UK’s Data Protection Bill on track to be adopted by 25 May

Abi Roman May 15, 2018

The Data Protection Bill is currently making its way through Parliament and when enacted, will introduce legislation that aligns the UK with the EU Data Protection Regulation (GDPR). Regardless of the final Brexit arrangement, there will be similar requirements and punitive measures for non-compliance in an attempt to ensure that the data flows between the UK and EU remain unhindered. With just ten days to go to D-day we asked Stewart Dresner, of data protection experts Privacy Laws & Business for an update.

The Data Protection Bill in now at a critical and almost final stage having gone through a Third Reading in the House of Commons on 9th May. All that is left is for the Commons and the Lords to agree on the points on which they have disagreed until now.

For example, the Government has proposed that the age of 13 is set as the age of consent to use online services. At least seven other Member States, including Spain, Ireland and Denmark, have also proposed a 13 years age limit.

Another amendment to be agreed would allow the Information Commissioner to consider “distress” when assessing the “damage suffered by data subjects” and the resulting penalty.

The Bill allows for proceedings to be brought against a director, or a person acting in a similar position, as well as the body corporate, where it has been proven that breaches of the Act have occurred with the consent, connivance or negligence of that person. Directors’ liability also extends to nuisance calls.
The Opposition wants to include a provision stating that privacy is a fundamental right. Labour argues that this provision is important for the UK’s future ‘adequacy’ application.

They also want the Bill amended to allow for collective action to be initiated by consumer groups without there being a complaint by a named individual. This type of ‘super complainant’ (such as Which? The Consumers’ Association) would help individuals by bringing representative actions and creating a stronger enforcement framework. The Government remains of the view that ‘the opt-in model is the right one and sufficient to allow not-for-profit bodies to represent individuals at the current time’. However, this amendment would allow for a review to be concluded in 2.5 years’ time and powers to implement the outcome of that review.

Stewart Dresner, Chief Executive, Privacy Laws & Business www.privacylaws.com

UPDATE 24th May 2018

UK Data Protection Act receives Royal Assent and enters into force on 25th May 2018.

« The ASA’s Annual Report ‘shows more impact’ on the marketing industry What the consumer really thinks about GDPR and data »

Cookie	Duration	Description
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
_ga	0	1 year	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat_UA-15728851-3	0	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid	0	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
bcookie	0	1 year	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
bscookie	1	1 year
csrftoken	0	11 months	This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
GPS	0	30 minutes	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
IDE	1	1 year	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
ig_did	1	1 year
ig_nrcb	0	1 year
lang	0		This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
li_sugr	0	2 months
lidc	0	1 day	This cookie is set by LinkedIn and used for routing.
lissc	0	1 year
mid	0	1 year	The cookie is set by Instagram. The cookie is used to distinguish users and to show relevant content, for better user experience and security.
test_cookie	0	11 months
u	0	2 months
UserMatchHistory	0	1 month
VISITOR_INFO1_LIVE	1	5 months	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	1		This cookies is set by Youtube and is used to track the views of embedded videos.