The Data and Marketing Association (“DMA”) has launched a 10-point manifesto for a new government to reform data protection legislation and skills development after the Data Protection and Digital Information (“DPDI”) Bill failed to be passed before Parliament was dissolved. The manifesto notes that many of the DMA’s members will be frustrated at the failure of the Bill to pass given the extensive consultation that took place over the past three years, the cross-party support it enjoyed, and the opportunities the Bill promised as an update to the UK’s data protection framework.

The manifesto urges the new government to build on the principles of the DPDI Bill and calls for any new data protection legislation to achieve the following goals:

1. Maintain high standards of data protection to build trust and confidence in the future of the economy and government services.
2. Provide certainty to legitimate interests as a lawful basis for data processing to ensure the right to conduct a business is balanced with the right to privacy.
3. Take a principles-based, ethical approach to AI regulation.
4. Give legal certainty to the recitals in GDPR to ensure the legislation is correctly interpreted by the ICO, lawyers and data protection officers.
5. Maintain adequacy with the EU to ensure free flow of trade.
6. Promote scientific research in academic and commercial settings.
7. Enhance the role of the Department of Science innovation and technology, making it faster to respond to the opportunities and challenges of emerging technology.
8. Reform the organisation structure and governance of the ICO.
9. Develop skills in data, AI and digital marketing that are essential to growth and productivity.
10. Transfer responsibility for in career reskilling, lifelong learning and apprenticeships from the DfE to the Department for Business and Trade.

The manifesto also makes a number of particular recommendations that the DMA says should be included in any new bill. For example, it calls for: the “key principles of data protecting impact assessments, data protection officers and records of processing activity” to be reinforced while creating exemptions for micro and small business not engaged in high-risk processing; the ‘soft opt-in’ for email to be extended to non-commercial organisations, enabling charities to communicate to donors in the same way as businesses; greater certainty in relation to the legitimate interests test and to ensure that “legitimate interest impact assessments reflect the economic benefits of the processing to customers, donors and organisations while mitigating harms to privacy”; and the removal of consent requirements for cookies and other identifiers which “interrupt customer journeys and don’t achieve meaningful consent”.

The manifesto can be read in full here.