The ‘newly independent’ UK aims to be the ‘data hub’ of the world • The Register
Britain’s Digital Secretary says the General Data Protection Regulation (GDPR) is “limiting the potential of our businesses” and promises to cut data protection “bureaucracy” for the “new independent nation free of EU bureaucracy”.
Recently appointed Michelle Donelan said the UK plans to “take full advantage of this post-Brexit opportunity and unlock the full growth potential of the UK economy”, claiming: “We can be the bridge across the Atlantic and act as the data hub of the world.”
It’s a clear statement of intent on the direction of data protection policy with new political leadership in government, although the country’s proposed replacement for the EU GDPR – the Data Protection and Digital Information Act (DPDIB) – is still in parliament.
The bill is under scrutiny by lawmakers, but UK tech companies will have legwork to do regardless of what changes are made, despite government protests that the changes will result in laws being simplified or repealed.
What this means for multinational companies is also becoming more difficult for them. Those with a presence in the UK and Europe who may be dealing with the single policy territories, having been covered by a similar approach, will need to make some changes if the UK goes it alone.
The replacement of the GDPR by national law is being pursued by the Conservative Party even before the so-called TIGRR report. This was sort of a post-Brexit wish list, which involved getting rid of metric units of measurement in favor of imperial units because that worked so well for NASA. The parts in it that alluded to the new privacy law spoke of an “overemphasis on consent” that “resulted in people being bombarded with complex consent requests.”
However, it is also important that the law achieve data adequacy, something the ruling party seems to think is within reach, citing the examples of Japan, South Korea, Canada and New Zealand.
Tech pros warn EU’s ‘data adequacy’ is at risk if Brexit Britain goes its own way
Adequacy means that a state’s legislation is considered compliant with the EU data protection text, which means that organizations in those countries can continue to trade with the EU and handle EU citizens’ data.
DPDIB and your rights
There are also concerns about the dilution of data subjects’ rights, with some critics of the new bill saying it relaxes the definition of “consent” in the context of scientific research (Clause 3).
Legal Eagle Chris Pounder of HawkTalk Training, for example, believes this could encourage unethical research. He says a proposed change in the DPDIB, where personal data is collected for research, archival and statistical (RAS) purposes, is likely to result in a decrease in subject consent in “meaning as the legitimate interests Legal base becomes more attractive for private sector RAS.”
Neil Thacker, Netskope’s EMEA CISO, spoke of an upcoming burden for data processors: “Having to process data differently for each region increases the costs for companies, so for any international organization adding another international regulation comes with costs and additional resources will bring burden.
“Furthermore, obtaining a declaration of adequacy with the GDPR is a time-consuming process, potentially creating even more uncertainty for UK businesses and those looking to do business with the UK.” deviate from this, and the people involved can only be more confused.” ®
https://www.theregister.com/2022/10/06/new_dcms_head_newly_independent/ The ‘newly independent’ UK aims to be the ‘data hub’ of the world • The Register