UK could reshape data protections to reduce ‘burdens’ on business

The General Data Protection Regulation (GDPR) is an EU law which came into force in 2018 and has been mirrored in British law. The regulations protect the rights of data subjects to retain some control over how their personal data is used by other parties. The framework has been backed by other governments and even by some of the world’s largest tech companies, such as Google.

GDPR was implemented to address data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.

Following the UK’s withdrawal from the EU, the government is reportedly planning to reform data protection rules in order to boost the digital economy by allowing data to flow more freely.

According to a Reuters report, the digital secretary implied that the rules could be rebalanced in a manner that opens up greater economic opportunity without watering down data protections. He said that there is not a binary choice between protecting privacy and supporting businesses through the Covid-19 recovery.

“There is a sweet spot for the UK whereby we hold onto many of the strengths of GDPR in terms of giving people security about their data,” Dowden said, addressing the Westminster eForum virtual event, “but there are obviously areas where I think we can make more progress.”

He continued: “In our rule making, we can take a slightly less European approach as set out in GDPR by focusing more on the outcomes that we want to have and less on the burdens of the rules imposed on individual businesses.”

Dowden did not specify any planned changes to data protection law and said that the government would not move “precipitately”. It will draft its proposals following a consultation with industry.

According to Phil Earl, the department’s deputy director for data strategy implementation and evidence, the second Information Commissioner (who will succeed incumbent Elizabeth Denham later this year, after her five years in the position) is likely to play a part in developing the new rules. The next Information Commissioner will focus not just on enforcing privacy rules, but also helping businesses innovative more effectively using data within the framework.

“[The next Information Commissioner] will be asked by the secretary of state to not just focus on privacy but to be really thinking about how they are helping to unlock the value of data again,” Earl said, according to an IT Pro report. “I think the secretary of state would like the new Information Commissioner to not necessarily rewrite the privacy rules. It’s not about throwing everything out now we’ve left the EU; it’s about maintaining those high standards but trying to rebalance the overall approach.”

Earl said that many businesses struggle to understand the rules due to lack of clarity and guidance, suppressing innovation through uncertainty and fear of breaching regulations.

Meanwhile, EU bodies are in the process of developing a modern legal framework for the digital economy (the Digital Services Act) to replace the 2000 e-Commerce Directive as its primary framework for digital regulation.