Data Protection and Digital Information Bill

Last updated
Data Protection and Digital Information Bill
Royal Coat of Arms of the United Kingdom (Variant 1, 2022).svg
Parliament of the United Kingdom
Long title A Bill to Make provision for the regulation of the processing of information relating to identified or identifiable living individuals; to make provision about services consisting of the use of information to ascertain and verify facts about individuals; to make provision about access to customer data and business data; to make provision about privacy and electronic communications; to make provision about services for the provision of electronic signatures, electronic seals and other trust services; to make provision about the disclosure of information to improve public service delivery; to make provision for the implementation of agreements on sharing information for law enforcement purposes; to make provision for a power to obtain information for social security purposes; to make provision about the retention of information by providers of internet services in connection with investigations into child deaths; to make provision about the keeping and maintenance of registers of births and deaths; to make provision about the recording and sharing, and keeping of a register, of information relating to apparatus in streets; to make provision about information standards for health and social care; to establish the Information Commission; to make provision about retention and oversight of biometric data; and for connected purposes.
Introduced by
History of passage through Parliament

The Data Protection and Digital Information Bill is a proposed Act of the Parliament of the United Kingdom introduced by the Secretary of State for Science, Innovation and Technology, Michelle Donelan, on 8 March 2023 in the 2022-23 Session and carried over to the 2023-24 Session.

The Bill will significantly amend the Data Protection Act 2018 and the UK GDPR.

The legislation proposes to replace EU-derived data protection laws with a new UK regime of such laws. The Bill will establish the Information Commission and transfer the Information Commissioner's functions to the commission. It also mandates the removal of cookie pop ups and bans nuisance calls with the power for increased fines. [1]

The Bill mandates the creation of a digital verification services trust framework, in consultation with the Information Commissioner. The trust framework is empowered to set rules and conditions for approval of DVS services, as well as specify commencement times and transitional provisions for these services. [2] The bill also requires the Secretary of State to keep a register of digital verification services and confers powers to award a trust mark for use by persons providing registered digital services. [3]

The Bill passed the House of Commons on 29 November 2023 and was introduced to the House of Lords by the Parliamentary Under-Secretary of State for Artificial Intelligence and Intellectual Property, Viscount Camrose, on 6 December 2023. The Bill passed Committee Stage in the Lords on 24 April 2024 and is currently at Report Stage in the Lords.

Certain parts of the Bill have been the subject of controversy, in particular including the power of the Secretary of State to force banks to monitor benefits claimants bank accounts, which the Government has said is to root out benefit fraud. [4] [5] A subsequent legal opinion indicated that the powers would breach the European Convention on Human Rights. [6]

Related Research Articles

<span class="mw-page-title-main">Mass surveillance</span> Intricate surveillance of an entire or a substantial fraction of a population

Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is often distinguished from targeted surveillance.

<span class="mw-page-title-main">Information Commissioner's Office</span> Non-departmental public body

The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Science, Innovation and Technology. It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland. When they audit an organisation they use Symbiant's audit software.

<span class="mw-page-title-main">Privacy International</span>

Privacy International (PI) is a UK-based registered charity that defends and promotes the right to privacy across the world. First formed in 1990, registered as a non-profit company in 2002 and as a charity in 2012, PI is based in London. Its current executive director, since 2012, is Dr Gus Hosein.

<span class="mw-page-title-main">Human rights in the United Kingdom</span> Overview of the observance of human rights in the United Kingdom

Human rights in the United Kingdom concern the fundamental rights in law of every person in the United Kingdom. An integral part of the UK constitution, human rights derive from common law, from statutes such as Magna Carta, the Bill of Rights 1689 and the Human Rights Act 1998, from membership of the Council of Europe, and from international law.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

Privacy law is a set of regulations that govern the collection, storage, and utilization of personal information from healthcare, governments, companies, public or private entities, or individuals.

<span class="mw-page-title-main">United Kingdom constitutional law</span> Law that constitutes the body politic of the United Kingdom

The United Kingdom constitutional law concerns the governance of the United Kingdom of Great Britain and Northern Ireland. With the oldest continuous political system on Earth, the British constitution is not contained in a single code but principles have emerged over centuries from common law statute, case law, political conventions and social consensus. In 1215, Magna Carta required the King to call "common counsel" or Parliament, hold courts in a fixed place, guarantee fair trials, guarantee free movement of people, free the church from the state, and it enshrined the rights of "common" people to use the land. After the English Civil War and the Glorious Revolution 1688, Parliament won supremacy over the monarch, the church and the courts, and the Bill of Rights 1689 recorded that the "election of members of Parliament ought to be free". The Act of Union 1707 unified England, Wales and Scotland, while Ireland was joined in 1800, but the Republic of Ireland formally separated between 1916 and 1921 through bitter armed conflict. By the Representation of the People Act 1928, almost every adult man and woman was finally entitled to vote for Parliament. The UK was a founding member of the International Labour Organization (ILO), the United Nations, the Commonwealth, the Council of Europe, and the World Trade Organization (WTO).

Big Brother Watch is a non-party British civil liberties and privacy campaigning organisation. It was launched in 2009 by founding director Alex Deane to campaign against state surveillance and threats to civil liberties. It was founded by Matthew Elliott. Since January 2018, Silkie Carlo is the Director.

<span class="mw-page-title-main">Investigatory Powers Tribunal</span> State surveillance tribunal in the United Kingdom

The Investigatory Powers Tribunal (IPT) is a first-instance tribunal and superior court of record in the United Kingdom. It is primarily an inquisitorial court.

