What now for UK data protection laws?
Guest Blog: Peter Church, TMT Counsel, Linklaters discusses the UK Government's proposals to reform UK data protection laws.
The UK Government has now published its long-awaited proposals to reform UK data protection law. The 146-page paper – Data: A new direction – contains detailed and well-thought-out proposals that raise valid questions about the cost and effectiveness of many aspects of the UK GDPR.
The answers to those questions, at least on the face of it, appear to be underpinned by the UK Government’s desire to deliver a Brexit dividend and remove unnecessary red tape for UK businesses. So what is, and is not, in the proposals?
Incremental reform, not radical reinvention
Importantly, while the proposal contains significant and wide-ranging changes, the core principles in the UK GDPR are unaffected. The data protection principles and legal bases for processing are largely unaffected - though there are some minor tweaks at the margin.
In other words, UK law will still closely align to the EU GDPR in many respects. The UK Government could have pursued a more radical reinvention of these laws but given the likely impact of UK adequacy (see below) and the tumultuous last couple of years, many UK businesses may welcome the continuity and stability these proposals provide.
A rose by any other name…
The proposal are, however, significant. The key principle is to remove some of the more rigid requirements in the UK GDPR and replace them with more flexible obligations that can be tailored to the business in question. For example, the proposals recommend:
- removing the duty to appoint a data protection officer, either in all cases or just for public authorities
- removing the obligation to conduct data protection impact assessments
- removing the duty to prepare records of processing activities
However, in their place comes a more amorphous obligation to implement a “privacy management programme” which might well oblige the business to appoint someone responsible for the programme and to produce: (a) personal data inventories; (b) internal policies; (c) risk assessment tools; (d) procedures for communicating with data subjects; and (e) procedures for handling breaches.
Given the Information Commissioner’s likely demanding expectations for such a programme it is not immediately clear this is a less onerous framework or that it will, in substance, make much different to the way many businesses try and comply with the law in practice.
No economy is an island
One of the most significant implications of these new reforms is the impact on the EU’s finding that the UK has adequate data protection laws. There are good arguments that these proposals should not affect the adequacy finding; in that the changes will not necessarily result in a lessening of the protection of personal data, rather it means the process to ensure that protection is more flexible.
However, this is ultimately a question for the EU Commission who will, no doubt, be scrutinising these proposals closely. The loss of adequacy would have immediate and significant negative effects that might well outweigh the other benefits these reforms will deliver.
Enabling a robotic future
Alongside these proposals are a range of other changes, such as to enable the development of AI, to allow better use of data for innovation, amend the rules on transborder dataflow and change the powers and duties of the Information Commissioner.
Read a more detailed review of all of these changes in our DigiLinks blog post.
Original article link: https://www.techuk.org/resource/what-now-for-uk-data-protection-laws.html
Latest News from
A UK Tech Plan: How the next Government can use technology to build a better Britain06/06/2023 11:25:00
techUK is excited to announce the publication of our UK tech plan: How the next Government can use technology to build a better Britain.
techUK launches Quantum Security Working group to address cyber readiness for the new quantum age05/06/2023 10:20:00
Last month techUK held an event titled Cybersecurity in a quantum world: Preparing for the new cyber age.
The National Semiconductor Strategy: A good start, but what comes next will be critical to its success or failure02/06/2023 14:05:00
techUK welcomes the Government’s newly-launched National Semiconductor Strategy, a plan meant to bolster the UK’s semiconductor industry and secure its place on a global stage.
techUK calls for clarity on micro-mobility regulation02/06/2023 11:25:00
Transport Secretary Mark Harper urged to bring forward measures ahead of election.
The UK-Australia and UK-New Zealand FTAs Enter Into Force02/06/2023 10:10:00
The United Kingdom's Free Trade Agreements (FTAs) with Australia and New Zealand, the first signed after leaving the European Union, entered into force yesterday. These deals are projected to significantly boost bilateral trade, increasing it by 53% with Australia and 59% with New Zealand.
Five urgent actions needed on AI by UK Government31/05/2023 09:05:00
What should the UK Government do now to address the AI Governance debate?
Chancellor announces ‘Life Sci for Growth’29/05/2023 09:25:00
The Chancellor has announced an investment package of £650m to boost the life sciences sector, titled ‘Life Sci for Growth’, bringing together 10 different policies.
UK-Switzerland FTA negotiations represent an opportunity for digital trade and services25/05/2023 11:25:00
The Free Trade Agreement negotiations between the UK and Switzerland represent significant opportunities for services companies in both countries.