The new UK government intends to carry out data reform in a more ambitious way than previously proposed. In fact, it is preparing to replace the General Data Protection Regulation (GDPR) with its own data protection system. ” custom made “.
At the current Conservative Party’s annual conference on Monday (October 3), Michelle Donelan, Liz Truss’s new Minister for Digital, Culture, Media and Sport, said ad that the government “It will replace GDPR with our own business- and consumer-friendly UK data protection system. »
Data protection reform work was already underway in the UK, which earlier this year announced a proposal to change the version of the GDPR adopted by London after Brexit.
The introduction of these changes has called into question the maintenance of the EU’s adequacy decision, which allows data transfers between the EU and the UK to continue despite the latter’s departure from the bloc.
While the details of the new reform have yet to be revealed, it should be noted that the details of previously planned reforms have not hampered the UK’s adequacy status. However, Ms. Donelan’s comments this week indicate that the current government is ready to continue its efforts and undertake more sweeping revisions to the country’s current data reform architecture.
Data reform so far
Following the UK’s departure from the EU, the transfer of data between the two parties has been authorized by the Commission, allowing London to continue to have a GDPR-aligned privacy regime in the EU.
This decision, however, included an expiration clause, guaranteeing its automatic expiration and, therefore, a necessary review and renewal in 2024.
However, the British government was quick to announce its intention to modify the post-Brexit regulatory regime. The move has raised concerns in Brussels, particularly about the UK’s aim to set up data sources with other countries, including the US, Australia, South Korea and Singapore.
As part of the UK’s latest legislative agenda, the government of former Prime Minister Boris Johnson published his Data Reform Bill in June, a package of measures aimed at rebuilding the country’s political landscape in terms of data.
Among the provisions included in the bill is the “modernization” of theInformation Commissioner’s Office, the UK data protection authority. In addition, the bill provides for the elimination of specific requirements imposed on companies, such as the hiring of an internal data protection officer to carry out impact assessments, and the introduction of an exclusion model for windows. arise cookie consent.
The bill, as promised by Johnson, also contains provisions to boost international data partnerships by giving the International Council of Data Transfer Experts, a group of organizations, technology companies and experts, the power to remove barriers. to data streams.
However, while the proposals on the surface seemed significant in many ways, observers told EURACTIV at the time that the extent to which this would be reflected in reality was uncertain. In fact, many companies may be reluctant to change their operations too drastically in order to continue operating in both the EU and the UK.
New government, new approach
Monday’s speech, however, was significantly more marked in his willingness to deviate from the GDPR.
Focus on reducing bureaucratic requirements and any “red ribbon” inherited from the EU by business, Ms Donelan announced that the UK “will replace GDPR with our own business and consumer friendly UK data protection system”. she added that “We can be the gateway across the Atlantic and function as the global data center. »
The new system will aim to simplify existing structures, he said, noting that it will take inspiration from systems in other countries that had achieved EU data adequacy without GDPR, such as Japan, South Korea, Israel, Canada and New Zealand. . “to form a truly tailor-made data protection system”.
“The UK GDPR” “was at the heart of previous proposals”Ruth Boardman, partner and data protection specialist at law firm Bird&Bird, told EURACTIV. “This name reflects the approach: the GDPR framework has been kept, but additional provisions have been added to provide clarity or flexibility in certain areas. »
“The minister’s speech yesterday suggests deeper changes”she added. “We need the details to know if this will allow the UK government to achieve Boris Johnson’s pet feat of having the butter and the butter money, in this case maintaining a proper decision while reducing the bureaucratic burden and also protect people. »
Ms. Donelan’s speech also included references to the government’s other digital legislative priorities.
Among them are the promise of an accelerated rollout of 5G and broadband connectivity across the country, as well as amendments to the Online Safety Bill, a regulation aimed at regulating the behavior of online platforms to reduce harm. online.
The bill, which was put on hold before the summer pending the election of a new prime minister, will return to parliament, Ms Donelan confirmed. She thus remembered that her main objective would be “to ensure that social media companies protect children and young people. »
“But calm down”Ms. Donelan added, “That he make changes to the bill regarding the freedom of expression of adults. »
“Total social media fan. Travel maven. Evil coffee nerd. Extreme zombie specialist. Wannabe baconaholic. Organizer.”