There was a degree of fanfare regarding the announcement of the Data Bill as part of the Queen’s Speech and to what extent this may form part of the government’s narrative of regulatory reform allowing for a “Brexit dividend”.

However, closer analysis always suggested that whatever was announced, it was only going to be another stepping stone in any initiative to deviate from EU privacy legislation – and that is exactly what we got.

The new bill smooths the process of the UK deviating from EU law, but what that deviation may look like is a more complex question, for which the government is yet to set out its position. 

The government launched a consultation on data reform in September 2021: ‘Data: a new direction’ but have not yet published a response. Only once that response has been published  - possibly later in the summer - will we have a clearer picture of what planned reforms may mean for businesses, individuals and others. 

There remains of course huge speculation over what it may, (and should), entail. An end too cookie banners? A greater focus on clamping down on nuisance spam emails and telephone calls, which, as the ICO pointed out in its response to the September consultation, still generate more complaints than anything else; or alternatively, something more fundamental altogether? And if we have something more fundamental, how will this affect data flows between the UK and Europe? 

As with many areas of privacy law, this remains an ever evolving space.