Journalists, financial firms and anti-doping bodies could receive special exemptions from new laws to protect personal data, the government has said.
These “safeguards” would protect the freedom of the press, help prevent fraud and “maintain the integrity of professional sports”.
The proposals are part of a new Data Protection Bill, published on Thursday, which will overhaul UK data laws.
It will impose much heavier fines on those who do not protect personal data.
In most respects the bill, which will come into force next May, will transfer the European Union’s General Data Protection Regulation into UK law. The legislation will also be maintained after Brexit.
However, the government said it had negotiated “vital” exemptions to create a more “proportionate” regime for Britain.
‘Freedom of expression’
These would protect professionals in a range of fields, including:
- Journalists who access personal data on the grounds of freedom of expression and to expose wrongdoing
- Scientific and historical research organisations, such as museums and universities, from certain obligations that would hinder their work
- Anti-doping agencies who are trying to catch drug cheats
- Financial services firms who handle personal data on suspicion of terrorist financing or money laundering
- And employees who, where justified, access sensitive data without consent to fulfil obligations of employment law
In the example of the press, journalists would continue to enjoy freedoms currently protected under law, a government spokesman said.
These include being able to preserve the anonymity of their sources or access personal data without consent, as long as it is in the public interest.
With regards to anti-doping, agencies would be able to handle an athlete’s personal data without their consent.
This would stop a competitor taking advantage of the new laws, by withdrawing their consent during the testing process.
The government had already unveiled other key provisions of the Data Protection Bill in August, including:
- Making it simpler for people to withdraw consent for their personal data to be used
- Letting people ask for data to be deleted
- And making re-identifying people from anonymised or pseudonymised data a criminal offence
In addition, UK firms that suffer a serious data breach could be fined up to £17m or 4% of global turnover.
The current maximum fine firms can suffer for breaking data protection laws is £500,000.