Digital Economy Bill made law

What with all the kerfuffle over Brexit negotiations and the impending snap general election, you could perhaps be forgiven for failing to notice that the Government had rushed the Digital Economy Bill through Parliament in last week’s “wash up” before the dissolution of Parliament. The Bill in fact received Royal Assent last Thursday, 27 April. So why does the Digital Economy Act matter to privacy practitioners? Well that question is a little difficult to answer because the Bill was extensively debated in Parliament and, as matters currently stand, the text of the Act itself has yet to be published. However, on the assumption that the Act will essentially replicate the content of the Bill as it stood when introduced in July 2016 (see here), it appears that the Act will matter to privacy practitioners for three key reasons:

  • First, it embodies a number of provisions designed to liberalise Government data sharing, for example for the purposes of achieving improvements in public services, combatting public sector fraud, helping citizens to manage their debts better and for research purposes (see Part 5 of the Bill which deals with ‘Digital Government’). Such liberalising provisions always court controversy by virtue of the threat they inevitably pose to the privacy rights of citizens.
  • Second, it contains a provision of considerable importance in the context of direct marketing. More specifically, the Act requires the ICO to prepare a code of practice on direct marketing. In effect, the code will give the ICO greater sway over the operation of direct marketing activities in the UK, not least by setting good practice standards. Amendments effected to the DPA 1998 will mean that, for example, the code will be admissible in evidence in court proceedings (see clause 77 of the Bill).
  •  Third, the Act imposes an obligation on commercial online pornography providers (“OPPs”) to ensure that the pornographic material which they make available to users is ‘not normally accessible to persons under the age of 18’. In effect, OPPs will have to have age-verification measures in place to ensure that they comply with this obligation. Compliance with the obligation is to be policed by an ‘age-verification regulator’, which can impose fines on errant OPPs (see Part 3 of the Bill). However, important questions remain as to how OPPs can effectively comply with their age-verification obligations in a manner which does not excessively interfere with the privacy rights of users.

Anya Proops QC