New legislation on data sharing and cyber Security

Having failed to make the previous Conservative government’s legislative “wash up” prior to the election, the new Labour government has introduced two replacement Bills which take a slightly different approach.

Digital Information and Smart Data Bill (DISDB)

It is difficult at this stage to determine the full scope of this Bill but it appears that it will take a different approach to what was proposed by the previous government’s Data Protection and Digital Information Bill (DPDIB) - with the focus on the sharing of data to facilitate growth in a secure way.

The new government’s stated aim is to harness the power of data for economic growth, to support a modern digital government and to improve people’s lives.

Some of the proposals in the new Bill are similar to those in the DPDIB including:

• the establishment of a Digital Verification Services to assist individuals with moving house, pre-employment checks and buying age-related products by supporting the creation of secure and trusted digital identity products and services
• Smart Data schemes to provide for the secure sharing of customer data with authorised third-party providers
• moving to an electronic system for the registration of births and deaths.
• plans to strengthen the Information Commissioner’s Office

The new Bill also includes proposals such as:

• developing a National Underground Asset register using a digital map that will revolutionise the installation, maintenance, operation and repair of cables and pipes which will give planners and excavators secure, instant access to the data they need to carry out their work effectively
• establishing a Data Preservation Process that will provide access to data which is necessary for the investigation into the death of a child
• the ability for scientists to ask for broader consent for the use of data for scientific research

There has been no mention of individual rights, so there is unlikely to be any change to the data subject rights set out in the UK GDPR. All of the above proposals are for the benefit of businesses.

The Cyber Security and Resilience Bill (CSRB)

This Bill is part of the government’s pledge to enhance and strengthen the UK’s cybersecurity measures and protect the digital economy.

The existing UK regulations reflect law inherited from the EU, which is implementing reforms to the Network and Information Systems Directive 2018 to create a more robust framework, known as NIS2, which will be in effect in the EU from 17th October 2024. The previous government had indicated that NIS2 would not be replicated in the UK and had proposed more limited changes to the existing regulations.

The new government says the cyber security regulations need an “urgent update”, and it is likely that the CSRB will be similar to the proposed EU legislation.