2022 Queen’s speech includes plans to reform UK data protection laws

Photo of Big Ben, House of Parliament and Portcullis House

Share This Post

You may recall towards the end of 2021 that the UK government announced that it was looking to “overhaul” the UK’s data protection regime and introduced a consultation which looked at specific GDPR and PECR controls. On the 10th May 2022, Prince Charles delivered the Queen’s speech at the State opening of Parliament (for a new term) in which the government’s plans and legislation are listed for the forthcoming parliamentary session. Within the speech is a mention of the plan to overhaul UK data protection laws.

Although to be honest, that was pretty much all that Prince Charles said, so we still need to wait for the detail, some of which might come out during parliamentary discussions, but generally we will need to look out for the publication of what is being called the Data Reform Bill, which will have the detail.

It’s still some time off in terms of expected implementation, and there is always a possibility (although I suspect a remote possibility) it won’t be implemented, as not all Bills announced in the Queen’s speech go ahead to become legislation (particularly if there is a a lot of opposition to them).

Here’s a list, based on the consultation, of what the Data Reform Bill might contain:

  • The removal of some of the accountability obligations, replacing them with a more “flexible and risk-based” approach
  • Some changes to the process for dealing with subject access requests including the re-introduction of a fee regime
  • An alternative approach to the use of cookies that either does not require consent for analytical cookies or allows the use of cookies for limited purposes without consent. Furthermore, to help cookie banner fatigue, empower users to use software or browser settings to pre-set their cookie preferences
  • Extension of the “soft opt-in” rules in PECR to non-business organisations
  • More powers to the ICO for enforcing phone marketing rules (to tackle nuisance calls)
  • PECR fines to be increased inline with GDPR fines
  • More countries to be added to the UK list of adequacy regulations (i.e. more countries deemed to have adequate data protection and presumably more than approved by the EU) based on risk-based assessments and may be made against regions or groups of countries that share the same data protection values.
  • Where adequacy is not appropriate, the government plans to review alternative transfer mechanisms and possibly empower businesses to identify or create their own (not sure how this might factor in with the ICO’s new IDTA)
  • Reform of the ICO including introducing statutory objectives and duties of the ICO, with the Secretary of State being able to set ICO priorities (as they do with other regulators like Ofcom, Ofgem, etc.)
  • Possible reforms of the way complaints are handled, with an expectation that a complaint   should not be raised with the ICO until it’s been raised with the controller and that there should be a requirement on controllers to have a transparent complaints handling process
  • Changes to any perceived barriers to allow “responsible innovation” for research purposes
  • An update on the use of personal data for political campaigning

The BBC have been covering the Queen’s speech including providing a recording of Prince Charles delivering the speech: https://www.bbc.co.uk/news/av/uk-politics-61394791 although as I say there is only a brief mention of data protection reform (at approx. 4mins 26secs).

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy