ICO Responds to UK’s Draft Data (Use and Access) Bill

Hunton Andrews Kurth’s Privacy and Cybersecurity

Email

212 309 1223 direct

Bio and Articles

Find Your Next Job !

Commercial Real Estate Transactional Attorney / Real Estate Lawyer
On Balance Search Consultants

Litigation Legal Support Specialist
Greenberg Traurig, LLP

Litigation Paralegal
Greenberg Traurig, LLP

Legal Support Specialist
Greenberg Traurig, LLP

Trusts & Estates Partner / Senior Attorney
On Balance Search Consultants

Chief Operating Officer / Business Manager
On Balance Search Consultants

Trusts & Estates Attorney / Estate Planning Lawyer
On Balance Search Consultants

Explore More Job Openings

UK ICO Publishes Response to Draft Data Bill

by: Hunton Andrews Kurth’s Privacy and Cybersecurity of Hunton Andrews Kurth - Privacy and Information Security Law Blog-Hunton Andrews Kurth

Monday, November 4, 2024

Print Mail Download info_icon_img

/>i

On October 31, 2024, the UK Information Commissioner’s Office (the “ICO”) published its response to the draft Data (Use and Access) Bill (the “Bill”). The Bill was welcomed by the ICO, which considers it a “positive package of reforms” that “maintains high standards of data protection and protects people’s rights and freedoms, whilst also providing greater regulatory certainty for organizations and promoting growth and innovation in the UK economy.” It considers the amendments proposed by the Bill to the UK data protection regime to be “pragmatic and proportionate” but notes there are several points that would “benefit from additional clarity” (as detailed in Annex 1 of the response).

Key takeaways from the response include:

As regards the “smart data” initiative, the ICO reminds businesses that when operating as a controller, they should consider privacy-by-design and ensure that they identify data protection risks from the outset of processing, allowing them to build mitigations into the programme.
As regards the changes proposed to automated decision-making, particularly the possibility of relying on legitimate interests as the lawful basis for processing, the ICO believes the proposals strike a good balance between the benefits of automation and maintaining protection for special category data.
The ICO is of the view that the set of legitimate interests defined in the Bill will provide businesses “more confidence” when seeking to rely on legitimate interests.
The ICO notes that the proposal to reduce the types of cookies that require consent should “reduce consent fatigue” for users while also allowing businesses to process information for certain purposes more easily.
The ICO welcomes the proposed increase to fines that can be imposed under the Privacy and Electronic Communications Regulations.

The ICO advises the UK government to revisit certain parts of the Bill (either due to concerns over drafting or the intended purpose of the proposal); these parts include the meaning of research and statistical purposes, purpose limitation, and human involvement in the context of automated decision-making.