The U.K. government plans to relax its privacy rules and strike new data transfer agreements with the U.S. and other countries in a move to reform data regulations since leaving the European Union last year.
New British data protection rules would differ from the EU’s General Data Protection Regulation, according to the government’s proposal published Thursday. The nature of those changes will be crucial for determining whether the U.K. can maintain a separate data agreement completed in June with the EU that requires British privacy standards remain equivalent to the union’s rules. U.K. officials will have the tricky task of balancing the legal changes with the requirements for remaining within EU guidelines.
The U.K. government said the new privacy rules will be innovation-friendly and allow for easier data-sharing while eliminating “box-ticking” measures from the EU rules. British Digital Secretary Oliver Dowden told the Telegraph newspaper that the EU GDPR requires websites to display onerous banners asking for consent to track visitors’ data.
A revised approach to data sharing would help develop better scientific and technology research, the U.K. proposal said, referring to the country’s public healthcare database of hospital patients’ X-rays and images that helped researchers understand the disease and quickly develop treatment during the Covid-19 pandemic.
The government said it would open its proposals for public comments in the coming weeks before making legal changes.
Companies and research organizations that operate in the U.K. and Europe say they are concerned the changes could topple the post-Brexit deal.
“If the EU revokes the data sharing agreement with the U.K., costly and burdensome alternative transfer mechanisms will need to be put in place for personal data to continue to flow, creating additional barriers, costs and bureaucracy,” said Rosie Richards, senior European policy manager at the NHS Confederation of healthcare providers in the U.K. National Health Service.
Legislative changes to make the GDPR rules more flexible would be good for businesses and innovation, said Emanuel Adam, executive director of the London office of BritishAmerican Business, a business association. “There are certainly things that can be improved,” he said.
However, many companies don’t want to diverge too much from the GDPR, the 2018 privacy law that applies in the 27 EU countries. Drastic changes to the U.K.’s rules might not only jeopardize the EU data agreement, but might also mean companies that operate in the EU and Britain would need to spend more time and money to comply with both systems, he said.
A report commissioned by the U.K. government from members of parliament and published in June recommended replacing the GDPR with a system that is less intrusive, though the government isn’t obligated to follow the report.
A spokesman for the European Commission, the EU executive body that negotiates data-transfer deals on behalf of the bloc, said the commission is closely monitoring developments related to the U.K.’s data-protection rules and can suspend or end the EU-U.K. agreement.
If the U.K.’s data policies change significantly and the European Commission doesn’t end the EU-U.K. data deal, companies in Europe will be at a disadvantage because British companies could do business in the EU while following less stringent rules, said Sophie in ‘t Veld, a Dutch member of the European Parliament. “That would be unfair competition,” she said.
The U.K. government said it wants to “quickly and creatively” conclude new data-transfer agreements with 10 priority countries including the U.S., Australia, Colombia and South Korea. Separately, the EU is negotiating such a deal with the U.S. after the top EU court ruled that the previous Privacy Shield agreement was illegal.
Never miss a story! Stay connected and informed with Mint.
our App Now!!