After being introduced in the summer of 2018, the Data Protection and Digital Information Bill was put on hold in September 2022 so that ministers could engage in a co-design process with business leaders and data experts to ensure that the new regime built on the UK’s high standards for data protection and privacy, and seeks to ensure data adequacy while moving away from the European Union’s General Data Protection Regulation.
So, before going into the details of this new shift, it is also important to understand a little about GDPR to understand the main reasons pertaining to this shift.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that was introduced by the European Union (EU) in May 2018. The regulation sets out rules for processing personal data by businesses and organisations operating in the EU and businesses and organisations outside the EU that offer goods or services to individuals within the EU.
The main objective of GDPR is to protect the privacy rights of individuals by requiring businesses and organisations to obtain clear and explicit consent for collecting, using, and storing their personal data. The regulation also gives individuals greater control over their personal data, including the right to access, modify, and delete it.
Now, the government in the UK is all set to shift from regulating GDPR to relaxing some of the data protection requirements for business entities. It is claimed that businesses could save up to £4.7bn for the UK economy over the next decade and maintain the country’s renowned data privacy regulations to ensure that firms can continue engaging in unrestricted commerce with partners worldwide, including the EU. Also, the basic aim behind forming this new law is to ensure that a new data protection law is made based on the needs and customs of the UK and that our companies and citizens will no longer need to tangle themselves in the complex and restrictive European General Data Protection Regulation.
Though the full- text of the bill is not available as of now, however, different media houses & Ministers have claimed the following changes that are important for the proper functioning of the business entities such as:
- The need for all firms to keep records of data processing that was established as part of GDPR has been removed in the revised version. This rule will now only apply to businesses that handle health data or other “high-risk” information.
- The new bill will introduce a simple, clear, business-friendly framework that will not be difficult or costly.
- To lessen the burden of paperwork that businesses must complete to prove compliance.
- It will also include instances where personal data can be processed without consent for “certain public interest activities”.
- The bill also aims to make it easier for commercial organisations, just like academic’s ones, to use the data of users for research and development purposes.
- Increase global trade while sparing companies the added expense of proving compliance with new data regulations.
- The Bill seeks to restrict the amount of consent pop-ups users see online, which allow companies to collect data about a person’s visit and will increase fines for nuisance calls and texts to up to four per cent of global turnover or £17.5 million, whichever is greater.
- The Bill would also lay out a plan for the widespread use of safe and reliable online identity verification services, enabling customers to make verified digital IDs and speed up the verification process.
- If a company is currently in compliance with existing UK data rules, the revised Bill will allow it to continue using its existing international data transfer procedures to transmit personal data overseas. This will guarantee that British companies do not need to incur further expenses or conduct additional checks to prove compliance with the new regulations.
The new bill seeks to give some relaxation to business organisations in order to boost innovation and growth for the country while maintaining robust data protection across the country. Various personalities have also claimed that the changes that have been incorporated will offer enterprises greater legal confidence to conduct research, deliver basic business services, and develop emerging technologies like AI.
However, there are also various opinions which have pointed out the loopholes of the new bill, such as it can lead to business chaos if a duplicate data protection regime is formulated only for the UK, as we also need to be aligned with the GDPR for our bigger markets. As well, as there are also questions on the cost savings that will result from this new bill as the business dislikes frequent changes or the need to cope with multiple regimes since they can incur additional costs. And one of the main arguments against the new bill is that it will weaken the users’ data protection rights by relaxing more and more data protection compliances just for the sake of business growth. However, how well this bill will come out and only be determined after its implementation.
- UK to Relax EU GDPR Data-Protection Law to Save Business Costs – Bloomberg
- Updated version of UK GDPR replacement data laws unveiled (techmonitor.ai)
- UK could save ‘billions’ with new data laws, government says | E&T Magazine (theiet.org)
Author : Ms. Sakshi Singh, Intern, CyberPeace Foundation