The British government wants to weaken data protection

The British government has proposed a data protection reform that significantly weakens previous standards. Despite the UK’s exit from the European Union, the existing law on the General Data Protection Regulation (GDPR) remains in effect. That should change with the Digital Data and Information Protection Act. It was introduced in the British House of Commons this week. The change in law could have serious consequences for the flow of data between the UK and the EU.

Essentially, the new law aims to ease data protection requirements for companies, saving £1 billion a year in costs. Companies no longer need a data protection officer, just a responsible person. From now on, you can decline people’s requests for their private information if those requests are “abusive or excessive”. The law also establishes the ability to use personal information at will for “research purposes.” However, the research definition is so broad that “private companies developing any type of product can point to it,” criticizes data protection researcher Michael Vail. on Twitter.

Since Britain left the European Union in early 2020, voices within the ruling Conservative Party have repeatedly announced plans to weaken its data protection laws in order to “unleash” the economy. else Former Finance Minister Rishi Sunak saidHe, who is likely to be the favorite to succeed Boris Johnson as prime minister, said he wanted to end the overly complex regulatory framework of the GDPR, which “prevents British tech companies from innovating and public authorities from sharing crime-fighting data”.

Fixing cookies is a godsend for data traders

The British government announced a few weeks ago that the planned reform would begin Wanting to get rid of annoying cookie banners. The fix aims to make it easier to store a “Do Not Track” signal in the browser, but also to allow data to be collected for “statistical purposes” outside of website boundaries – a remedy for data traders, As confirmed by data protection expert Phil. This is particularly practical for political parties, because the draft identifies “democratic participation” as a legitimate reason for processing personal data.

The bill should also make it easier for law enforcement authorities. Police no longer have to specifically justify why they have access to certain sets of data. This gives the police leeway to adapt their reasoning as desired, like an elephant. Further amendments are also possible, as the draft gives the British government the opportunity to adapt data protection law directly through regulations without parliamentary involvement. Viel asserts that “this should not happen in a parliamentary democracy, it is an abuse of power and should not happen”.

It remains unclear how quickly the proposed amendment will become law, as the UK is currently going through a deep government crisis. The law is not expected to be debated in Parliament until the fall, when the ruling Conservatives have found a successor to Boris Johnson. Even then, there will likely be significant resistance from civil society – the Open Rights Group has done it already announced“To fight tooth and claw” proposal.

Data flowing into the European Union may be subject to scrutiny

It also remains unclear what effects the planned changes will have on data flows in the European Union. For a good year now, the EU Commission has made two decisions that are enough for the UK Comparable data protection standard – There are similar decisions for Japan, Australia and other countries. For now, the EU Commission has left it open about whether lowering the data protection standard could have consequences for the decision – it did not initially respond to a short-term request from netzpolitik.org. However, the decision provides for an assessment to be made if there have been significant changes in legal standards in the UK. “That is why we have put in place extensive safeguards and if circumstances change on the part of the UK we will intervene immediately,” he said. EU Commissioner Vera Jourova said: In June 2021.

The Commission’s “Privacy Shield” decision, which has so far given the free flow of data to the United States a legal basis, shows how politically sensitive such decisions can be. The European Court of Justice has struck down the “Privacy Shield” in a lawsuit brought by Max Schrems. The reason for this is mass surveillance by US intelligence, against which no adequate preventive measures have been taken. Despite significant skepticism, the EU Commission is working on a subsequent regulation. The British government and its secret services are also responsible for extensive surveillance programmes. The data flows to Great Britain also is not immune to legal uncertainty because of this.