct Data Protection and Digital Information Bill.  This was withdrawn on 8th March 2023 after being introduced on 18th July 2022 and only reaching its 1st reading in the Commons.  The snappily named ‘No 2’ Bill had its 1st reading on 8th March when the original Bill was withdrawn and in 2 months has made significantly more rapid progress passing to the Committee stage on 10th May 2023.  Putting the 144 word ‘long title’ of both Bills through a text comparison engine revealed that these are identical.  A legal insight into the changes reveals that the Bills are substantially similar.

The contents of the Bill could yet change but in its present state it has been highlighted as a weakening of data protection law by the Open Rights Group.  The ICO allege that:

  • Data protection rights will be weakened with stricter barriers to the access of data from concerned individuals and longer wait times for access or processing of complaints.
  • Accountability will be less strict with looser record keeping requirements.
  • The Secretary of State will be able to interfere in the affairs of the regulatory body; the  Information Commissioner’s Office (ICO).
  • Protections will be lowered for personal information transferred abroad including countries with weaker data protection legislation.

If the issues raised prove to be well founded it could result in a move of data harvesting operations to the UK from a stricter regime within the EU.   This is unlikely to be the consequence of reduced costs and paperwork that the government has intended.

More from Security


eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post


Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post


UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post


Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus