In the Queen’s speech at the state opening of parliament on 10 May 2022, the UK government announced its intention to change the UK’s data protection regime in a new Data Reform Bill. This follows a consultation last Autumn on how the UK GDPR could be reformed following the UK’s exit from the European Union (EU).
The government claims that the new Bill would:
- Create a data protection framework focused on “privacy outcomes” that would reduce the burdens on businesses, and a “clearer regulatory environment” to encourage “responsible innovation”.
- Ensure that citizens’ data is “protected to a gold standard”, while enabling more efficient sharing of data between public bodies.
- Modernise the Information Commissioner’s Office and require it to be “more accountable to Parliament and the public”.
The Queen’s speech also announced plans to replace the Human Rights Act 1998, which incorporated the European Convention on Human Rights into UK law. According to the government a new “Bill of Rights” would “end the abuse of the human rights framework and restore some common sense to [the] justice system”. This would be achieved by “establishing the primacy of UK case law”, which means that UK courts would no longer be required to follow the case law of the European Court of Human Rights.
Taken together, both of these proposed new legislative measures could change the balance of protection of individuals’ rights in the UK, both generally and in the specific area of personal data regulation. Their development will be closely watched by data protection professionals, because any significant changes in the UK data protection regime could prompt the EU to review its post-Brexit UK adequacy decision, potentially leading to the end of decades of seamless transfers of personal data from the EU to the UK.
First publication on K&L Gates Cyber Law Watch in collaboration with Nóirín McFadden