Ahead of the Second Reading of the Data Protection Bill in the House of Lords techUK has produced a briefing outlining the key elements of the Bill for the tech sector.
techUK wishes to see a narrow Bill with a clearly defined purpose which puts the UK is the best possible position to secure a data flows agreement with the EU. You can download our Briefing on the Data Protection Bill below.
Key elements of techUK’s briefing include:
- The Data Protection Bill is welcomed by the tech sector as a way of ensuring the UK’s data protection laws are fit for the digital age. Ensuring that the public can trust their data is handled safely is important for everyone.
- All major parties agreed to implement the EU General Data Protection Regulation (GDPR) at the 2017 General Election. This Bill should have the narrow focus of legislating for GDPR derogations along with necessary legislation for data processing not covered by EU competencies.
- This Bill is time sensitive. It must be in place before May 2018 in order to ensure that UK meets its obligation to implement GDPR. The Bill should be seen through the prism of Brexit, full implementation of GDPR is necessary to ensure that the UK is in the best possible position to secure a mutual adequacy agreement with the EU to allow the continued free flow of data post-Brexit.
- The Government is right to set the age of consent at 13. This will allow young people to reap the societal and educational benefits of online activity, as well as helping them to develop the digital skills which are now fundamental for young people to have. A higher age threshold risks excluding people from these tools. The policy goal of protecting young people’s data is accomplished through safeguards within the GDPR designed to prevent harm to young people, such as potential harm from automated decision making.
- The Data Protection Bill must allow data to be processed for research purposes, as currently allowed by the Data Protection Act 1998.
- The Information Commissioner’s Office must be well-resourced so it can effectively undertake the important work it has to do in developing compliance guidance for new data protection rules.
- A new criminal offence against re-identifying de-identified data should not prevent important security research, which would make systems less secure, not more.
- The Data Protection Bill must operate in conjunction with the EU (Withdrawal) Bill. It is important that the right to protection of personal data under the European Charter of Fundamental Rights is protected in order to give the public the overall right to recourse over personal data protection.
For more information relating to the Data Protection Bill, or techUK's work on Data Protection more widely please contact: