wp-plugin-hostgator domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114ol-scrapes domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114Source:https:\/\/techcrunch.com\/2023\/03\/08\/uk-data-reform-bill-no-2\/<\/a><\/br> Turns out the UK government, under current prime minister Rishi Sunak, is not<\/em>\u00a0replacing the GDPR, as Michelle Donelan, his secretary of state for science, innovation and technology, implied last October<\/a> \u2014 when as a fresh-in-post digital secretary under a different PM, she paused the flagship data protection reform, saying the government wanted to rethink its approach and inviting businesses to \u201cco-design\u201d the legislation with her.<\/p>\n Instead, the UK\u2019s version of the EU\u2019s General Data Protection Regulation (GDPR), which governs how Brits\u2019 information can be processed, looks set for a rights haircut and a slow drift away from the EU standard under the amended reform the government introduced to Parliament today.<\/p>\n It\u2019s describing this new draft as a replacement bill \u2014 literally the \u201cData Protection and Digital Information (No. 2) Bill\u201d \u2014 which supersedes the one it introduced last July<\/a>. Although, as far as we can tell, a lot of the prior detail has carried over. But for anyone eager to dive in, the 212 pages of\u00a0amended (No.2) bill can be found here<\/a>.<\/p>\n One headline takeaway is the government appears to have retained (at least) the spirit of the GDPR\u2019s purpose limitation principle \u2014 with the revised bill allowing for some further processing of people\u2019s data but only for nonconsent-based collection, such as public interest\u2013based use cases. While a right to human review of (significant) automated decisions also appears to have survived the latest revisions.<\/p>\n However, in a regressive step, the government has further hacked away at requirements on businesses to keep records and undertake proactive oversight of their data processing activities \u2014 which could have implications for their ability to respond to user requests related to data. (Or, indeed, for U.K. businesses\u2019 ability to give comprehensive accounts of what information may have been exposed if they suffer a security breach.)<\/p>\n That said, since the regime will apply in the U.K. only, U.K. businesses that do business in Europe may well opt not to amend their existing approach to data protection \u2014 to ensure they are still compliant with the GDPR, which continues to apply across the EU. (Or, put another way, setting a lower standard than a bloc of 27 countries does not make you a global standard setter even if, drunk on Brexit Kool-Aid, you brand yourself \u201cGlobal Britain.\u201d)<\/p>\n The proposed changes that are likely to be the most well received relate to scientific research \u2014 where the U.K. government has expanded the definition to make it easer for data to be reused for research. Although there may be concerns around the potential for misuse of a freer regime here.<\/p>\n Another concerning aspect of the draft relates to regulatory oversight \u2014 with the government confirming it plans to saddle the existing watchdog, the ICO, with a new board, whose members the secretary of state may appoint (or approve) \u2014 an interference that could risk undermining the office\u2019s independence since the board looks to influence the ICO\u2019s guidance and priorities. So the direction of travel there looks worrying.<\/p>\n The existence of an independent data protection regulator will be one of the key areas for the EU to scrutinize when it comes to assessing the U.K.\u2019s \u201cessential equivalence\u201d with its data protection rules \u2014 so any moves that could be viewed as undermining the autonomy of the ICO look risky to say the least. Add to that, the ICO hardly has a reputation for being anti-business \u2014 au contraire<\/a> \u2014 so it\u2019s not clear why the government wants to die on this hill. (Beyond, well, its general appetite for passing laws that seek to amass more power for itself.)<\/p>\n \u201cThe proposals to broaden the scope of scientific research are positive and seek to address the challenges of current practice in a reasonable and sensible way for UK research. But not all of the changes will be welcomed (or are needed) and interference with the ICO\u2019s independence remains a concern that will hopefully be corrected during the legislative process,\u201d said Edward Machin, an associate at Ropes & Gray\u2019s data, privacy & cybersecurity practice in London, giving TechCrunch his first thoughts on the revised bill.