UK Reintroduces Bill Proposing Modifying Country’s GDPR
General Data Protection Regulation (GDPR) , Geo Focus: The United Kingdom , Geo-Specific
Civil Society and Tech Firms Warn Aginst Modifying the European Privacy Law Akshaya Asokan (asokan_akshaya) • March 8, 2023 Houses of Parliament on the river Thames in London (Image:Shutterstock)
The U.K. government is proposing modifications to the European privacy law adopted as British law before leaving European Union, telling Britons the changes will save billions of pounds over the coming decade. Critics say the proposal waters down privacy rights and could lead to increased surveillance of vulnerable populations. Some tech companies have said a U.K. version of the law will lead to a a greater regulatory costs, not fewer.
See Also: OnDemand | Navigating the Difficulties of Patching OT
Technology Secretary Michelle Donelan reintroduced Wednesday the legislation, the Data Protection and Digital Information Bill after the government pulled it from consideration in September 2022 for additional work.
“Our new laws release British businesses from unnecessary red tape,” Donelan said Wednesday, vowing that “no longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR.”
Adherence to the GDPR is a cornerstone of a June 2021 agreement that allows commercial data flows to continue crossing the English Channel through mid-2025. The U.K. assimilated the GDPR as domestic law in 2018 ahead of the country’s withdrawal from the European Union.
Donelan in late 2022 said the government would replace the GDPR with a “truly bespoke British system of data protection.” The bill she introduced Wednesday isn’t a complete replacement. Among its changes would be empowering the government to authorize permissionless data processing “for the purposes of a recognized legitimate interest” such as national security and crime. The law already recognizes the “administration of justice” as a legitimate motive for processing personal data without prior consent.
The government says paperwork requirements would go down by limiting compliance documentation to “organizations whose processing activities are likely to pose high risks to individual’s rights and freedoms” such as entities that process large volumes of health data. It would also loosen GDPR restrictions on automated decision making.
Civil rights groups were quick to criticize the bill. More than two dozen organizations led by Open Rights Group signed a letter calling the proposal “undemocratic.”
“U.K. residents need more protection against pervasive surveillance and unfair dismissals at work, against data misuses by law enforcement and public authorities, against the exploitation of their medical conditions and vulnerabilities for commercial purposes,” they wrote.
A number of small and mid-size British software businesses in late 2022 already urged the government not to proceed with the bill’s reintroduction, saying a divergence from the GDPR in the U.K. would add to their regulatory burden rather than decrease it.
“Companies will need to remain compliant with GDPR in any situation,” the October letter stated.