It is designed to unlock organisations’ ability to use data more “dynamically,” with the government arguing that the EU’s GDPR is holding back innovative use of data in the digital age.
The bill argued that there is currently an over-reliance on ‘box-ticking’ across organisations to obtain consent from individuals to process their personal data to avoid non-compliance. Instead, the government wants to move to a risk-based approach, so that the data protection roles will differ depending on the relative risk.
Organisations will still be required to have a data privacy program, but they will have more flexibility to determine how they meet data protection standards now.
The new Bill also sets out plans, building on the existing Privacy and Electronic Communication Regulations (PECR), to increase fines for nuisance texts and calls. The maximum fine for companies contacting people for marketing purposes without consent will rise from £500,000 to £17.5m or 4% of global turnover, whichever is higher.
The law aims to reduce the number of ‘user consent’ pop-ups and banners that internet users are forced to click on while visiting websites. Organisations will be able to reduce the number of boxes they use and it will be easier for internet users to set an overall approach to choose how their data is collected online. Currently, users have to opt-in to cookie collection every time they visit a new site, which collects data about their activity.
The government added that it would work with the industry and regulator to ensure the technology required to allow people to set their online cookie preferences to opt-out via automated means is readily available before the changes are introduced.
Other areas included in the Bill see plans to modernise the UK Information Commissioner’s Office (ICO), improve data transfers between the UK and “like-minded countries,” and simplify legal requirements around obtaining user consent for scientific research.
Digital Secretary Nadine Dorries said: “Today is an important step in cementing post-Brexit Britain’s position as a science and tech superpower. Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection.”
“Outside of the EU, we can ensure people can control their personal data while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation.”
“I share and support the ambition of these reforms,” added John Edwards, the UK Information Commissioner.
“I am pleased to see the government has taken our concerns about independence on board. Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society. The proposed changes will ensure my office can continue to operate as a trusted, fair and impartial regulator and enable us to be more flexible and target our action in response to the greatest harms.
“We look forward to continuing to work constructively with the government as the proposals are progressed and will continue to monitor how these reforms are expressed in the Bill.”