The new UK government intends to pursue data reform in a more ambitious way than previously proposed. In fact, it is preparing to replace the General Data Protection Regulation (GDPR) with its own data protection system “tailored”.
At the incumbent Conservative party’s annual conference on Monday (October 3), Michelle Donelan, Liz Truss’ new minister for digital, culture, media and sport, announced that the government “will replace the GDPR with our own UK data protection system that is favorable to businesses and consumers.”
Data protection reform work was already underway in the UK, which earlier this year announced a proposal to amend the version of GDPR adopted by London after Brexit.
The introduction of these changes has cast doubt on the maintenance of the EU adequacy decision, which allows data transfers between the EU and the UK to continue despite the latter’s departure from the UK.
While the details of the new reform have yet to be revealed, it should be noted that the details of the previously planned reforms have not stood in the way of the UK’s adequacy status. However, Ms Donelan’s remarks this week indicate that the current government is ready to continue its efforts and undertake more radical revisions to the current architecture of data reform in the country.
Data reform so far
Following the UK’s exit from the EU, data transfers between the two parties have been approved by the Commission, allowing London to continue to have a GDPR-compliant privacy regime in place.
However, this decision contained a sunset clause guaranteeing its automatic expiry and therefore a necessary review and renewal in 2024.
However, the UK government was quick to announce its intention to change the regulatory regime after Brexit. The move has raised concerns in Brussels, particularly over the UK’s aim to establish data feeds with other countries including the US, Australia, South Korea and Singapore. .
As part of the UK’s latest legislative agenda, former Prime Minister Boris Johnson’s government published its data reform proposal in June, a package of measures aimed at reshaping the country’s data policy landscape.
Among the provisions of the bill is “modernization” ofOffice of the Information Commissioner, the UK Data Protection Authority. In addition, the draft law includes the possibility of removing specific requirements imposed on companies, such as the involvement of an internal data protection officer to carry out impact assessments and the introduction of a model exclusion for Windows pop up consent to cookies.
The bill, as promised by Mr Johnson, also includes provisions to strengthen international data partnerships by giving the International Council of Data Transfer Experts, a group of organisations, technology companies and experts, the power to remove barriers to data flow.
But while the proposals on the surface appeared significant in many ways, observers told EURACTIV at the time that it was uncertain to what extent this would be reflected in reality. Indeed, many companies may be reluctant to change their operations too drastically so that they can continue to operate in both the EU and the UK.
New government, new approach
However, Monday’s speech was significantly more marked in its willingness to deviate from the GDPR.
Focus on reducing bureaucratic requirements and possibly “bureaucracy” inherited from the EU by business, Ms Donelan announced that Britain “will replace GDPR with our own UK data protection system, favorable to businesses and consumers”. She added that “We can be the gateway across the Atlantic and act as the global data hub. »
The new system will aim to simplify existing structures, she said, noting that it will take inspiration from systems in other countries that had achieved EU data sufficiency without GDPR – such as Japan. , South Korea, Israel, Canada and New Zealand – “to form a truly tailored data protection system”.
“The UK GDPR” “was at the heart of the previous proposals”Ruth Boardman, partner and data protection specialist at law firm Bird&Bird, told EURACTIV. “This name reflects the approach: the GDPR framework has been retained, but additional provisions have been added to provide clarity or flexibility in certain areas. »
“The minister’s speech yesterday indicates deeper changes”she added. “We need the details to know whether these will enable the UK government to achieve Boris Johnson’s favorite feat of having the butter and the butter’s money – in this case maintaining an adequacy decision while reducing the bureaucratic burden is reduced and individuals are also protected. »
Digital strategy
Ms Donelan’s speech also included references to the Government’s other digital legislative priorities.
Among them is the promise of an accelerated rollout of 5G and broadband connectivity across the country, as well as changes to the Online Safety Bill, a regulation aimed at regulating the behavior of online platforms. online to reduce harm online.
The bill, which was put on hold before the summer pending the election of a new prime minister, will find its way back to parliament, Ms Donelan confirmed. She thus remembered that her main purpose would be to “to ensure that social media companies protect children and young people. »
“But be sure”added Mrs. Donelan, “that I make changes to the bill with regard to adults’ freedom of expression. »
