Research and analysis

Data Protection and Digital Information (No. 2) Bill: RPC Opinion (Green-rated)

Regulatory Policy Committee opinion on DCMS' Data Protection and Digital Information (No. 2) Bill IA

From:
Regulatory Policy Committee
Published
28 March 2023

Documents

RPC Opinion: Data Protection and Digital Information (No. 2) Bill

PDF, 138 KB, 8 pages

This file may not be suitable for users of assistive technology.

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email enquiries@bis.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Details

The proposal aims to update and simplify the UK’s data protection framework and the role of the Information Commissioner’s Office, while focusing on protecting individuals’ data rights and generating societal, scientific, and economic benefits. The impact assessment (IA) groups the proposed measures into the following reform subheadings:

a) Removing barriers to responsible innovation

b) Reducing burdens on businesses and delivering better outcomes for people

c) Boosting trade and removing barriers to data flows

d) Delivering better public services.

e) Reform of the Information Commissioner’s Office.

f) Public Safety and National Security.

g) Health and Social Care.

h) Digital Identity.

i) Smart Data.

j) Technical Reforms.

k) Removing requirements on registrars to hold paper records of births and deaths.

The RPC issued a ‘fit for purpose’ opinion (titled the ‘Data Reform Bill’) on the IA relating to the previous Bill introduced in July 2022.

A revised Bill was introduced to Parliament on 8 March 2023. This Bill was introduced following a detailed co-design process with industry, business, privacy and consumer groups. The Bill has amendments in the following areas:

  • i i. Extending the exemptions from the regime when conducting scientific research to include research carried out as a commercial activity.
  • ii ii. Reducing and simplifying record-keeping requirements for organisations that control or process low risk data.
  • iii iii. Clarifying activities that fall under legitimate interests, by listing activities such as direct marketing or ensuring network and information security.
  • iv iv. Ensuring that businesses can continue to use their existing transfer mechanisms without a requirement for further checks.
  • v v. Clarifying the circumstances in which safeguards apply to significant decisions that are taken about individuals on the basis of profiling.

The published fit for purpose opinion assesses the IA on the revised Bill, entitled the Data Protection and Digital information (No 2) Bill.

Published 28 March 2023