This article was originally published in Global Data Review on 9 September 2022.
The change in government in the UK has brought some new faces to important roles for data law and policy, but the effect on anticipated new regulations remains to be seen.
Liz Truss was sworn in as Prime Minister on Tuesday, and among her inheritances from the previous administration is the most significant overhaul of the UK’s data protection and privacy regime since the implementation of the GDPR.
The Data Protection and Digital Information Bill was pulled from its second reading in Parliament at the last minute. Michelle Donelan, previously Minister for Education, took over the helm at DCMS and the draft law’s progress through the legislature has been paused to allow her time to get to grips with the text.
Ben Greenstone, managing director at Taso Advisory, said: “It seems to me totally reasonable that … a new government with new ministers … would choose not to go ahead with the second reading of a bill that, frankly, was designed and written for all intents and purposes by a different government.”
It is still an open question just how long this process of getting to grips with the draft law will take. While Donelan will need to understand what is likely to be a largely unfamiliar brief, Julia Lopez has been reappointed as Minister of State for Media, Data, and Digital Infrastructure – the same position she held when she helped craft the bill in the first place.
“There’s a pretty reasonable assumption that the bill in roughly its current form will go ahead, because the minister in charge of that bill essentially did it in the last government too,” Greenstone said. “So it would be a surprise to me if it was totally [rewritten].”
This doesn’t mean that there couldn’t be some changes around the edges. Greenstone noted areas like automated decision-making and stronger carve-outs for small– and medium-sized businesses, where there had been early pressure from some in government for the bill to go further than it eventually did and where there could be appetite for adjustments.
Matthew Niblett, a senior policy analyst at Inline Policy, said: “The Bill was recently pulled from its second reading in Parliament at short notice, which suggests that the Prime Minister may want to make some changes, even if the general objective of providing greater clarity and flexibility to the current framework to boost data driven innovation is likely to remain the same.”
As always, the question of the EU’s adequacy decision for the UK rears its head when changes to data protection law are being contemplated. Niblett added that “there may be a risk to the EU’s data adequacy decision” if any further changes are carried through.
However, the draft bill is not law and so any effect which it or any variations may have on Brussels’ opinion of the UK’s data protection regime are still theoretical.
Michael Laughton, policy manager at Access Partnership, noted that while “the GDPR is one of the bugbears for certain sections of the Conservative Party, and it’s the thing that they passionately want to see scrapped in some form”, there is also “very strong appreciation” in government about the dangers of doing so in consideration of the EU’s reaction. “Each variation from that model raises the spectre of a breach in adequacy, which would be not conducive to the sector’s growth and I think this is fairly well understood now,” he said.
It seems likely that the Data Protection and Digital Information Bill will reappear at some point between the Conservative party conference, at the beginning of October, and the Christmas break, but it could struggle to reach the top of the agenda.
There are a number of other legislative priorities which are likely to take precedence for the government, like the energy crisis and associated cost of living issues, and the death of Queen Elizabeth II puts an effective freeze on most government processes for the next two weeks.
But one silver lining is that businesses might appreciate a little more breathing room, given the tidal wave of new regulations coming from the EU. “It’s not necessarily a bad thing if it’s slow,” Laughton said. “We’ve had the DSA from the EU, that’s a world-changing bit of regulation, and [now] having another competing framework on the doorstep going in a slightly different direction. It’s not harmful to have more time to absorb both changes.”