Data Protection Reforms Must Not Put UK and EU Data Flow at Risk

The UK Government has been warned that changes to GDPR rules must protect the UK’s data adequacy arrangement with the EU.
IT experts have cautioned the UK Government that their proposed data protection reforms must not put UK and the EU data flows at risk.

The Government has announced plans in the Queen’s Speech to reform rules around complex General Data Protection Regulation (GDPR) laws inherited from the EU with a new, post-Brexit, Data Reform Bill.

Since the advent of Brexit, the Conservative government has signalled its intent to overhaul data protection laws.

Ministers said their new Bill would better organise data protection rules and cut red tape, provide greater flexibility for British firms, establish a data protection framework that focuses on privacy and deliver more than £1 billion in business savings over ten years.

How the government intends to achieve this is yet to be fully revealed, however. The draught bill is expected to be released this summer.

But industry experts from BCS, the Charted Institute for IT, have warned the government against any major changes to the transfer of data between the UK and the EU.

IT experts have called for any changes to protect the UK’s existing data adequacy arrangement to match those of the EU, allowing for the smooth flow of data between the two.

A wide range of businesses and sectors in the UK rely on data transfers with the EU to run their businesses and carry out their services, and its loss could have serious ramifications across the UK.

Dr Sam De Silva, chairman of BCS’s law specialist group, commented: “Any material deviation the UK adopts in relation to data protection does risk its adequacy status so I hope there will be a detailed and objective analysis undertaken to assess whether the benefits from the UK’s data reform outweigh the risks of not continuing to have an adequacy status.”

He added: “What was in the Queen’s Speech in relation to the reform of data protection was not surprising, because it generally follows the principles outlined in the Government’s Consultation Paper on Reforms to the UK Data Protection Regime – ‘Data: A New Direction’.”

Under the Government’s currently unpublished plans, existing UK-GDPR and data protection laws would be altered, with the removal of cookie consent banners on websites said to be among the proposed changes.

“However, of course, the devil will be in the detail – which we do not have sight of yet,” Dr De Silva said, adding that the cookie consent banner reform specifically might not have a drastic impact of the UK-EU data relationship.

“If that detail reveals that the web cookie consent banners are to be removed, whilst that appears radical, organisations would still be required to comply with the UK GDPR principles on lawfulness, fairness and transparency when using cookies or similar technologies,” he added.