Upcoming data protection changes
A new Bill has its second reading before the House of Lords on 19 November 2024, which also needs to be approved by the House of Commons. It’s called the Data (Use & Access) Bill.
The introduction, by the new Government, describes it as reforming data protection in the UK to reduce the burden on business while keeping a high standard of data protection.
It’s also intended to:
This article explores some of the changes to expect, if the Bill is passed in its current form.
Information Commissioners’ Office (ICO)
One key thing is the reform of the ICO Constitution. It means the way that body works will change somewhat.
The intention is to change it from a ‘corporate sole’ to a ‘statutory body corporate’. Also, the current Information Commissioner’s role will change to become the Chairman of an Information Commission panel.
Government data
In terms of the Government’s use of data, there will be new information standards such as for health and social care, with the expanded ability for patient data to be shared across different NHS Trusts, ambulance services and other parts of the NHS.
There will also be changes around the way biometric data is retained and used by law enforcement agencies under the Counter Terrorism Act 2000.
In addition, the Register of Births & Deaths framework will go digital.
Open Banking to Open Finance
The current Open Banking arrangements will expand. At the moment, there is a temporary legal scheme which will become permanent and extend across a broader range of products, to include:
Smart data schemes
Some of the rule changes will allow for the creation of smart data schemes.
That is a way to allow people to request for their data to be shared between one service provider and a third party they nominate.
This must be done securely and at the customer’s request, and is somewhat analogous to what happens now in Open Banking, where banks can provide access to account holders’ details including personal data – but only as and when the account holder consents to that sharing, and the sharing can only be with third parties nominated by the account holder.
领英推荐
Similarly, there will be an arrangement for smart meter commercial licences which will control who has access to and who can manage the data from household smart meters.
Digital verification
A regulatory system is to be set up which will essential ‘trust mark’ certain digital verification services that pass regulatory scrutiny.
Once in place, it’s likely that related laws will change. Some are already in place, but secondary legislation and rules are yet to be provided by the relevant Secretary of State.
For example, landlords and employers may be required to verify identity using only ‘trust marked’ suppliers.
This seems to be to be the first step towards regulating ID verification beyond the immigration sector.
Adjacent to, but not entirely the same, will be an arrangement for the provision of electronic signatures, timestamps and other trust services.
Underground works
There will be an Asset Register for digging works – this is supposed to be used for a proper assessment of underground works so they can be done more efficiently, such as laying gas pipes and broadband.
Existing underground assets will need to be registered and referred to when planning underground works.
Research
Researchers will have the ability to access information held by ISPs in order to undertake independent research into online harms that include a child death.
What else?
These changes might seem quite comprehensive, but there are two obvious areas that haven’t yet been tackled in this Bill:
Both these are likely to be works in progress for other legislation, as both were mentioned in the King’s Speech.
What this means to you
The law is a constantly moving thing (especially when a new party takes control). As a solicitor, it’s part of my job to stay on top of the changes and to keep you informed of anything that may affect you.
As always, if you have any questions, please give me a call on 020 3609 8764. I’ll be happy to help.