Changes to UK data law will make more work for businesses • The Register
Legal experts say UK government plans to create new data protection laws will make more work and increase costs for businesses, while creating the possibility of challenges for data sharing between the EU and the UK.
Last week, the Queen’s Speech – in which the UK government outlines its legislative plans – said the ruling Conservative party planned to replace the EU’s General Data Protection Regulation (GDPR) to ease the burden companies with an approach to data protection that encourages innovation. while preserving the protection of personal data and privacy.
Businesses in the EU and UK will not accept GDPR waiver proposals
But Georgina Kon, technology and media partner at law firm Linklaters, said that since many large companies operate in both the EU and the UK, they would end up having to comply with two regimes.
“Companies with a footprint in the EU and the UK will not accept proposals to deviate from the GDPR. If the UK goes it alone and tries to do something different from the EU, it will cost them a lot more. I don’t really see data protection offerings craving to do anything different from GDPR,” she said.
Companies had already “done a lot of work and spent a lot of money” to comply with the GDPR.
The political rhetoric around Brexit is likely to prompt the Conservative government to define the differences between UK data law and the EU regime.
“I think the government is serious about this, wanting to make a political point on Brexit,” she said.
In documents released with the Queen’s Speechthe government said the new legislation would aim to “increase the competitiveness and efficiency of UK businesses by reducing the burdens they face, for example by creating a data protection framework focused on privacy outcomes rather than on the checkboxes”.
Kon said: “There is some truth to the fact that the EU requires a lot of documents to be done and kept, but a lot of the checkboxes are designed to help people think about compliance and also to make it easier for regulators to ask questions.”
If the government’s legislation turns out to be too different from the GDPR, it could threaten the “adequacy” decision that currently allows data sharing between the UK and EU trading bloc. The government’s proposals also said the proposed legislation would enable “more efficient sharing of data between public bodies, so that service delivery can be improved for people”.
However, Kon said sharing data between public bodies creates the possibility of government surveillance over personal data. Similar concerns about data sharing in the US led to the Schrems II ruling, when the EU Court of Justice struck down so-called Privacy Shield data protection agreements between the political bloc and the United States, triggering a new wave of legal confusion over the transfer. data from EU subjects to America.
EU and US officials hinted they were closing in on a deal that could replace the Privacy Shield and comply with the court ruling.
Dr Chris Pounder, director of specialist data protection training company Amberhawk, said the government was keen to show Europeans that the UK would go its own way on data protection. “However, there are serious risks of a significant degradation of privacy protection resulting from the [Department for Digital, Culture, Media and Sport] proposals and proposed amendments to Articles 8 and 10 of the human rights regime proposed by the Department of Justice.” ®