Data Protection and Digital Information Bill

Explanatory Notes

Overview of the Bill

1 This Bill is intended to update and simplify the UK’s data protection framework with a view to reducing burdens on organisations while maintaining high data protection standards.

2 The Bill would provide organisations with greater flexibility on how to comply with certain aspects of the data protection legislation; improving the clarity of the framework, particularly for research organisations; and providing more certainty and stability for cross-border flows of personal data. It also extends data sharing powers under section 35 of the Digital Economy Act (DEA) 2017 to include businesses, with a view to better enabling targeted government services to support business growth and to deliver joined-up public services and reduce legal barriers to data sharing.

3 The Bill also contains provisions to reform the regulator, the Information Commissioner, including its governance structure, duties, enforcement powers, reporting requirements, data protection complaints processes and its development of statutory codes of practice.

4 The Bill establishes a framework for the provision of digital verification services in the United Kingdom (UK) to secure the reliability of those services and to enable digital identities and attributes to be used with the same confidence as paper documents. The digital verification services measures make provision for a trust framework of rules concerning the provision of digital verification services and conditions to be met for supplementary rules for the provision of digital verifications, a register of organisations providing digital verification services, a list of approved supplementary rules, a trust mark for use by registered organisations and an information gateway to enable public authorities to disclose personal information to registered organisations for identity and eligibility verification purposes.

5 The provisions on information standards for health and adult social care in England make clear that information standards published under section 250 of the Health and Social Care Act 2012 in relation to the processing of information include standards relating to information technology (IT) or IT services. The provisions extend the persons to whom information standards may apply to include providers of IT, IT services or information processing services using IT used, or intended for use, in connection with the provision in, or in relation to, England of health or adult social care.

6 The provisions on Smart Data schemes allow for the secure sharing of customer data, e.g., held by a communications provider or financial services provider, upon the customer’s request, with authorised third-party providers (ATPs). ATPs, or data intermediaries, use the customer’s data to provide services for the consumer or business, such as efficient switching and personalised market comparisons, account management, for example via account aggregation, and cross-sector user-centric control of data.

7 The Bill includes provisions facilitating the flow and use of personal data for law enforcement and national security purposes to enhance the work of law enforcement and national security agencies in the interest of public security.

8 The Bill makes provision for the Secretary of State to require information from third party data sources for social security purposes. It amends the Social Security Administration Act 1992 and corresponding provisions in Northern Ireland legislation to include the 'power to require account information'. It also adds regulation-making powers which are sought in respect of this measure to section 190(1) (parliamentary control of orders and regulations) of the Social Security Administration Act 1992.

9 The Bill makes amendments to the Online Safety Act 2023 to create a requirement for Ofcom, when notified of a child death by the Coroner (or Procurator Fiscal in Scotland) where they suspect the child may have taken their own life, to issue an information notice to specific kinds of service providers requiring them to retain certain information relating to the use of the service by the deceased child for a specified period.

10 The Bill reforms the way in which births and deaths are registered in England and Wales, enabling the move from a paper-based system to registration in an electronic register.

11 The Bill includes provisions which provide a legislative framework to support the operation of the National Underground Asset Register, a new digital map that will improve both the efficiency and safety of underground work by providing secure access to location data about pipes, cables and other types of apparatus installed in streets.

 

Prepared 19th December 2023