UK – Data Protection and Digital Information (No. 2) Bill

Update, October 2024, this bill was dropped following the 2024 election.

The Data Protection and Digital Information (No. 2) Bill is a UK Bill currently (July 2023) passing through the Committee stage of the Commons.  It covers much of the same ground as the existing UK GDPR legislation which at present is similar to the EU GDPR having been carried across and re-packaged following Brexit.   It will effect changes in UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.  The overarching aim is to take into account knowledge gained from running the existing GDPR and to make the legislation simpler and cheaper for businesses to implement.

It is unlikely that any major changes to the concept of GDPR will occur as the UK government will wish to maintain ‘adequacy’ with the existing EU GDPR.  The concept of ‘adequacy’ defines data protection legislation to be essentially equivalent across borders and permits the free flow of personal data between UK and EU based organisations.

Unravelling the impact of the law is confused by the now defunct Data Protection and Digital Information Bill.  This was withdrawn on 8th March 2023 after being introduced on 18th July 2022 and only reaching its 1st reading in the Commons.  The snappily named ‘No 2’ Bill had its 1st reading on 8th March when the original Bill was withdrawn and in 2 months has made significantly more rapid progress passing to the Committee stage on 10th May 2023.  Putting the 144 word ‘long title’ of both Bills through a text comparison engine revealed that these are identical.  A legal insight into the changes reveals that the Bills are substantially similar.

The contents of the Bill could yet change but in its present state it has been highlighted as a weakening of data protection law by the Open Rights Group.  The ICO allege that:

  • Data protection rights will be weakened with stricter barriers to the access of data from concerned individuals and longer wait times for access or processing of complaints.
  • Accountability will be less strict with looser record keeping requirements.
  • The Secretary of State will be able to interfere in the affairs of the regulatory body; the  Information Commissioner’s Office (ICO).
  • Protections will be lowered for personal information transferred abroad including countries with weaker data protection legislation.

If the issues raised prove to be well founded it could result in a move of data harvesting operations to the UK from a stricter regime within the EU.   This is unlikely to be the consequence of reduced costs and paperwork that the government has intended.

More from Security

06/01/2025

Scam Promotions on Facebook

Web adverts promoting questionable offers and schemes are old hat.  Facebook is no exception but unlike wholly dubious hosts or otherwise reliable sites depending …

Read post

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

04/11/2024

UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories