Since Brexit, the UK government has been seeking to reform data protection regulations in the UK in an attempt to diverge from EU implemented GDPR. The government recently announced that, in the coming weeks, it will launch a consultation on proposals to make changes to the UK data protection regime to make it more innovation-friendly.
GDPR - when and why it came in?
The General Data Protection Regulation (“GDPR”), introduced by the EU in May 2018, is the legal framework that requires the protection of the personal data and privacy of EU citizens for transactions that occur within EU member states.
Although the UK has left the EU, these data protection rules remain part of UK law under the Data Protection Act 2018, which was re-written to mirror the GDPR, the difference now being that the UK government has the power to amend those rules.
Why make changes?
The UK wants to be a global leader in data, focusing on uninterrupted international data flows to make the UK the hub for global trade and innovation. The government hopes that more access to information will boost growth in businesses and help public sectors thrive.
Culture Secretary Oliver Dowden announced, “Now that we have left the EU, I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK.”
As part of this proposed overhaul the government may overturn the requirement for websites to use cookie banners to ask permission for low impact uses of personal data. The government are also hoping to strike data adequacy deals with seven target nations: the US, Australia, South Korea, India, Brazil, Kenya and Indonesia.
Potential impact of changes
This is a delicate balancing act of the UK achieving their aim of becoming the centre of global trade whilst also maintaining a high standard of data protection rights.
The UK will be well aware that any substantive deviation from GDPR could jeopardise our recently granted adequacy decision by the European Commission. Without this adequacy decision, data transfers between the UK and EU could be frozen. The marginal gains the UK would make elsewhere in the world through the seven target nations should not come at the cost of data compliance with the EU.
Therefore, the UK must remain in consultation with the EU to ensure that all parties are happy with any changes to the data protection laws. Equally the EU must be willing to negotiate its current position and acknowledge that there are other non-EU adequacy agreements in existence. It will remain to be seen how the new approaches will be translated.
In practice the removal of the requirement of cookies may not have much effect as websites will continue to need cookie banners for European users. It may therefore be easier for website owners to continue to ask UK users for their consent to tracking, even though this will no longer be required.
Rest assured the robust efforts undertaken by UK businesses to be GDPR compliant will not all be in vain. The GDPR will remain as the framework of UK Data Protection with the fundamental principles of protection of privacy and personal data not up for debate.
Mills Selig will be keeping a close eye on developments and will provide timely updates.
Should you have any queries, do not hesitate to contact our GDPR experts:
Editorial prepared by: Aveen McGahon, Trainee Solicitor, Mills Selig
Having the right legal advice at the right time is crucial - our expert team offers clear, concise and problem solving legal advice. For further information on Mills Selig's expert legal services and how we can help your organisation, click:
#YourLegalTeam #Understanding #Expertise #Experience