BCS, the Chartered Institute for IT, has warned that the Government’s proposed changes to data protection rules must not put the flow of data between the EU and the UK at risk.
The professional body for IT has published a statement saying any benefits of a leaner data protection regime should not come at the expense of the UK’s current data adequacy arrangement with the EU.
The Government said in the Queen’s speech it was keen to replace “highly complex” data protection laws inherited from the EU with a new Data Reform Bill. This would change the existing General Data Protection Regulation (GDPR) and the UK Data Protection Act with the aim of cutting red tape.
While the Government said this would help increase the competitiveness of UK businesses and boost the economy, there are concerns it could undermine the data adequacy agreements with the EU, under which it recognises UK regulations on the use of personal data are in line with GDPR and the Law Enforcement Directive.
This plays a significant role in supporting business and enabling any exchange of data in public services.
Devil in detail
Dr Sam De Silva (pictured), chair of BCS Law Specialist Group and a technology and data partner at international law firm CMS said: “What was in the Queen’s Speech in relation to the reform of data protection was not surprising, because it generally follows the principles outlined in the Government’s Consultation Paper on Reforms to the UK Data Protection Regime – ‘Data: A New Direction’.
“However, of course the devil will be in the detail – which we do not have sight of yet. If that detail reveals that the web cookie consent banners are to be removed, whilst that appears radical, organisations would still be required to comply with the UK GDPR principles on lawfulness, fairness and transparency when using cookies or similar technologies.
“So whilst the change may mean it is easier to comply with PECR (Privacy and Electronic Communications Regulations) and would reduce some of the current cookie consent requirements, it will be interesting to see the position in the bill in relation to consent when cookies are used for marketing, real time bidding or building profiles of users. The latter of course is where the majority of the tracking activity by organisations is done.
“Of course, any material deviation the UK adopts in relation to data protection does risk its adequacy status so I hope there will be a detailed and objective analysis undertaken to assess whether the benefits from UK’s data reform outweigh the risks of not continuing to have an adequacy status.”