The forthcoming Data Protection Bill

Notwithstanding the announcement in the Queen’s Speech on 21 June 2017 that the Government intended to reform the UK’s data protection laws, over the last couple of days considerable publicity has been given to the announcement on 7 August by Digital Minister Matt Hancock that:

  • the public are to have greater control over personal data including the right to be forgotten,
  • a new right will be created to require social media platforms to delete information on children and adults when asked, meaning that people can ask social media channels to delete information they posted in their childhood,
  • the reliance on default opt-out or pre-selected ‘tick boxes’ to give consent for organisations to collect personal data will become a thing of the past and
  • the Information Commissioner’s Office (ICO) will be given more power to defend consumer interests and issue higher fines, of up to £17 million or 4 per cent of global turnover, in cases of the most serious data breaches.

In a statement of intent (that can be downloaded below) the Government has committed to updating and strengthening data protection laws through a new Data Protection Bill, intended to provide everyone with confidence that their data will be managed securely and safely.

Once approved by Parliament, that Bill will be enacted as a new Data Protection Act replacing the Data Protection Act 1998. However, it will not override the General Data Protection Regulation (“GDPR”) that will come into force on 25 May 2018. Instead, it will clarify how statutory controls will be applied to those aspects of the GDPR where EU Member States have been given some flexibility by way of permitted derogations. When UK finally leaves the EU, the new Data Protection Act will replace the GDPR.

We have written previously about the consequences of GDPR for gambling operators; see for example David Clifton’s article for iGaming Business, “The EU General Data Protection Regulation”. The ICO has today published what she says will be the first in a series of blogs (also downloadable below) entitled “GDPR – sorting the fact from the fiction” which seeks to correct “fake news” about the GDPR. We will be keeping you informed of developments in this field of law in the coming months.

Update: the first reading of the Data Protection Bill took place on 13 September 2017. The progress of the bill can be tracked here