A great many businesses and sectors rely on the transfer of personal data to run their operations and carry out their services. When it comes to moving personal data, there’s a lot going on at the moment. Companies and public bodies that collect data need to have built-in safeguards. Failure to comply can have serious consequences. All information that relates to an identifiable individual needs to be properly protected. The right to privacy is part of the European Convention on Human Rights.
The United Kingdom General Data Protection Regulation (UK GDPR) is the data privacy law that oversees the processing of personal data. After the end of the Brexit transition, most of the EU General Data Protection Regulation (GDPR) was retained in the UK law. The UK GDPR reflects the EU GDPR, meaning that their provisions are similar, not counting some slight modifications.
UK’s Data Protection Regime Will Be Reformed Via the Data Reform Bill
The UK’s legislative agenda for the next year includes a new Data Reform Bill, which will replace the implementation of the EU’s GDPR. As part of the Queen’s Speech, the Government uncovered plans to reform the data protection regime. The proposed framework should generate benefits for businesses and citizens of the UK alike. Organisations can expect the bill to reform the existing UK data protection regime to have a strong effect on their data protection practices and data governance.
Prince Charles, accompanied by Prince William, delivered the speech for the very first time, taking the place of Queen Elisabeth, who was unable to attend the annual event for reasons of health. Mobility issues have forced her to cancel several high-profile public engagements. This year, the ‘Speech from the throne’ included 38 new pieces of draft legislation, including the Data Reform Bill. The priority is to grow and strengthen the economy and make people’s lives better.
At the present time, the text of the Data Reform Bill isn’t available. Although details have yet to emerge, the Queen’s Speech sketched some general points that the draft will address. According to the Government, the new system will be focused on privacy outcomes, creating a more flexible approach to data protection. More exactly, the bill would simplify the rules to the use of personal data, particularly when it comes to research purposes, to strengthen the UK’s position as a global science and technology superpower.
The Information Commissioner’s Office (ICO) would be able to take stronger action against businesses that violate the norms. Additionally, it could be held accountable to Parliament and the public. Since the current legislation encourages excessive paperwork, documentation requirements may be reduced or removed altogether. Businesses would no longer have to carry out data protection impact assessments, maintain records of processing activities, or even consult with ICO before taking action. As part of the reform of the data protection regime, web cookie consent banners could be eliminated.
UK Moves Away from Privacy and Data Protection Standards Set By EU
The Independent suggests that the Data Reform Bill allows the UK to ‘deviate from EU rules.’ It may end up running astray from the data adequacy agreement under the EU’s GDPR. If personal data isn’t protected sufficiently, it can be revoked prior to the time elapsing. John Whittingdale MP, Minister of State for Media and Data, stressed that the level of protection wouldn’t be undermined. Leading figures in the Government warn about the dangers of reducing data privacy rights. Right now, citizens are more empowered and are of their rights.
Industry representatives strongly believe that the bill would cost the economy more than it will deliver. Mahlet Zimeta, head of public policy at the Open Data Institute, voiced her concerns regarding the Data Reform Bill, calling it a ‘fork in the road’ for the UK’s digital economy. Zimeta highlighted that data protection is about much more than security. Information should be leveraged for the utmost societal value. It’s necessary to take into account the context in which the data is used.
The draft bill will most likely be published in the summer. In the future, it will become clear whether or not the proposed measures will actually realise the benefits suggested by the Data Reform Bill. Organisations have already invested time and resources into GDPR compliance on top of preventing vulnerability related to data breaches. Regulations dictate that the victim of a data breach incident should be given notice of the breach. A client can hold the organisation accountable – in other words, to take the dispute to court. ICO, despite being supportive of the reform, calls for additional safeguards to be put in place so that data subject rights are respected.
The Issue of International Data Transfers Has Long Been a Major Area of Concern
The European Commission published new versions of the Standard Contractual Clauses for data transfers between EU and non-EU countries. They don’t concern the exports of personal data from the UK due to the fact that the UK is no longer part of the EU. Fortunately, the ICO found a solution – the International Data Transfer Agreement (IDTA), which can be used for many different transfer situations. If the reform of data protection rules involves major changes, this could lead to a review of the formal decision made by the EU to allow the UK to remain a trusted partner as far as international data transfers are concerned.
Since leaving the EU, there have been suspicions that the UK might pursue a more relaxed, opportunistic approach to data. Any divergence from EU legislation will lead to a re-examination of the UK’s position. The new Data Reform Bill shouldn’t disrupt data flows, according to the BCS, the professional body for the UK’s IT sector. Via data adequacy arrangements, the UK can guarantee national and international safety by exchanging information on terror suspects. It’s not just about commercial interests. The bottom line is that organisations should comply with principles of lawfulness, fairness, and transparency, especially if they transfer personal data across borders. European citizens ought to have their GDPR rights respected.