The United Kingdom has now adopted new data privacy legislation which modifies the European data protection law. It is called the Data Use and Access Bill and it officially gained royal assent Thursday. This bill finally passed after multiple years of consideration in Parliament under several slightly different guises. The government says this new data regime will pump ten billion pounds into the British economy soon. This law also aims to speed up roadworks and to turbocharge important innovation in technology and science.
The Labour government of Prime Minister Keir Starmer introduced this specific data bill back in the year 2024. This followed previous attempts by conservative governments to enact very similar bills that would modify the GDPR. A new processing standard for “recognized legitimate interest” for national security and crime has been carefully created. This change removes the need for organizations to run an assessment test for determining their processing lawfulness. The legislation also relaxes the existing rules regarding the use of artificial intelligence in automated decision-making processes. Fines for direct marketing have increased from £500,000 to £17.5 million or 4% of global revenue.
This new law amends the official duties of the Information Commissioner’s Office, the country’s data regulatory body.
It will require business customers to first raise privacy concerns with a company before escalating any complaints. The regulation also officially renames the Information Commissioner’s Office to the new title of Information Commission. Information Commissioner John Edwards had stated in January the bill would help to boost significant business innovation. Edwards also addressed concerns by saying the regulator will continue to operate as a truly independent government agency.
With this regulation, the government tried walking a thin line between change and maintaining crucial EU adequacy.
An adequacy finding from the EU allows data to flow without requiring separate complex contractual processes for data. Great Britain is one of only fifteen countries whose commercial data processors can currently handle European data. The EU’s original adequacy decision from June 2021 was only made valid for a short four-year period. The European Commission in March proposed a six-month extension of the United Kingdom’s current adequacy status. How Europe receives the new Data Use and Access Bill, however, truly remains to be seen by all. An expert noted adding even cosmetic changes adds cost and complexity for many different businesses operating in Europe.
Reference:
