The apparent exclusion of the UK’s Data Protection and Digital Information (DPDI) Bill from the Parliamentary ‘wash-up’ processA series of actions or steps taken in order to achieve a particular end. has been met with widespread relief among the privacy community today.
During Parliamentary dissolution, bills that haven’t received royal assent cannot be carried over to a newly elected assembly. If the DPDI BillThe proposed Data Protection and Digital Information (DPDI) Bill aims to amend and supplement the UK General Data Protection Regulation (UK GDPR), the Data Protection Act (2018) and the Privacy and Electronic Communications Regulation (PECR). is indeed excluded, it means that it cannot proceed any further and will cease to exist in its current form.
Once a new government is formed, a new version of the Bill could be reintroduced, or an entirely new data protection legislation could be proposed.
Ben Seretny, Head of DPOs and Data Protection Officer at The DPO Centre says,
‘Regardless of any particular issues with the DPDI Bill in its current form, the journey through both Houses of Parliament is an important opportunity for further scrutiny and amendments. Any changes to the UK data protection legal framework will have sizeable ramifications for the future of UK businesses, government dealings, and, most importantly, the rights of data subjects. As such, we’re pleased the Bill did not make Parliamentary wash-up. Such pivotal legislation demands the highest degree of thorough examination to uphold the integrity of data protection standards in our legal framework.’
One of the main concerns previously raised about the DPDI Bill was the potential impact on adequacy between the UK and EU, and how that would affect organisations operating across jurisdictions. Diverging data protection frameworks bring complexity and operational challenges, creating additional barriers to cross-border data transfers.
In a 2023 survey of 582 UK privacy professionals, 86% believed that we should not diverge from the EU GDPRRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation)..*
*The DP Index June 2023 survey report
Now the DPDI Bill appears to have been abandoned, the hope is that any newly proposed UK data protection framework will properly consider the expertise and views of privacy professionals. Any updates or wholesale changes to the UK GDPRThe UK General Data Protection Regulation. Before leaving the EU, the UK transposed the GDPR into UK law through the Data Protection Act 2018. This became the UK GDPR on 1st January 2021 when the UK formally exited the EU. and Data Protection Act, 2018 should balance the changing needs of businesses with the current high standards for individual data privacy rights.
For more news and insights about data protection follow The DPO Centre on LinkedIn