Dutch lawmaker Paul Tang has asked the European Commission for their views on the UK’s Data Protection and Digital Information Bill, with the UK’s adequacy up for scrutiny in 2025.
The European Commission has been asked to review the UK’s Data Protection and Digital Information Bill (DPDI) by a senior member of the European Parliament.
According to Tang, who sits with the centre-left grouping of MEPs, warned that the new legislation “risks violating the Trade and Cooperation Agreement and the rights of EU and UK citizens”.
“Not only would it eliminate the Biometrics and Surveillance Camera Commissioner, but it would also allow UK law enforcement to retain certain biometric data indefinitely,” he said.
Moreover, Tang has cautioned that the DPDI would “undermine safeguards set by the European Court of Human Rights (ECHR), potentially jeopardising law enforcement cooperation frameworks”.
Against this background, Tang has asked the European Commission whether it has assessed the impact of the DPDI provisions on the protection of EU citizens’ biometric data under the General Data Protection Regulation (GDPR).
Tang has also asked whether the commission intends “to revoke the adequacy decision granting the free flow of data between the EU and the UK once this bill is adopted”.
The UK exception
The UK’s adequacy agreement was rare, in that the EU imposed a sunset clause.
This is likely because the UK at the time looked set to diverge from the EU in the GDPR, with then Prime Minister Boris Johnson suggesting so in 2020.
Rishi Sunak, the UK’s current Prime Minister, is also critical of the law, having said he wants to “remove the burdens of GDPR, creating in its place the most dynamic data protection regime in the world”.
Further, his government minister, Michelle Donelan, who is responsible for the data regime, referred to it as a “minefield”.
However, the DPDI does not seem to stray that far from the EU’s regime.
When previously reported on by Vixio, experts suggested that the DPDI is unlikely to compromise equivalence.
The yet-to-be-passed legislative file has also garnered enthusiasm among fintech players in the UK, due to its focus on smart data.
Whereas the best existing example of this is open banking, the new bill would lay the groundwork for the government to introduce smart data schemes in markets such as energy, utilities and telecommunications.
In addition, the DPDI law would pave the way for a cross-sectoral and re-usable form of digital identity.
Once the law passes, this should bring about equivalence between digital and paper forms of identity, access to government data attributes for certified identity providers and the certification regime itself, which would bring the UK up to speed with plans in the EU for a form of digital identity.
The bill is also anticipated to shore up open banking requirements in the UK, thanks to a clause added by HM Treasury (HMT).
The new clause allows HM Treasury, by regulations, to grant powers to the Financial Conduct Authority (FCA), and this would mean the authority can impose requirements, using rules or otherwise, on “interface bodies used by the financial services sector and on persons participating in, or using facilities and services provided by, such bodies”.
It also determines that the HMT can make provisions enabling or requiring the FCA to make financial services providers use a prescribed interface, prescribed interface standards or interface arrangements, when providing or receiving customer data or business data that is required to be provided by or to the financial services provider by data regulations.