The government has its response to a consultation on the upcoming Data Reform Bill, outlining how it plans to deviate from European Union-based data protection rules.
The UK Department of Technology, Culture, Media and Sport (DCMS), which has proposed the new deregulatory measures, claims the reforms have the potential to save businesses more than £1 billion over the next decade.
The move follows the government’s consultation paper on reforms to the UK’s data protection regime – ‘Data: A New Direction’ – which it released last September.
The upcoming bill aims to overhaul the UK’s existing data protection system, which could potentially lead to substantial revisions to the EU GDPR and the Data Protection Act.
The government has previously said it plans to use Brexit to overhaul “very complex” data protection rules inherited from the EU.
The GDPR is currently the basis for UK data privacy law, but the government has indicated on several occasions that it wants to water down several provisions of the regulation.
It urged that new legislation would help promote UK businesses by eliminating “red tape and useless paperwork” related to EU data laws, and by lowering the barrier to the use of personal data in scientific research.
However, this ignores the fact that UK companies still have to comply with the GDPR when processing data from EU citizens.
Nadine Dorries, the digital secretary, said the Data Reform Bill has the potential to establish the UK as a “science and engineering superpower” after Brexit by making it easier for companies and researchers to “unlock the power of data.” while still upholding “our global gold standard” for data protection.
“Outside the EU, we can ensure that people can control their personal data, while avoiding that businesses, researchers and civil society are hampered by a lack of clarity and cumbersome EU legislation,” she said in a statement.
As a result of the new legislation, some organisations, such as small businesses, are no longer required to employ a data protection officer (DPO) or conduct lengthy impact assessments, as required by the GDPR.
However, organizations will still be required to maintain a “privacy management program” to ensure they are responsible for how they process personal data.
The new bill would impose a financial fine for nuisance calls and texts, as well as fines for other significant data breaches under existing privacy and electronic communications (PECR) regulations.
The fines will be increased from the existing maximum of £500,000 and will be brought into line with the UK’s GDPR fines, which can be as much as 4% of global turnover or £17.5m, whichever is higher.
According to the government, the new cookie opt-out mechanism will dramatically reduce the need for users to click through the consent banners on every page they visit, resulting in significantly fewer pesky boxes popping up online (while this may be the layman’s preference, an opt-out system rather than opt-in will certainly make people easier to track as they move around the web – contrary to the whole point of the GDPR – Ed.†
As part of this package, the Information Commissioner’s Office (ICO) is being reorganized. It will now have a chairman, a CEO and a board of directors to ensure it “remains an internationally renowned regulator.”
“I share and support the ambition of these reforms,” said John Edwards, UK Information Commissioner†
“I’m pleased to see that the government has taken our concerns about independence to heart. Data protection legislation should give people the confidence to share their information to use the products and services that power our economy and society.”
While many organizations, including the ICO, have praised the planned moves, not everyone is happy.
Open Rights Group (ORG), a privacy advocacy organization based in the UK, criticized the new laws for limiting users’ choice and liability for lawbreakers.
“The government is boldly siding with the abusers and the lawbreakers: The UK Data Reform Bill will make it the default to spy on us, and your burden to opt out of something you never wanted in the first place,” he said. the OR.
Mariano delli Santi, a data protection activist at ORG, described the proposals as “irresponsible”, adding that “they risk leading to a massive and expensive break with the EU, making data transfers expensive for UK businesses and costing jobs during an economic crisis.” downturn”.