Publications

What is on this page

The main EU law laying down rules for the protection of personal data is the EU General Data Protection Regulation (EU GDPR). Prior to UK withdrawal from the EU, the EU GDPR was directly applicable in the UK. Data protection in the UK is currently governed by the UK GDPR and the Data Protection Act 2018. Currently, the UK GDPR aligns with the EU GDPR.

The Data (Use and Access) Bill [HL] aims to boost the UK economy by improving the way consumers, businesses and asset owners can safely share, access and process data.

In light of the breadth of the Bill, the focus of this submission is on the proposed changes to the data protection legal framework in the UK, in particular the rules and safeguards on automated decision-making; onward transfers of data to third countries and international organisations; and the processing of personal data for the purposes of research.

The NIHRC has identified data protection as falling within scope of Windsor Framework Article 2. This submission provides examples of where the NIHRC has concerns that rights relating to data protection might be weakened if the Data (Use and Access) Bill [HL] should pass in its current form. In addition, this submission gives consideration to how the Data (Use and Access) Bill [HL] might impact the data adequacy agreements between the UK and the EU that currently facilitate the free flow of data between the EU and the UK.

Who is this page for?

  • Political Representatives
  • Policy experts
  • Members of the Public
  • NI Assembly
  • Civil Society Organisations
  • House of Commons
  • House of Lords European Affairs Committee
  • Joint Committee on Human Rights
  • Northern Ireland Affairs Committee
  • Science, Innovation and Technology Committee
  • House of Lords Northern Ireland Scrutiny Committee

Briefing on the Data (Use and Access) Bill [HL]

Last Updated: Monday, 17 February 2025

Relevant Documents

Data (Use and Access) Bill [HL] - Parliamentary Bills - UK Parliament

Publication - NIHRC Briefing on the Data Protection and Digital Information Bill | Northern Ireland Human Rights Commission

Publication - Joint NIHRC and ECNI submission to the European Affairs Committee Inquiry on UK-EU Data Adequacy Agreements | Northern Ireland Human Rights Commission

NIHRC and ECNI Working Paper: The Scope of Article 2(1) of the Ireland/Northern Ireland Protocol

Summary of Advice and Recommendations

The NI Human Rights Commission:

2.9 advises that all EU law in force in NI on or before 31 December 2020 which underpins an ECHR right, falls within scope of the non-diminution commitment in Windsor Framework Article 2.

2.10 advises that, as a fundamental right, the right to personal data protection would fall within the scope of “civil rights” under the Belfast (Good Friday) Agreement. Further, as an essential element of the right to respect for private and family life in Article 8 ECHR, any right to personal data protection afforded by EU law, by which the UK was bound on 31 December 2020, falls within the scope of the non-diminution commitment in Windsor Framework Article 2.

2.23 recommends that Members enquire whether or to what extent compliance with Windsor Framework Article 2 was considered by the Secretary of State before introduction of the Bill and if he will provide a detailed, written assessment.

2.24 recommends that Members enquire whether or to what extent the Secretary of State agrees with the advice of the Dedicated Mechanism that:

• in line with the reasoning of the Court of Appeal in Dillon, the right to data protection falls within ‘civil rights’ and ECHR rights and therefore within the Rights, Safeguards and Equality of Opportunity chapter of the Belfast (Good Friday) Agreement;

• EU law on data protection which was binding on the UK prior to its withdrawal from the EU, underpins the commitment to civil rights and the ECHR in the Belfast (Good Friday) Agreement;

• by virtue of Windsor Framework Article 2, the Bill must not therefore diminish rights and safeguards in Northern Ireland below minimum standards set out in relevant EU data protection law, specifically EU GDPR, the EU E-Privacy Directive and the EU Data Protection and Law Enforcement Directive.

2.25 recommends that Members seek the Secretary of State’s written assessment of compliance of the Bill’s provisions with minimum rights and safeguards contained in EU GDPR, the EU Data Protection Law Enforcement Directive and the EU E-Privacy Directive.

3.13 recommends that the Secretary of State amends the Human Rights Memorandum to the Bill to set out in detail an assessment of the compliance of the Bill with Windsor Framework Article 2, including all relevant EU data protection laws, which, by virtue of Windsor Framework Article 2, continue to set standards in NI.

4.16 recommends that the Secretary of State reviews Clause 80, proposed Articles 22A-22C, of the Data (Use and Access) Bill [HL] and brings forward amendments as required to ensure no diminution of rights relating to automated decision-making under the UK GDPR.

4.20 recommends that the Secretary of State provides a written assurance on how access to cross-border services requiring the free-flow of data between the UK and the EU will be protected in light of Clause 80 of the Bill on automated decision-making.

5.19 recommends that the Secretary of State reviews Schedule 7 of the Bill and brings forward amendments as required to ensure no diminution of rights in NI relating to data transfer to third countries, measured against relevant EU GDPR standards.

6.10 recommends that the Secretary of State reviews Clause 67 and brings forward amendments as required to ensure no diminution of rights in NI in relation to the processing of personal data for scientific purposes.

6.11 recommends that the Secretary of State reviews the provisions of Clause 70 of the Bill and brings forward amendments as required to avoid a divergence of data protection standards between the UK and the EU that might result in the free flow of data between the UK and the EU being compromised.

Download Documents

    Related Documents