<\/p>\n Further amendments to the data reform are still possible, of course, via the usual parliamentary scrutiny process, so nothing is fixed in stone yet. And lobbying is likely to ramp up now the government appears to have settled on its approach.<\/p>\n Some opposition is already organizing. Yesterday, 26 civil society groups wrote an open letter<\/a> to Donelan, calling on her to dump the latest iteration of the legislation \u2014 warning it contains \u201cmany concerning and ill-considered proposals which endanger UK residents and UK data protection.\u201d<\/p>\n And in a statement today, one of the signatories, the Open Rights Group, further warned: \u201cThe government\u2019s proposals will affect us all but particularly those who are already vulnerable and marginalised. We urge the Secretary of State to listen to the concerns of privacy groups and civil society and go back to the drawing board and put people, at the centre of this legislation.\u201d<\/p>\n On the flip side, in a canned quote accompanying\u2019s DSIT press release about a \u201cnew UK version of the GDPR,\u201d Julian David, CEO of the technology trade association TechUK, offered this fulsome praise:<\/p>\n \u201cTechUK welcomes the new, targeted package of reforms to the UK\u2019s data protection laws, which builds on ambitions to bring organisations clarity and flexibility when using personal data. The changes announced today will give companies greater legal confidence to conduct research, deliver basic business services and develop new technologies such as AI, while retaining levels of data protection in line with the highest global standards, including data adequacy with the EU.\u201d<\/p>\n<\/blockquote>\n The backstory to the bill is that the government is attempting to walk a line between, on the one hand, claiming it\u2019s seizing a Brexit-based deregulatory bonanza, based on ripping up existing (EU-derived) data protection rules and replacing them with a \u201ccommonsense\u201d U.K. alternative (now it\u2019s no longer an EU member), and, on the other, butting into a hard requirement to maintain the fundamentals of the current framework in order to ensure data keeps flowing from the EU to U.K. businesses and avoid a major economic hit were the U.K. to lose its EU adequacy status (which is up for review in 2025).<\/p>\n Donelan, now working at Sunak\u2019s recently rebranded Department for Science, Innovation and Technology (DSIT<\/a>), told Parliament today that the revised Data Protection and Digital Information Bill (DPDIB) aims to ensure \u201cwe are the most innovative economy in the world and that we cement ourselves as a Science and Technology Superpower.\u201d While DSIT suggested the bill represents a \u201ccommon-sense-led UK version of the EU\u2019s GDPR\u201d \u2014 claiming it will \u201creduce costs and burdens for UK businesses and charities, remove barriers to international trade and cut the number of repetitive data collection pop-ups online.\u201d<\/p>\n Much the same claims were being made by the government for an earlier revision of the data reform last year<\/a>. Although DSIT is now making the headline claim that fiddling with data protection will save the U.K. economy \u00a34BN+ over the next 10 years (up from a projected \u00a31BN last June) \u2014 by providing businesses with more \u201cflexibility\u201d in how they interpret the rules. (Or just carving out some types of processing from any requirement to subject them to proper record keeping.)\u00a0\u00a0But, well, lies, damned lies, and statistics\u2026<\/p>\n Simultaneously, ministers are continuing to claim that the (now) further loosened compliance requirements will still ensure people\u2019s privacy and data protection are \u201csecurely protected,\u201d as DSIT\u2019s PR suggests. \u201cThe UK is firmly committed to maintaining high data protection standards \u2014 now and in the future. Protecting the privacy of individuals will continue to be a national priority,\u201d added Donelan in Parliament. So it\u2019s the usual Brexit \u201ccakeism\u201d on show.<\/p>\n The devil will obviously be in the details \u2014 and, crucially, in what the EU makes of the fine print a few years\u2019 hence (or, indeed, sooner if it decides the risks are great enough to reopen its June 2021 adequacy decision<\/a>).<\/p>\n Some privacy experts are suggesting the government\u2019s changes aren\u2019t drastic enough to endanger EU adequacy. But, well, that remains to be seen \u2014 and legal challenges to the U.K.\u2019s post-Brexit data regime may well seek to test the robustness of the thing in court. (So even if the European Commission is happy to let U.K. standards slide, judges in the EU may ultimately disagree.)<\/p>\n
\nUK takes another bite at post-Brexit data protection reform \u2014 with \u2018new GDPR\u2019<\/br>
\n2023-03-08 21:47:59<\/br><\/p>\n\n