DP News – Week 11. The UK Government introduces the updated Data Protection and Digital Information (DPDI) Bill to Parliament, the ICO explains the Privacy-by-design concept.
On 08 March, the UK Government published the second version of the DPDI Bill which is aimed at modernisation of the currently-in-force UK GDPR. The first one dates back to July 2022 and will not be takes for further consideration.
The updated bill is divided into 6 parts:
– Data Protection (includes definitions, principles, data subjects rights, etc.)
– Digital verification services
– Customer data and business data
– Other provisions about digital information (includes privacy and electronic communications, trust services, sharing of information, etc.)
– Regulation and oversight
– Final provisions (Regulations, interpretation, financial provision, transitional provision, etc)
One of the Bill’s directly declared objectives is to maintain the UK’s status of data protection adequacy with the EU. The fundamental principles of the current UK GDPR, list of available data subject rights, as well as substantial controller and processor obligations remained unchanged. At the same time, there are some newly added provisions, e.g.:
– there is a non-exhaustive list of controller’s activities that might be relied on legitimate interest – direct marketing, intra-group transmission of personal data where necessary for internal administrative purpose, network and information systems security;
– records of processing activities are only required for organisations that carry out processing activities likely to result in “high risk to the rights and freedoms of data subjects”, taking into account the nature, scope, context and purposes of the processing;
– providers that offer electronic communication services to the public are required to inform the ICO (Information Commissioner’s Office) if they suspect any unlawful direct marketing activities. If they fail to comply with this obligation, they may face penalties. Additionally, the ICO is responsible for publishing guidelines that outline what is considered reasonable suspicion.
As a next step, the UK Parliament will consider the second reiteration of the Bill. The date of the second reading has not been declared yet.
The ICO has published a plain language guide “Privacy in the product design lifecycle”. The guide is mostly designed for technology professionals, so that they “understand how to incorporate data protection by default and design in […] development of a technology product or service”. The guide helps them “understand how to navigate and apply […] more detailed guidance throughout the product design lifecycle”.
Comments are closed.