Change is coming: Data Reform Bill announced in Queen’s Speech

In the Queen’s Speech delivered on 10 May 2022, the UK government heralded its intention to introduce a new Data Reform Bill.

The announcement marks the first step towards the creation of a new UK data protection regime distinct from GDPR and follows the government’s public consultation document “Data: a new direction” published in September 2021.

At present, the precise details of the nature and extent of the reform are unknown, however, a draft bill is expected to be published in the coming weeks.

In the meantime, the government’s briefing note states that the purpose and benefit of the bill is to:

• Take advantage of the benefits of Brexit to create a world-class data rights regime that will allow us to create a new pro-growth and trusted UK data protection framework that reduces burdens on businesses, boosts the economy, helps scientists to innovate and improves the lives of people in the UK.
• Modernise the Information Commissioner’s Office, making sure it has the capabilities and powers to take stronger action against organisations who breach data rules while requiring it to be more accountable to Parliament and the public.
• Increase industry participation in Smart Data Schemes, which will give citizens and small businesses more control of their data. The Bill will also help those who need health care treatments, by helping improve appropriate access to data in health and social care contexts.
• Increase the competitiveness and efficiencies of UK businesses by reducing the burdens they face, for example by creating a data protection framework that is focused on privacy outcomes rather than box-ticking.
• Make sure that data can be used to empower citizens and improve their lives, via more effective delivery of public healthcare, security, and government services
• Create a clearer regulatory environment for personal data use that will fuel responsible innovation and drive scientific progress.
• Ensure that the regulator takes appropriate action against organisations who breach data rights and that citizens have greater clarity on their rights.
• Simplifying the rules around research to cement the UK’s position as a science and technology superpower.

What does this mean for UK businesses?

At first glance, the proposed reforms appear to be beneficial for businesses. The government’s suggestion that the new legislation will create a “more flexible, outcomes-focused approach to data protection” and reduce the compliance burden on businesses is to be welcomed.

Nevertheless, for those organisations which operate in both the UK and the EEA the administrative burden is likely to increase as they will be required to adhere to two diverging data protection regimes. Furthermore, there is a risk that any significant departure from EU GDPR will endanger the UK adequacy decision and jeopardise the free flow of data from the EU to the UK which is essential to cross-border trade and operations.

We will publish a further update on this matter once the text of the Bill becomes available.

If you would like any further information or advice on these issues please contact Laura Cunningham from the Commercial team.

*This information is for guidance purposes only and does not constitute, nor should be regarded, as a substitute for taking legal advice that is tailored to your circumstances.