The United Kingdom government is looking to implement its own digital privacy legislation, and Onfido is seeking to clarify what it’s all about with a new explainer.
Writing on the company’s website, Onfido Global Director of Public Policy Matt Peake notes that the “Data Protection and Digital Information Bill”, unveiled July 18, is essentially the UK’s response to the European Union’s GDPR regulation, which is itself designed to protect individuals’ privacy online and ensure that their data is kept secure.
While the British government is depicting its new piece of legislation as a “Brexit Dividend” bill that allows the UK to make its own decisions about how to protect citizens’ data online, the legislation has been developed in consultation with the European Commission to ensure that it has ‘adequacy status’, meaning that the EU will see it as “essentially equivalent” to its own data protection rules. That will ensure that businesses can seamlessly operate across both regions with respect to processing individuals’ data.
As for what the bill actually does, it has a number of provisions that will be of interest to tech companies, Peake notes. For example, it will provide a list of areas of “legitimate interest” in which data processors and controllers won’t need to worry about risk considerations, and it will clarify what kinds of automated decision-making can be performed with artificial intelligence.
Importantly, the bill is also designed to establish the statutory foundation for digital identity verification services, with Peake observing that it is “likely this will build on the ‘UK digital identity and attributes trust framework’ published in June 2022”. Onfido has itself participated in the UK’s digital identity experimentation, notably in an FCA regulatory sandbox pilot conducted in partnership with Evernym and Deloitte in 2020.
Finally, the bill will designate new objectives for the Information Commissioner’s Office – which it will rename the ‘Information Commission’ – that will be aligned with innovation and competition. For its part, the ICO recently issued a three-year plan, dubbed “ICO25”, in which it outlined primary strategic objectives including the facilitation of responsible innovation and the promotion of economic growth.
Peake is sanguine about these efforts, despite the persistence of a “global patchwork” of approaches to digital privacy and data protection. “The UK is taking a positive step by seeking to improve its approach to data privacy, and I believe it will drive a positive result for tech companies, innovation, and their customers,” he concludes.