Category: News

The new Data Protection and Digital Information (No 2) Bill (“No.2 Bill”) has been published, minus any Keeling Schedule, and minus any indication of how the new Bill has diverged from the old.  The Department for Science, Innovation & Technology (DSIT) has this information to hand; its failure to publish it performs an unnecessary public disservice. The press release accompanying the No.2 Bill says the legislation has been “Co-designed with business from the start, this new Bill ensures that a

There is an adage (disputed by Transport for London) that if one waits at a bus-stop for more than half an hour, three or four buses will then turn up, almost in a convoy.  Curiously, this adage appears to apply to the management of digital identity. There are four recent proposals recent proposals relating to ID which have overlapped. They are: the parts of the legislation in the dormant Data Protection and Digital Information (DPDI) Bill that relates to digital

Three important facts have survived the political psycho-drama of the last two months. Despite approaching austerity, the Government remains committed to the removal or modification of all EU Regulations such as the GDPR by the end of 2023. The re-appointment of Suella Braverman (Home Office) and Dominic Raab (Ministry of Justice) increases the risks to the UK’s Adequacy Agreement, courtesy of these Ministers’ desire to fundamentally alter the Human Rights Act. Michelle Donelan returns to the DCMS as data protection

It is well publicised that the Liz Truss Government wants rid of all that Euro-“red tape” by the end of 2023.  The Data Protection and Digital Information Bill (the “Bill”) does just that for the GDPR. Previous blogs have explained the Government has used its “Brexit Freedoms” to define “personal data” below DPA1984 standards, and to legitimise widespread data sharing across the public sector (e.g. to permit disclosure to HMRC when disclosure is not necessary for its functions). This blog

This blog questions how the Data Protection and Digital Information Bill (the “Bill”) impacts on the lawfulness and compatibility of any further processing by a controller, in particular, a controller that voluntarily discloses personal data to HMRC.  This worked example illustrates how this Bill further undermines the current level of protection afforded to data subjects. In summary, the Bill allows HMRC to lawfully obtain personal data for its purposes via voluntary disclosure from any controller;  such disclosures can occur even

This blog considers how the Data Protection and Digital Information Bill (the “Bill”) impacts on the lawful bases used in the context of voluntary data sharing with public bodies. It explains how the Government is building a legal infrastructure that provides Ministerial powers to legitimise voluntary and general data sharing across the public sector which does not need to consider whether data sharing is in the “public interest”. For instance, is it “in the public interest” to disclose personal data

This is the first in a series of blogs on the Data Protection and Digital Information Bill (the “Bill”) published just before the Parliamentary recess.  This blog explains: (a) how the Bill’s new definition of “personal data” works; (b) why the definition is very problematic for data subjects;  and (c) how, after nearly four decades of data protection law in the UK, the Government is promoting a definition of personal data that is demonstrably weaker than that in the DPA1984.

A fortnight ago, the Government published its UK Bill of Rights to replace the Human Rights Act 1998 (HRA). My main conclusions concerning the Bill of Rights relevant to data protection are: The Bill changes who interprets the meaning of necessity, public interest and proportionality and thereby changes the nature of the link between the UK_GDPR and A.8 of the European Convention of Human Rights (right of respect for private and family life etc). The Courts do not undertake the

According to press leaks, tomorrow’s Queen’s Speech is likely to contain two pieces of legislation that impacts on the current UK’s data protection regime.  Evidently they will form part of the Great Brexit Dividend which, surprisingly, has yet to reveal itself to the general public. According to the leaks, there is to be a Data Reform Bill, which is intended to implement the DCMS proposals, post its consultation (“Data: a new direction”). There will also be legislation intended to implement