News
NEW
The United Kingdom introduces a draft reform of its data protection law

Published March 20, 2023
by Melissa Walehiane

min read

Summary

    London is doing its Brexit on data protection. Indeed, contrary to what was announced last year, under the leadership of the current Prime Minister Rishi Sunak, the UK will not replace the General Data Protection Regulation (GDPR) entirely.

    The goal: to establish a new regulatory framework that is more business-friendly, which will be "freed from unnecessary bureaucracy," according to Michelle Donelan, the Secretary of State for Science, Innovation, and Technology, who had already paused the flagship data protection reform, saying the government wanted to rethink its approach and inviting businesses to "co-design" the legislation with her.

    The government now wants to keep the "best elements" of the European regulation, while dropping some limitations and reporting requirements for companies. This would result in more than €4.5 billion in savings over ten years.

    ICO Commissioner John Edwards said, "The bill will allow my office to continue to function as a trusted, fair and independent regulator. We look forward to continuing to work constructively with the government to monitor how these reforms are expressed in the bill as it moves through Parliament." 

    The bill would require companies to conduct processing registrations only when dealing with high-risk data, such as, for example, an individual's health data. It also clarifies that profiling is subject to the same rules as automated decision-making when a significant decision is made about an individual without significant human intervention. 

    With respect to international data flows, the bill will use existing transfer mechanisms if they already comply with current UK data laws. 

    At a roundtable discussion Wednesday afternoon, Joe Jones, director of research and analysis at IAPP, who has previously worked for the UK government in this area, said, "If you are compliant with the EU GDPR, you will be compliant with the UK." 

    That said, because the regime will only apply in the UK, UK companies doing business in Europe may well choose not to change their current approach to data protection - to ensure they are still compliant with the RGPD, which continues to apply throughout the EU.

    So, it's not entirely clear where the government is headed, but digital rights groups are concerned.


    Continue the conversation in the Yes We Trust community

    Related Articles
    Our freshest data privacy content for you
    • News

    OpenAI will propose corrective measures regarding ChatGPT ban in Italy | Yes We Trust

    April 14, 2023 by Melissa Walehiane

    OpenAI will propose corrective measures regarding ChatGPT ban in Italy

    Read Article

    • News

    FTC says online counseling service BetterHelp broke its privacy promises | Yes We Trust

    April 14, 2023 by Melissa Walehiane

    Read Article

    • News

    UK Government proposes amendments to Data Protection and Digital Information Bill │Yes We Trust

    December 4, 2023 by Jivika Lillaney

    UK Government proposes forward-thinking amendments to Data Protection and Digital Information Bill

    Read Article

    • News

    Apple opposes UK surveillance bill update | Yes We Trust

    July 25, 2023 by Yes We Trust

    Apple opposes UK surveillance bill update

    Read Article

    • News

    Ericsson Fined More Than $200 Million In The US | Yes We Trust

    March 24, 2023 by Melissa Walehiane

    Read Article

    • News

    Biden signs executive order restricting use of commercial spyware | Yes We Trust

    April 1, 2023 by Melissa Walehiane

    Read Article