Data Protection and Digital Information Bill

Data Protection and Digital Information Bill
	Parliament of the United Kingdom
Long title	A Bill to Make provision for the regulation of the processing of information relating to identified or identifiable living individuals; to make provision about services consisting of the use of information to ascertain and verify facts about individuals; to make provision about access to customer data and business data; to make provision about privacy and electronic communications; to make provision about services for the provision of electronic signatures, electronic seals and other trust services; to make provision about the disclosure of information to improve public service delivery; to make provision for the implementation of agreements on sharing information for law enforcement purposes; to make provision for a power to obtain information for social security purposes; to make provision about the retention of information by providers of internet services in connection with investigations into child deaths; to make provision about the keeping and maintenance of registers of births and deaths; to make provision about the recording and sharing, and keeping of a register, of information relating to apparatus in streets; to make provision about information standards for health and social care; to establish the Information Commission; to make provision about retention and oversight of biometric data; and for connected purposes.
Introduced by	Michelle Donelan, Secretary of State for Science, Innovation and Technology; The Viscount Camrose, Parliamentary Under-Secretary of State for Artificial Intelligence and Intellectual Property;
Status: Not passed
History of passage through Parliament

The Data Protection and Digital Information Bill was a proposed act of the Parliament of the United Kingdom introduced by the Secretary of State for Science, Innovation and Technology, Michelle Donelan, on 8 March 2023 in the 2022–23 Session and carried over to the 2023–24 Session.

The bill would have significantly amended the Data Protection Act 2018 and the UK GDPR.

The legislation proposed to replace EU-derived data protection laws with a new UK regime of such laws. The bill would have established an Information Commission and transferred the Information Commissioner's functions to the commission. It also mandated the removal of cookie pop ups and banned nuisance calls with the power for increased fines.^[1]

The bill mandated the creation of a digital verification services trust framework, in consultation with the Information Commissioner. The trust framework would have been empowered to set rules and conditions for approval of DVS services, as well as specify commencement times and transitional provisions for these services.^[2] The bill also required the Secretary of State to keep a register of digital verification services and conferred powers to award a trust mark for use by persons providing registered digital services.^[3]

The bill passed the House of Commons on 29 November 2023 and was introduced to the House of Lords by the Parliamentary Under-Secretary of State for Artificial Intelligence and Intellectual Property, Viscount Camrose, on 6 December 2023. The bill passed Committee Stage in the Lords on 24 April 2024 and was at report stage in the Lords when parliament was prorogued on 24 May 2024 for dissolution before the 2024 United Kingdom general election. The bill was not completed during the wash-up period and so it failed to become legislation.^[4]

Certain parts of the bill were the subject of controversy, in particular the power of the Secretary of State to force banks to monitor benefits claimants bank accounts, which the government said was to root out benefit fraud.^[5]^[6] A subsequent legal opinion indicated that the powers would breach the European Convention on Human Rights.^[7] The controversial elements of the bill were amendments added by the Department for Work and Pensions at a very late stage with limited industry consultation.^[4]