UK’s Data Protection Bill Amended to Protect Security Researchers

The government in the United Kingdom (UK) is to amend The Data Protection Bill in order to protect security researchers working to uncover abuses of personal data, removing this way criminalisation of legitimate research. As media reports, the bill will contain a clause making it a criminal offence to ‘intentionally or recklessly re-identify individuals from anonymised or pseudonymised data’. The government has introduced an amendment to the bill providing an exemption for researchers carrying out ‘effectiveness testing’. With this, researchers would have to notify the Information Commissioner’s Office (ICO) within three days of successfully deanonymising data, and demonstrate that they had acted in the public interest. Minister for Culture, Communications and Creative Industries in UK, Matt Hancock, stated: ’We are strengthening Britain’s data protection laws to make them fit for the digital age by giving people more control over their own data. This amendment will safeguard our world-leading cybersecurity researchers to continue their vital work to uncover abuses of personal data.’