Public Services > Central Government

Government to publish new Data Protection Bill today

David Bicknell Published 14 September 2017

Government promises data laws “fit for digital age” arguing that processing done for legitimate interests will be allowed if it achieves a balance with individuals’ rights


The government will today start the parliamentary process to update data protection laws when it publishes its Data Protection Bill for the first time.

In promising to make data protection laws “fit for the digital age”, and in so doing apply the European Union’s General Data Protection Regulation (GDPR) which comes into force next May, the government has said it will provide “vital protections and flexibilities” for the UK’s research, financial services, journalism and legal services in an era in which an ever increasing amount of data is being processed. It promised to “empower people to take control of their data.”

The government argued that with individual data rights being strengthened, existing lawful data processing should be allowed to continue, as far as possible.

It plans to preserve existing exemptions in the ‘old’ Data Protection Act of 1998, carrying them over to the new law.

It said it had “successfully negotiated” these exemptions from the EU’s forthcoming GDPR legislation to create a proportionate data protection regime “which is right for Britain.”

Digital minister Matt Hancock said, “We are strengthening Britain’s data rules to make them fit for the digital age in which we live and that means giving people more control over their own data.

“There are circumstances where the processing of data is vital for our economy, our democracy and to protect us against illegality. Today, as we publish the Data Protection Bill, I am offering assurances to both the public and private sector that we are protecting this important work.”

The government said the Bill will include exemptions for data processing in a number of areas:

  • The processing of personal data by journalists for freedom of expression and to expose wrongdoing is to be safeguarded
  • Scientific and historical research organisations such as museums and universities will be exempt from certain obligations which would impair their core functions
  • National bodies responsible for the fight against doping in sport will continue to be able to process data to catch drug cheats
  • In the financial services sector, the pricing of risk or data processing done on suspicion of terrorist financing or money laundering will be protected
  • Where it is justified, the Bill will allow the processing of sensitive and criminal conviction data without consent, including to allow employers to fulfil obligations of employment law

The government has previously said it is committed to updating and strengthening data protection laws through the bill to provide the public with greater confidence that their data will be managed securely and safely. It said research has shown that more than 80% of people feel that they do not have complete control over their data online.

Under the new data protection plans individuals will have more control over their data by having the right to be forgotten and be able to ask for their personal data to be erased. It means people will be able to ask social media channels to delete information they posted in their childhood. The government said the reliance on “default opt-out or pre-selected tick boxes”, which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past.

Businesses will be supported to ensure they are able to manage and secure data properly. The data protection regulator, the Information Commissioner’s Office (ICO), will be given more power to defend consumer interests and issue higher fines, of up to £17m or 4% of global turnover, in cases of the most serious data breaches.

The government said protection rules will also be made clearer for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights. Those organisations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risks involved.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.