Post-Brexit UK to overhaul privacy rules in an attempt to increase effectiveness while maintaining adequacy with the EU and other nations.
The British government is looking forward to creating new privacy rules based on “common sense, not box-ticking”. The new privacy rules might drift the UK away from the EU data protection regulations, including the 2018 GDPR, which still guided the framework of their post-Brexit UK-GDPR privacy rules. According to the culture secretary, this may put an end to the irritating cookie popups and consents requests online. However, the new regime has to qualify for the EU’s adequacy requirement, otherwise continued data transfer between the UK and EU may be affected.
After October, a new Information Commissioner will be appointed to replace Elizabeth Denham.
The culture secretary aims at developing a globally leading data policy that will help businesses and individuals across the UK. The government plans on giving this daunting task of overseeing the transformation to John Edwards, who will be appointed as the new Information Commissioner. He is currently the Privacy Commissioner of New Zealand, and the UK’s preferred choice to replace the current Information Commissioner, Elizabeth Denham, after the current tenure ends on October 31st.
Will the new rules help small businesses or result in more trade and investment barriers?
Whereas cookie consent rules have been widely criticised by the industry and the users, they represent a tiny portion of the current (UK) GDPR framework, and are unlikely to be decisive when it comes to mutual adequacy between nations. The bigger picture is the current freedom to transfer data between the UK and the EU/EEA based on the current European Commission adequacy decision, which still gives UK-based tech companies an edge. “Putting that in jeopardy would likely offset any benefits for tech startups in terms of compliance regime simplification,” comments Dr Bostjan Makarovic, Aphaia’s Managing Partner. ‘We must also be aware that the UK consumers have gotten accustomed to a high degree of privacy protection, and they hardly see the current UK GDPR as an unnecessary bureaucratic burden.’
