UK Proposes Post-Brexit Data Laws to Boost Innovation

The UK government has proposed new data laws designed to boost economic growth and innovation, in addition to plans to clamp down on nuisance calls and minimize cookie pop-ups online.

The Data Reform Bill, published following a consultation period, is designed to update the UK’s existing data rules following the country’s departure from the European Union.

It is designed to unlock organizations’ ability to use data more “dynamically,” with the government arguing that the EU’s General Data Protection Regulation (GDPR), which was incorporated into UK law post-Brexit, is holding back innovative use of data in the digital age.

It argued there is currently an over-reliance on ‘box-ticking’ across all organizations to obtain consent from individuals to process their personal data to avoid non-compliance. Instead, the government wants to move to a risk-based approach, meaning the approach to data protection will differ depending on the relative risk of an individual organization’s data processing activities. For example, under the new proposals, certain businesses won’t be required to recruit a Data Protection Officer (DPO) or undertake lengthy impact assessments, provided they can manage the risks themselves.

Organizations will still be required to have a data privacy program; however, they will have more flexibility to determine how they meet data protection standards.

The new Bill also sets out plans to increase fines for nuisance calls and texts, building on the Privacy and Electronic Communications Regulations (PECR). The maximum fine for companies contacting people for marketing purposes without consent will rise from £500,000 to £17.5m or 4% of global turnover, whichever is higher.

Additionally, the laws aim to reduce the number of ‘user consent’ pop-ups and banners internet users are forced to click on while visiting websites. Currently, users have to opt-in to cookie collection every time they visit a new site, which collects data about their activities. Under the new proposals, it will be easier for internet users to set an overall approach to how their data is collected and used online, thereby significantly reducing the number of boxes they see.

The government added that it would work with the industry and regulator to ensure the technology required to allow people to set their online cookie preferences to opt-out via automated means is readily available before the changes are enacted.

Other areas included in the Bill include plans to modernize the UK Information Commissioner’s Office (ICO), simplify legal requirements around obtaining user consent for scientific research and improve data transfers between the UK and “like-minded countries.”

Digital Secretary Nadine Dorries commented: “Today is an important step in cementing post-Brexit Britain’s position as a science and tech superpower. Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection.”

“Outside of the EU, we can ensure people can control their personal data while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation.”

John Edwards, the UK Information Commissioner, said: “I share and support the ambition of these reforms.

“I am pleased to see the government has taken our concerns about independence on board. Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society. The proposed changes will ensure my office can continue to operate as a trusted, fair and impartial regulator and enable us to be more flexible and target our action in response to the greatest harms.

“We look forward to continuing to work constructively with the government as the proposals are progressed and will continue to monitor how these reforms are expressed in the Bill.”

What’s Hot on Infosecurity Magazine?