Follow us


As addressed in our related article on digital regulation, the 22 May announcement of the UK general election effectively stalled progress on the overhaul of the UK's data protection framework through the Data Protection and Digital Information Bill (DPDI Bill). As such, the Bill was not enacted and now cannot be carried over to the next Parliament, casting doubt on a much-touted shake-up that had been billed as the UK "forging its own path" in a post-Brexit age.

It was also originally touted by the UK Government as ushering in a "golden age of growth and innovation" through its initial consultation paper 'Data: A new direction' back in September 2021. While privacy activists criticised some of the proposed changes to the UK GDPR for "watering down" data subject rights and safeguards, other commentators suggested the proposals were less of a departure from the EU GDPR framework than politicians had forecast.

It is also worth remembering that the proposed changes would only have applied to the UK GDPR, therefore organisations operating across the EU and UK would have needed to comply with both the EU GDPR and the UK equivalent (as amended by the DPDI Bill). As many of the proposals under the DPDI Bill slightly relaxed the rules that currently apply under the EU regime, it is likely that most international organisations would have continued to apply the higher EU 'gold standard' anyway across all jurisdictions for consistency across their international compliance programme.

What does the DPDI's fate mean for data protection compliance?

The status quo remains for now, with data protection in the UK continuing to be governed by a combination of the current UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

This is arguably no bad thing from the point of view of the UK maintaining its EU adequacy status in the face of any proposed reform, an issue that tied the government's hands throughout the process. Although adequacy does not require a carbon copy replica of the EU GDPR framework and the UK Government's proposed DPDI Bill did not represent as great a divergence from the EU GDPR as some expected, revocation of the UK's adequacy status was nonetheless a risk the government needed to monitor. The repercussions of losing adequacy status are significant – including increased costs to organisations of using alternative international data transfer mechanisms and ultimately interrupting the free flow of data between the EU and the UK. Such an outcome is a scenario that both the EU and the UK will want to avoid.

Would a Labour Government resurrect the reforms?

With Labour's manifesto yet to be published, the party's position remains unclear. While Labour has not broadly opposed the DPDI Bill, a major revision of the UK GDPR seems unlikely to be an immediate priority for a new government.

In part, this is because of the expectation that Labour wants to prioritise recalibrating UK/EU relations, which could influence a broad range of policy areas such as digital regulation and make divergence from the EU data protection framework unattractive even before considering the threat to adequacy status.

The extent to which a Labour Government would take forward certain elements of the DPDI Bill also remains uncertain. Among other initiatives, the Bill sought to put digital identity verification services onto a statutory footing. It seems possible this may be an example of one element a Labour Government looks to retain – not least given the amount of time and money expended on this topic by both the think tank Labour Together and the Tony Blair Institute for Global Change. Also, significant here, could be Labour's expected drive for public sector digitisation, an area in which digital identity could play a supporting role.

The best hope for further guidance in the weeks ahead will come in the looming publication of the major party manifestos, which provide broad-brush policy commitments ahead of the election. Our team will bring you more analysis as fresh commitments emerge.


Key contacts

Miriam Everett photo

Miriam Everett

Partner, Global Head of Data Protection and Privacy, London

Miriam Everett
Claire Wiseman photo

Claire Wiseman

Professional Support Lawyer, London

Claire Wiseman
Duc Tran photo

Duc Tran

Of Counsel, London

Duc Tran

Stay in the know

We’ll send you the latest insights and briefings tailored to your needs

London London - Canary Wharf Belfast Data Protection and Privacy UK General Election 2024 Data and Privacy Miriam Everett Claire Wiseman Duc Tran