Privacy by design is an approach to systems engineering initially developed by Ann Cavoukian and formalized in a joint report on privacy-enhancing technologies by a joint team of the Information and Privacy Commissioner of Ontario (Canada), the Dutch Data Protection Authority, and the Netherlands Organisation for Applied Scientific Research in 1995. The privacy by design framework was published in 2009 and adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010. Privacy by design calls for privacy to be taken into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., taking human values into account in a well-defined manner throughout the process.

The Draft Communications Data Bill was draft legislation proposed by then Home Secretary Theresa May in the United Kingdom which would require Internet service providers and mobile phone companies to maintain records of each user's internet browsing activity, email correspondence, voice calls, internet gaming, and mobile phone messaging services and store the records for 12 months. Retention of email and telephone contact data for this time is already required by the Data Retention Regulations 2014. The anticipated cost was £1.8 billion.

<span class="mw-page-title-main">Mass surveillance in the United Kingdom</span> Overview of mass surveillance in the United Kingdom

The use of electronic surveillance by the United Kingdom grew from the development of signal intelligence and pioneering code breaking during World War II. In the post-war period, the Government Communications Headquarters (GCHQ) was formed and participated in programmes such as the Five Eyes collaboration of English-speaking nations. This focused on intercepting electronic communications, with substantial increases in surveillance capabilities over time. A series of media reports in 2013 revealed bulk collection and surveillance capabilities, including collection and sharing collaborations between GCHQ and the United States' National Security Agency. These were commonly described by the media and civil liberties groups as mass surveillance. Similar capabilities exist in other countries, including western European countries.

<span class="mw-page-title-main">Data Retention and Investigatory Powers Act 2014</span> United Kingdom legislation

The Data Retention and Investigatory Powers Act 2014 was an Act of the Parliament of the United Kingdom, repealed in 2016. It received Royal Assent on 17 July 2014, after being introduced on 14 July 2014. The purpose of the legislation was to allow security services to continue to have access to phone and internet records of individuals following a previous repeal of these rights by the Court of Justice of the European Union. The act was criticised by some Members of Parliament for the speed at which the act was passed through parliament, by some groups as being an infringement of privacy.

<span class="mw-page-title-main">Investigatory Powers Act 2016</span> United Kingdom legislation

The Investigatory Powers Act 2016 is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016. Its different parts came into force on various dates from 30 December 2016. The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police. It also claims to improve the safeguards on the exercise of those powers.

A Privacy Impact Assessment (PIA) is a process which assists organizations in identifying and managing the privacy risks arising from new projects, initiatives, systems, processes, strategies, policies, business relationships etc. It benefits various stakeholders, including the organization itself and the customers, in many ways. In the United States and Europe, policies have been issued to mandate and standardize privacy impact assessments.

<span class="mw-page-title-main">Digital Economy Act 2017</span> United Kingdom law

The Digital Economy Act 2017 is an Act of the Parliament of the United Kingdom. It is substantially different from, and shorter than, the Digital Economy Act 2010, whose provisions largely ended up not being passed into law. The act addresses policy issues related to electronic communications infrastructure and services, and updates the conditions for and sentencing of criminal copyright infringement. It was introduced to Parliament by culture secretary John Whittingdale on 5 July 2016. Whittingdale was replaced as culture secretary by Karen Bradley on 14 July 2016. The act received Royal Assent on 27 April 2017.

<span class="mw-page-title-main">Data Protection Act 2018</span> United Kingdom legislation

The Data Protection Act 2018 is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

<span class="mw-page-title-main">Online Safety Act 2023</span> United Kingdom legislation

The Online Safety Act 2023 is an act of the Parliament of the United Kingdom to regulate online speech and media. It passed on 26 October 2023 and gives the relevant Secretary of State the power, subject to parliamentary approval, to designate and suppress or record a wide range of speech and media deemed "harmful".

The Digital Personal Data Protection Act, 2023 is an act of the Parliament of India to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto. This is the first Act of the Parliament of India where "she/her" pronouns were used unlike the usual "he/him" pronouns.

<span class="mw-page-title-main">Telecommunications Act, 2023</span> Act of the Parliament of India

The Telecommunications Act, 2023 is an act of the Parliament of India to replace the Indian Telegraph Act, 1885
It aims to consolidate laws relating to development, expansion and operation of telecommunication services and networks.

References

  1. "New data laws debated in Parliament". GOV.UK. Retrieved 2023-11-13.
  2. "Understanding the Data Protection and Digital Information Bill". Yoti. Retrieved 18 April 2024.
  3. "Data Protection and Digital Information (No. 2) Bill: European Convention on Human Rights Memorandum". GOV.UK. Retrieved 2023-11-13.
  4. "Data Protection Bill Proposes "Wholly Unnecessary" Surveillance Measures That Are A "Disproportionate Violation" Of Benefit Claimants Privacy | Disability Rights UK". www.disabilityrightsuk.org. Retrieved 2024-01-23.
  5. "Information Commissioner questions DWP plan to monitor bank accounts of benefit claimants | Computer Weekly". ComputerWeekly.com. Retrieved 2024-02-07.
  6. "Legal opinion on proposed financial surveillance powers in Data Protection and Digital Information Bill". Matrix Chambers. 2024-04-17. Retrieved 2024-04-20.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.