Open Rights Group analysis of the UK Data Protection and Digital Information Bill, as it was presented on 18 July 2022
0. Executive summary
During the Conservative Party Conference 2022, the new UK Secretary of State for Digital announced plans to replace the GDPR with “a truly bespoke, British system of data protection“.1 This means that the UK Data Protection and Digital Information Bill (DPDIB), which this document summarises, will likely become superseded by a new proposal.
Yet, there is a common thread that binds the National Data Strategy (2020),2 the TIGRR report3 and the Data: a new direction consultation (2021)4 or the DPDIB (2022): in each case, the Government have been quite outspoken in their intention to reform data protection to “simplify overcautious rules”, “free up the use of data”, reduce administrative burdens, and make the United Kingdom a “bridge across the Atlantic and operate as the world’s data hub”. Then, the DPDIB becomes the latest reiteration of this protracted effort and provides a useful overview of trends and issues that will likely re-emerge in the next proposal.
Having this in mind, we compare the DPDIB against the existing UK data protection framework, and in particular:
In section 1 (Main findings and recommendations) we take stock of the findings in this report, and we recommend the Government not to present another Bill but to shelve their plans to reform data protection instead.In Section 2 (Lawfulness and purpose limitation) we explain how the Bill would empower