Data Protection Bill 2017

See Data Protection Act 1998 for previous legislation

A new Data Protection Bill was announced in the 2017 Queen's Speech, and announced by government on the 7th August[1]

Notes from Queen's Speech


“A new law will ensure that the United Kingdom retains its world-class regime protecting personal data”

The purpose of the Bill is to:

  • Make our data protection framework suitable for our new digital age, allowing citizens to better control their data.

The main benefits of the Bill would be:

  • To meet the manifesto commitments to give people new rights to “require major social media platforms to delete information held about them at the age of 18” (p.79) and to “bring forward a new data protection law” (p.80).
  • To ensure that our data protection framework is suitable for our new digital age, and cement the UK’s position at the forefront of technological innovation, international data sharing and protection of personal data.
  • To allow police and judicial authorities to continue to exchange information quickly and easily with our international partners in the fight against terrorism and other serious crimes.
  • To implement the General Data Protection Regulation and the new Directive which applies to law enforcement data processing, meeting our obligations while we remain an EU member state and helping to put the UK in the best position to maintain our ability to share data with other EU member states and internationally after we leave the EU.

The main elements of the Bill are:

  • To establish a new data protection regime for non-law enforcement data processing, replacing the Data Protection Act 1998. The new rules strengthen rights and empower individuals to have more control over their personal data, including a right to be forgotten when individuals no longer want their data to be processed, provided that there are no legitimate grounds for retaining it.
  • To modernise and update the regime for data processing by law enforcement agencies. The regime will cover both domestic processing and cross-border transfers of personal data.
  • To update the powers and sanctions available to the Information Commissioner.

Territorial extent and application

  • The Bill would apply to the UK. Data protection is a reserved matter.

Key facts

  • Over 70% of all trade in services are enabled by data flows, meaning that data protection is critical to international trade.
  • The digital sector contributed £118 billion to the economy and employed over 1.4 million people across the UK in 2015.[2]
"The forthcoming Data Protection Bill will introduce a number of new rights and safeguards for individuals, including considering where to set the age at which children can consent to their data being processed on social media sites."[3]

External links


  1. Government to strengthen UK data protection law, GOV.UK 2017-08-07
  2. Queen's Speech 2017: background briefing notes, p46-7
  3. Hansard