Peter A Clarke

As part of the Queen’s Speech, read by the Prince of Wales, the UK government announced that it would introduce a Data Reform Bill.

The Bill proposes to provide the Information Commissioner’s Office with greater powers to take  “stronger action” against businesses that breach data rules.

The background and briefing notes states that the Bill will focus on a flexible, “outcomes-focused” approach rather than “box-ticking,” and will simplify the rules relating to the use of personal data for research purposes.

While the UK government complained that the UK General Data Protection Regulation (“GDPR”) and the Data Protection Act of 2018 as “highly complex and prescriptive” legislation that imposes excessive administrative burdens on business it will nonetheless seek renewal of the European Commission’s adequacy decision  upon its automatic expiry in 2025.  This will permit personal data to continue to flow uninhibited between the EU and the UK.

In the United States the US House of Representatives passed the Promoting Digital Privacy Technologies Act on 11 May 2022. It provides for the Director of the Office of Science and Technology Policy, acting through the Networking and Information Technology Research and Development Program, to coordinate with the Director of the National Science Foundation, the Director of the National Institute of Standards and Technology, the Federal Trade Commission, and the heads of other federal agencies, as appropriate, to accelerate the development, deployment, and adoption of privacy enhancing technologies. This is one way of dealing with privacy intrusions and one that is finding some favour given the disappointing performance of regulators and privacy intrusive legislation that is enacted from time to time.

The bill defines privacy enhancing technology as any software or hardware solution, technical process, or other technological means of mitigating individuals’ privacy risks arising from data processing by enhancing predictability, manageability, dissociability, and confidentiality. Specifically, HR 847 suggests privacy enhancing technology may include:

• cryptographic techniques for facilitating computation or analysis on data while mitigating privacy risks;
• techniques for publicly sharing data without enabling inferences to be made about specific individuals;
• techniques for giving individuals control over the dissemination, sharing, and use of their data;
• techniques for generating synthetic data; and
• any other technology or approach that reduces the risk of re-identification, including when combined with other information.

The Senate introduced a similar piece of legislation on 4 February 2022.