UK signals intent to move privacy rules away from Europe’s GDPR

Since Brexit kicked in on 01 January 2021, the UK’s Data Protection act has been aligned and equivalent to the European GDPR rules that became law in May 2018. Things are changing as of August 2021, with the government setting out its vision for a “more flexible, less bureaucratic, less ‘one-size-fits-all’ approach that will attempt to remove annoying repetition, reduce the need for ‘pointless’ web cookie requests and allow business to be more innovative”.

Privacy campaigners – and IPS – seek reassurance that the balance is not shifted too far towards business and away from the rights of the individual. And businesses who have spent a lot of time and money complying with GDPR worry that they will have to spend more to comply with further regulatory change.

Protect your friends by sharing this article with them:

As the UK looks to build a global data strategy (to support ‘Global Britain’), and seeks to sign agreements on data sharing with the likes of South Korea, Singapore, Australia and the US, the benefits of staying in complete lockstep with Europe are being downplayed.  Brussels, on the other hand, is very proud of GDPR and believes it sets the standard for data privacy policy around the world.  Oliver Dowden, the Digital secretary is much less of a fan and told parliament that he wants to move away from GDPR in post-Brexit Britain.

He believes GDPR places undue costs on businesses to comply, especially with small enterprises having to follow the same rules as global tech giants. He also spoke of aiming to unlock more trade and innovation by reducing “unnecessary barriers and burdens” on international data transfers; which will theoretically result in faster, cheaper and more reliable products for UK consumers.  One argument in support of the changes points towards something close to £11bn worth of data protection barriers that are currently blocking trade with some of these nations we hope to swiftly reach agreement with.

The proposed package of measures put forward by the government is intended to ‘seize the opportunities of data’ to boost growth, trade and improve public services, but could mean significant changes in how data is treated within the UK. Dowden talks about “the freedom to chart our own course and put an end to irritating cookie popups and consent requests online”.

The counter-argument would point out that constant reminders of what data you are about to give away is an essential tool in the education of the public about the value of their personal data. Doubts will remain on whether the UK develops a default ‘opt-out’ for data collection – unless you explicitly agree to ‘opt-in’.  A common example of an explicit ‘opt-in’ is a pop-up message explaining your consent is a value exchange where the publisher provide content to you for free but will make use of your data in some way.  We worry that the opposite is being suggested (then you will have to click ‘opt-out’) and will follow this story closely. We might also need your help later in the year to register our collective feelings if the balance tips too far away from our individual rights.

The EU has threatened to revoke the data sharing arrangements that allow us to co-operate on airline passenger data and terrorist threats (amongst others) if we change course too drastically away from what they perceive as privacy rights for the individual.

IPS believes it is essential that permission is needed before any personal data is shared with third parties and that must be explained to the individual in a visible and transparent manner. Protecting that data is not just ‘Brussels red tape’ that can be cut and disposed of.  UK citizens need confidence that their data is used ethically and sensibly to improve things like national security, healthcare outcomes or a zero carbon future – and not just sold out the back door to the highest bidder.  Personal data and personal freedom are two of the most precious high-value commodities in the 21st century and we must be able to trust our national government to protect them.

New Information Commissioner for UK

The government has proposed John Edwards, currently the Privacy Commissioner in New Zealand, as the new Head of the ICO, the UK’s data protection regulator, to replace the outgoing Elizabeth Denham.  She has been largely based in her native Canada during the pandemic and finishes her term at the end of October 2021.

Mr Edwards is a frequent user of Twitter and has gained fame in NZ for his outspoken views on Facebook and their behaviour in relation to privacy rights. He famously deleted his Facebook account in the wake of the Cambridge Analytica scandal.

In her statement responding to Edwards’ nomination, Elizabeth Denham, appears to signal a warning to us all by writing: “Data-driven innovation stands to bring enormous benefits to the UK economy and to our society, but the digital opportunity before us today will only be realised where people continue to trust their data will be used fairly and transparently, both here in the UK and when shared overseas.”

Will the new rules boost or reduce that trust?  We look forward to reading the proposals for specific changes to the data protection rules that cover our country and will write more on this story in the months ahead.

Have your say

As an IPS member, you can leave us your thoughts, comments and experiences in the commments section below

Leave a Reply

You must be logged in to post a comment.