(Bloomberg) — The UK set out a plan to roll back data protection obligations and cookie consent boxes in an attempt to boost business and research.
A planned Data Reform Bill will cut “burdens on businesses to deliver around £1 billion ($1.23 billion) in cost savings” over ten years, the Department for Digital, Culture, Media and Sport said in a statement summarizing the legislation Thursday.
The announcement criticized the EU’s “highly complex” General Data Protection Regulation and promised a “clampdown on bureaucracy, red tape and pointless paperwork” to “seize the benefits of Brexit.”
Small British businesses will no longer be required to have a data protection officer and fill out “lengthy impact assessments.” Internet users will be given the option to opt-out rather than needing to opt-in for the collection of cookies — which track users around the internet. The government said the change will cut down on “the irritating boxes users currently see on every website”.
As Britain diverges from the bloc and faces legal action from Brussels for threatening the Northern Ireland protocol, Prime Minister Boris Johnson will have to balance apparent opportunities with the risk of jeopardizing a key deal signed last year guaranteeing data flows between the UK and the continent, which has a clause allowing for regular reviews.
A DCMS spokeswoman said that “as the Commission itself has made clear, EU adequacy decisions do not require countries to have the same rules. Our view is that these reforms are fully compatible with maintaining the free flow of personal data from Europe.”
The bill also increases fines for the perpetrators of nuisance calls and texts, and says researchers will not need to be as specific about why they’re collecting data: they could rely on a previous consent for “cancer research,” rather than getting a new approval for their particular study, for instance.
The government will also be able to exert more control over the country’s data watchdog, the Information Commissioner’s Office. Culture Secretary Nadine Dorries will have to approve its statutory codes and guidance before they are presented to Parliament.
The reforms look “modest” and less likely than some previous more radical suggestions to threaten data adequacy, Linklaters data lawyer Peter Church said via email.
“This is hardly a surprise given data protection laws are now a global norm and the GDPR is the template upon which many of those laws are based,” he said, adding though that “it’s not clear how the new regime will adequately protect individuals from excessive and intrusive internet tracking.”
(Updates with quotes from sixth paragraph)
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.
