The UK has released details of its Personal Data Reform Bill, which is expected to change the privacy framework contained in the post-Brexit UK version of the GDPR.
The proposal, published on Friday (17 June) in response to a consultation, plans to restructure the UK Data Protection Authority,information commissioner office (ICO), to introduce a withdrawal option model (get out off) for cookie consent and to make it easier for London to establish new data sharing with other countries.
The Data Reform Bill was originally announced at the beginning of the year during the annual presentation of the Queen’s Speech, the legislative event of the year, and aims to transform data protection and privacy when the UK implemented GDPR in 2018.
The EU ruled in 2019 that the UK’s data protection regime was strong enough to allow data transfer between the UK and the EU to continue, but included measures to reverse that decision. “Sunset Section” That would require a re-evaluation and renewal of the decision in 2024.
The final impact of the reforms, even if they differ significantly from EU standards, remains to be seen, some observers noted.
“Although many of these improvements seem significant, they may have limited impact in practice.”Robert Bateman, content manager for the GRC World Forum, told EURACTIV. “Many organizations that operate in both the UK and the EU are unlikely to change much as they will still have to adhere to strict EU rules.”
information commissioner office
A key element of the plan is a proposal “To modernize” ICO, which oversees data security in the UK. Under the plan, the Information Commissioner, who is the top official of the organization, will be replaced by a chairman, CEO and board of directors, and will be assigned to the ICO. “new goals”,
According to the government, these would allow for better parliamentary and public scrutiny and put greater emphasis on growth, innovation and competition. It will also improve the way ICO codes and statutory guidance are developed, including bringing in an expert panel and requiring the approval of the Secretary of State before such work is presented in Parliament.
Britain’s current Information Commissioner John Edwards on Friday welcomed the government’s proposals.
data protection administration
Another key objective of the reforms is to give businesses more flexibility in how they meet data protection standards, to reduce the disproportionate administrative burden to the government.
According to Mr Bateman, planned reforms in these areas are among the most important proposals and could lead to a number of measures that are currently mandatory voluntary.
The proposal suggests, for example, that small businesses will not need to use a data protection officer (DPO) to conduct a data protection impact assessment (DPIA) of their data management approach. risk if they can independently prove that it is sufficient.
“An organization cannot take disciplinary measures against its DPO for performance of its functions”Mr Bateman said. “This means that a DPO can, in theory, protect the rights of data subjects, even if it goes against the interests of the organization. »
Bojana Bellamy, President Information Policy Leadership CenterHowever, it welcomed a more risk- and consequences-based approach to privacy management, on the grounds that it would provide better and more proportionate protection.
“This is by no means the end of DPOs and DPIAs, as companies will still need to prove how they oversee the program and manage risk”He told EURACTIV, steps taken by other governments in this direction indicate that it is a “global trend”,
international data transfer
The reforms are also expected to boost the UK’s ability to promote data transfer links with international partners. The bill provides that the International Council of Data Transfer Experts, a grouping of organisations, technology companies and academia, shall be empowered to remove barriers to data flow.
London has expressed its desire to establish new data partnerships with countries such as the United States, Australia, Singapore and the Republic of Korea, raising concerns from Brussels, which fears that if flows between the EU and the United Kingdom are parallel. continues, data is not transferred, by necessity, to third countries whose privacy standards are deemed inadequate for European citizens.
“UK Government is right to consider changing the data flow rules and mechanisms”Ms. Bellamy said. “This is a huge compliance and legal issue for all businesses, big and small. It is not sustainable in the long term. ,
Cookies, calls and research
The government is also planning to impose fines for unwanted commercial calls and messages. If this amount is exceeded, the bill would increase the maximum fine from £500,000 to £17.5 million, or 4% of worldwide turnover.
Existing rules will also be updated to reduce pop up of cookie consent by establishing an opt-out model that applies to an individual’s Internet browser.
Researchers will also benefit from greater flexibility and clarity in the use of data. In practice, this may mean that people will be asked whether they consent to using their data for research in a particular area of study rather than for a specific project within that field.
Organizer. Zombie aficionado. Wannabe reader. Passionate writer. Twitter lover. Music scholar. Web expert.