The Queen’s Speech: New data protection regime 

On 10 May 2022, Prince Charles confirmed, as set out in the Queen’s Speech, that there would be a new data protection regime in the UK, with some measures extending and applying to England and Wales only. 

Purpose and aims 

The purpose of the Data Reform Bill (the Bill) is to “create a new pro-growth and trusted UK data protection framework that reduces burdens on businesses, boosts the economy, helps scientists to innovate and improves the lives of people in the UK”. The Bill aims to reform regulations in order to increase the efficiency of data sharing between public bodies to provide an effective service for citizens. 

Notably, the Bill will also seek to modernise the Information Commissioner’s Office, the UK’s independent data protection regulator, by ensuring that it has the capabilities and powers to take stronger action against organisations who breach data rules while requiring it to be more accountable to Parliament and the public. 

Another area that will be reformed are Smart Data Schemes, in which increased industry participation will give citizens and small businesses more control of their data. It was confirmed that data must be protected to a ‘gold standard’, while also enabling efficient sharing to improve public service delivery. The Bill will also help those who need health care treatments, by helping improve appropriate access to data in health and social care contexts. 

The Government cited that the UK’s data market represented 4% of GDP in 2020 with data-enabled trade making up the largest part of international services trade at £234bn in 2019. Currently, the UK’s data protection laws draw from the EU’s General Data Protection Regulation (GDPR). However, the Bill has been seized as an opportunity to reform UK data protection legislation since Brexit. In particular, it is hoped that framework does not encourage unnecessary paperwork or place excessive burdens on businesses as the current law does.  

Main elements 

These are: 

• Ensuring that UK citizens’ personal data is protected to a gold standard while enabling public bodies to share data to improve the delivery of services. 
• Using data and reforming regulations to improve the everyday lives of people in the UK, for example, by enabling data to be shared more efficiently between public bodies, so that delivery of services can be improved for people. 
• Designing a more flexible, outcomes-focused approach to data protection that helps create a culture of data protection, rather than ‘tick box’ exercises. 

Modernising the ICO 

Last year, the Government had run a consultation which included proposals for the ICO to work within strategic priorities set by the Department for Digital, Culture, Media and Sport under a new governance model entailing an independent board and chief executive officer.  

At this stage, we have received little information on this aspect, however the Government has said that the Bill would give the ICO the powers and capabilities to take stronger action against those breaching data protection laws. The ICO would also be more accountable to parliament and the public. 

Things to look out for 

• Since Brexit, the UK implemented the UK GDPR and Data Protection Act 2018, and has recently adopted a new International Data Transfer Agreement (IDTA). It is currently unknown if the reforms will conflict with these current data protection regimes but the Government will need to ensure that these reforms do not risk disrupting data flows between the UK and the EU.  
• The further upheaval in data protection laws and the greater accountability powers of the ICO are likely to be a concern for many organisations, however, it is anticipated that the reforms will enable a more flexible and outcomes focused data protection regime in the future. 
• It is expected that the Data Reform Bill will be published in full later this summer, and will take into account responses to the Government’s public consultation on reforms to the UK’s data protection regime, so we look forward to reviewing these and provide further commentary then. 

Please contact our data protection team for further information and support.