By Dave McKay | October 4, 2022
A UK-Specific Data Protection Framework?
The British government announced at the 2022 Conservative party conference at ICC Birmingham that it will replace the General Data Protection Regulation with a new British data protection system.
Culture secretary Michelle Donelan said the change is being made as the current EU GDPR is “limiting the potential of our businesses” and that the system will be more “business and consumer friendly”.
She went on to say:
“Our plan will protect consumer privacy and keep their data safe while retaining our data adequacy so that businesses can of course trade freely. I can promise that it will be simpler, it will be clearer, for businesses to navigate. No longer will our businesses be shackled by lots of unnecessary red tape."
To be frank, this smacks of clutching at straws to try to dredge up a justification for Brexit. The fact is, even if we abandon the GDPR for UK data subjects and use some other home-grown scheme, companies will still need to follow GDPR for EU nationals who are customers or employees. On top of that, any company that has a website that is accessible from Europe is currently (effectively) considered to trade in Europe.
Moreover, whatever we end up with will need to be acceptable to the European Commission. It will have to demonstrate that it provides at least as much protection for data subjects as the GDPR does. If it cannot, the UK will not receive a favourable adequacy decision.
If the UK does not obtain an adequacy decision for the new framework, businesses will face serious issues transferring data in and out of Europe. The knock-on effects will be massive. The implications for cloud computing alone are concerning. Data transfers to and from a datacentre located in the EU could be untenable at best and impossible at worst.
To put it mildly, this doesn’t strike me as well thought through.
source: Conference News