Privacy – Government action
UK Government actions
- In September 2020, the UK Government launched a consultation on a new National Data Strategy.
- In July 2020, the UK Government announced reforms to the criminal records disclosure rules, removing the requirement for automatic disclosure of youth cautions, reprimands and warnings and removing the ‘multiple conviction’ rule. This followed a 2019 Supreme Court judgment, which found the disclosure rules to be disproportionate and in breach of privacy rights.
- In July 2020, the National Police Chief’s Council (NPCC) and Crown Prosecution Service announced an end to the use of current digital data extraction forms, used to obtain permission from complainants and witnesses to search for relevant information on their digital devices. In September 2020, the NPCC introduced new interim guidance reflecting recent recommendations from the Information Commissioner’s Office and the Court of Appeal.
- In 2019, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 were introduced, with the aim of making sure that the legal framework for data protection within the UK continues to function correctly after the UK’s exit from the EU.
- In October 2018, the Data Retention and Acquisition Regulations 2018 amended the Investigatory Powers Act 2016 to make sure that the UK’s communications data retention regime follows EU law.
- In May 2018, the General Data Protection Regulation came into force across the EU and the European Economic Area, and was implemented in the UK by the Data Protection Act 2018. These instruments improve privacy rights by regulating how information about individuals is handled, stored, used and shared.
- The Network and Information Systems Regulations 2018 also came into force in May 2018, and introduced a legal framework to make sure that providers of services operating in areas of critical national infrastructure put in place measures to improve the security of their network and information systems.
- As part of its work towards a Digital Charter, the UK Government consulted on an Internet Safety Strategy green paper in October 2017 that covered aspects of online safety including data protection – although its 2019 Online Harms White Paper explicitly excluded consideration of harms arising from data protection breaches.
- In 2018, the UK Government established the Centre for Data Ethics and Innovation to provide independent, expert advice on the ethical use of artificial intelligence and data-driven technology.
- The Investigatory Powers Act 2016 led to the setting up, in September 2017, of the Investigatory Powers Commissioner’s Office, which replaced and consolidated three previous organisations. A ‘double lock’ system, introduced in November 2018, means that warrants for the interception of communications under the Investigatory Powers Act must be authorised by both the Secretary of State and a Judicial Commissioner.
- In November 2016, the Investigatory Powers Act introduced significant changes to the legal and regulatory framework governing the collection, retention, and use of personal data by the state for law enforcement purposes, including by the security services, police and other agencies – it replaced parts of the Regulation of Investigatory Powers Act 2000.
Read our assessment of the UK Government’s progress on privacy.
The assessment was made based on the evidence available up to 15/09/2020