The Data Protection and Digital Information (No. 2) Bill 2022-23
The Data Protection and Digital Information (No.2) Bill was introduced in the House of Commons on 8 March 2023.

This Library Briefing gives an overview of data protection law and when Members of Parliament can share the personal information of constituents.
Data protection: constituency casework (387 KB , PDF)
The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) form the UK’s data protection regime.
Under the 2018 Act and the UK GDPR, the sharing of a constituent’s personal data by a Member of Parliament must have a lawful basis. There are six bases:
Members’ casework
For the processing of non-sensitive personal data in relation to casework, Members can usually rely on the implied consent of a constituent.
There are additional protections for processing “special category” data because of its sensitivity. This type of data includes information revealing a person’s racial origin, ethnic origin, health details, sexual orientation, and political and philosophical beliefs.
For MPs, paragraphs 23 and 24 of Schedule 1 of the 2018 Act have two main functions that apply when a constituent has contacted them:
Paragraph 23 sets out when a Member of Parliament (or someone acting with their authority) can process certain “special category” data about an individual, in the course of the Member’s “functions as a representative” (e.g. constituency casework), without having to establish explicit consent.
Paragraph 24 allows, but does not require, others (e.g. agencies or organisations) who are contacted by Members to disclose special category personal data to them where this is necessary to help with their functions, without having to obtain the explicit consent of the individual concerned.
Where to go for advice
The Information Commissioner’s Office (ICO) oversees and enforces data protection law. The ICO can advise on individual cases. Contact details are online and include a helpline: 0303 123 1113.
Data protection: constituency casework (387 KB , PDF)
The Data Protection and Digital Information (No.2) Bill was introduced in the House of Commons on 8 March 2023.
On 13 March the Government published the Integrated Review Refresh 2023. This briefing examines how the review compares to its predecessor, published in 2021, focusing on the major themes and assessments.
The Data Protection and Digital Information Bill 2022-23 was introduced in the House of Commons on 18 July 2022. It was withdrawn on 8 March 2023. The Data Protection and Digital Information Bill (No. 2) Bill was introduced on the same date.