The UK government has been attempting to adjust data protection laws through the Data Protection and Digital Information Bill. This Bill was supposed to reduce the compliance burden for businesses. It also proposed centralising cookie controls and introducing digital verification. At the same time, it wanted to “maintain strong data protection standards”.

The Bill has now been abandoned in the run-up to the general elections part of purdah. That is the period before a general election where Parliament is suspended and normal activity is much reduced. This means that the UK’s implementation of GDPR – the aptly named “UK GDPR” – remains unchanged. It’s not the first time it has abandoned changes.

While some are lamenting this development, others will breathe a sigh of relief. After Brexit, the EU Commission assessed that UK GPDR provides adequate protection for personal data. This “adequacy status” allows the free flow of personal data to and from the EEA. Or “Data Fortress Europe”, as I like to call it.

The Commission’s adequacy decision expires on 27 June 2025. The House of Lords European Affairs Committee has already launched an inquiry into how the current arrangements are working, inviting submissions by 31 May 2024. Any changes to UK GDPR could threaten that. Let’s not forget the ongoing difficulties of data transfers between the EU and the USA.

While political energies are now redirected to preparing manifestos and attempting to gain or retain power, the UK’s data protection regime will continue as it is. So, it’s business as usual again. For now.

If you need advice, contact me at +44 20 3824 9748 or fjennings@hcrlaw.com.