This House of Lords Library briefing has been prepared in advance of the second reading in the House of Lords of the Data Protection Bill [HL] on 10 October 2017.Jump to full report >>
The Data Protection Bill was introduced in the House of Lords by Lord Ashton of Hyde, Parliamentary Under Secretary at the Department for Digital, Culture, Media and Sport (DCMS), on 13 September 2017, and is scheduled to receive its second reading on 10 October 2017. DCMS has published detailed Explanatory Notes to the Bill and a range of factsheets and other documentation on various aspects of the Bill. This briefing should be read in conjunction with this material.
The Bill aims to update the UK’s data protection regime, including relevant definitions used in that regime, in accordance with new rules agreed at a European level. In order to do this, it would repeal and replace the Data Protection Act 1998, which provides the basis for the UK’s existing data protection framework. The Bill is formed of seven parts—comprising 194 clauses—and 18 schedules, and provides for four main matters: data processing; law enforcement data processing; data processing for national security purposes; and regulatory oversight and enforcement.
Concerning data processing, the Government envisages that the Bill, once implemented, would supplement the EU General Data Protection Regulation due to come into force in May 2018, and continue to do so once that instrument is brought into the corpus of UK law under provisions in the European Union (Withdrawal) Bill currently before Parliament. Regarding law enforcement data processing, the Bill would implement the EU Law Enforcement Directive ahead of the deadline for transposition in May 2018. In relation to data processing for national security purposes, the Bill would transpose principles set out in an updated Council of Europe convention on the processing of personal data (known as the “modernised Convention 108”), which the Government expects to be agreed in due course. Lastly, the Bill would also update the enforcement powers available to the Information Commissioner, as the responsible regulator, and would introduce new offences relating to the processing of personal data, amongst other measures.
The Bill has been welcomed by the Labour Party, Liberal Democrats, the Information Commissioner and other stakeholders, such as the Confederation of British Industry, which represents businesses that would be affected by provisions in the Bill.
Lords Library notes LLN-2017-0065
Author: Thomas Brown
Topic: Data protection