New UK Data Protection Bill ‘unnecessarily complex’

The new Data Protection Bill to replace Data Protection Act 1998 has been described as ‘multi-layered and unnecessarily complex’ by data protection experts.

The Bill, which was introduced into the House of Lords yesterday, aims to implement the General Data Protection Regulation (GDPR), which will apply in the UK from 25 May 2018, whilst preserving tailored exemptions from existing Data Protection Act 1998 that have worked well.

Commenting on the Bill, the Head of Humanities at the PHG Foundation, Alison Hall said: "The Data Protection Bill published yesterday attempts to comply with the GDPR as required by current EU membership, but also to ensure that the UK is prepared for a future outside the EU by preserving existing law. Unfortunately in seeking to address these multiple aims, the result is a Bill that seems multi-layered and unnecessarily complex which will not provide the clarity that stakeholders were hoping for."

Exemptions in the new bill protect data processing by professionals in a number of fields including scientific research organisations and journalists.

In August, other key provisions of the Data Protection Bill were unveiled by the government. These included, making it simpler for people to withdraw consent for their personal data to be used, letting people ask for data to be deleted and making re-identifying people from anonymised or pseudonymised data a criminal offence.

PHG Foundation’s legal and regulatory specialists ​are currently examining the detail of the Bill and will be publishing their full comments in the PHG Foundation blog later this week.