Technology minister Michelle Donelan defends data reforms

Reactions to the invoice

Although the complete results of the invoice in apply are but to be understood, as the complete textual content was solely printed 8 March, reactions to this point have been combined.

Alistair Dent, chief technique officer at data science consultancy Profusion, mentioned there was quite a bit to love within the announcement of the invoice, notably across the certainty it would present for British companies.

However, he famous {that a} key subject is whether or not the invoice will reside as much as its purpose of making certain companies can proceed sending private data abroad through current worldwide switch mechanisms.

“This is very important to UK businesses, as failure to make it compatible with, for example, GDPR, will mean that companies which deal with EU citizen’s data will have to comply with both sets of legislation – which will significantly increase costs,” he mentioned.

“This bill is obviously at a very early stage and there’s a lot of areas that still need clarification – not least how it will be adequately enforced. We must remember that, despite its flaws, GDPR has really helped to improve online privacy and increase accountability for businesses. The government is very keen to be seen to be cutting red tape and using ‘common sense’ in its rule making, but this must not come at the expense of protecting people online.”

Georgina Graham, a data and know-how lawyer at regulation agency Osborne Clark, mentioned: “Businesses will be pleased to see the new measures designed to reduce paperwork and increase flexibility around compliance – for example, records of processing have turned into an administrative burden for many businesses, so this proposed change might genuinely save businesses time and costs. Conversely, consumers will likely be pleased to see the increase in fines for nuisance calls and texts.”

She added that, with the EU-UK data adequacy resolution scheduled for overview in 2024, “the UK government will need to be mindful of the risks involved in diverging too far from the EU GDPR” if it desires companies to proceed sending data to Europe.

Commenting on the invoice on the similar IAPP occasion however on a unique panel, former data commissioner Elizabeth Denham mentioned: “The UK is walking that very fine line to make sure that we retain adequacy, and that’s what businesses in the UK want.”

She added, nonetheless, that she doesn’t suppose the adjustments to the UK data safety regime are substantive, and would reasonably see the UK be part of different nations outdoors the EU with “full throated support for a new way” for regulating data safety.

During the identical panel, Max Schrems, an Austrian lawyer who has been difficult the legality of assorted worldwide data switch mechanisms because the early 2010s, mentioned the UK’s data reforms imply the nation is now not related from a European perspective when difficult poor data safety practices.

“If we go after a company, we’ll go after a UK company in Europe, we will go directly to Europe, it just is not relevant anymore from a litigation perspective,” he mentioned.

Michael Queenan, co-founder and CEO of UK data firm Nephos Technologies, mentioned the UK authorities has “decided to sell-out personal data privacy for business benefit and innovation” with the invoice.

“When you remove regulations, compliance becomes cheaper, but at what expense? This needs to be collectively addressed to genuinely encourage business growth, drive innovation and protect our data,” he mentioned.

“The new DSIT in principle is a good step, but it has its work cut out. Currently, promises are being made without adequate funding or tools to deliver. Besides, anyone who trades with other countries, including EU countries, will still have to comply with their data laws to be able to use the data of citizens from that country so I don’t really know how they can claim it makes international trade easier.”