In response to the House of Commons Public Bill Committee on the Data (Use and Access) Bill’s Call for Evidence on the Bill, Handley Gill’s expert data protection consultants submitted written evidence, which has been accepted and published by the Committee as DUAB20.

In summary, we asserted that:

• The Data (Use and Access) Bill adds further complexity to, rather than simplifying, the UK’s data protection framework and fails to significantly reduce the burden imposed on the majority of data controllers;

• The Data (Use and Access) Bill is half-baked, granting the Secretary of State widespread powers to make significant changes to the scope and effect of the legislation which will not be subject to appropriate input and scrutiny;

• Delay and inaction in enforcement of the data protection legislation, and the difficulties in pursuing collective action through the courts, have resulted in the regrettable situation that compliance does not pay, having an adverse effect on competition and hindering UK growth;

• We do not consider that there is a high risk of the European Commission refusing to renew its adequacy decision in respect of the UK, notwithstanding the departures from the GDPR and EU approach to the regulation of artificial intelligence (AI);

• The Data (Use and Access) Bill will materially diminish the level of protection afforded to data subjects in respect of overseas transfers of personal data;

• The failure of the Information Commissioner to have any or proper regard not only to its obligation to ensure appropriate protection for data protection but to uphold other human rights, in particular the right to freedom of expression and information, poses significant concerns in connection with the proposed powers of interview and the panel process to be implemented in respect of codes of practice;

• The processing of personal data utilising artificial intelligence (AI) will be significantly increased without appropriate safeguards or clarity as to the requirements of the law, and has the potential to particularly have an adverse impact on women;

• Efforts to utilise the Data (Use and Access) Bill to amend the Computer Misuse Act 1990 should be resisted; and,

• Other measures could be implemented to improve the UK’s approach, including: to permit the police to prosecute data protection offences; to impose a backstop timeframe for data controllers to respond to data subject complaints; to require all data controllers to monitor and record infringements; and, to implement effective consideration of the rights of data subjects in connection with processing likely to pose a high risk, to their rights and freedoms.

If you want to understand the practical impact of the Data (Use & Access) Bill, download our comprehensive briefing on the Data (Use and Access) Bill and copies of the unofficial Keeling Schedules showing the changes that the Bill will make to the Data Protection Act 2018, the UK GDPR and the privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) via our Data Protection Reform page in our Resources section.

Find out more about our data protection and data privacy services.