UK to consider divergence from GDPR but could be constrained by EU adequacy requirements

Thu 26 Aug 2021
Posted by: William Barns-Graham
Trade News

British data standards could be set to diverge from the EU’s as the government seeks to deliver its ‘Brexit dividend’ for UK businesses, a government minister has said. 

The government will be launching proposals to move away from elements of the General Data Protection Regulation (GDPR) that was introduced by the EU in 2018.

Cookies

Culture secretary Oliver Dowden said in an interview with the Telegraph that planned reforms will cut down on the requirement in GDPR for organisations to request user consent for ‘cookies’ to track a user’s browser data history when visiting their website.

He said that rules like this one were “pointless”.

Ministers will also reportedly scrutinise whether consumers should continue to have to repeatedly provide consent for their data to be used for similar or near-identical purposes in fields such as scientific research and clinical trials. 

Opportunity

According to Bdaily News Dowden said: “Now that we have left the EU I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK. It means reforming our own data laws so that they’re based on common sense, not box-ticking.”

He added: “That means seeking exciting new international data partnerships with some of the world’s fastest growing economies, for the benefit of British firms and British customers alike.”

Framework

Eduardo Ustaran, a co-head of the global privacy and cybersecurity practice at the law firm Hogan Lovells, said the UK can move away from aspects of GDPR while maintaining its overall framework.

“What this means in practice is that the way in which international data flows are approached is not identical to the way the same data flows are treated in the EU,” he said. “But this doesn’t necessarily mean that the protection is going away.”

He added: “What the UK government is testing is our ability to recognise that the protection of personal data around the world comes in different shapes and forms but can still be effective.”

Adequacy

The Guardian notes however that changes will be constrained by the need to offer a new regime that the EU deems ‘adequate’, otherwise some data transfers between the UK and EU could be frozen.

The EU deemed the UK’s data laws as adequately secure in June, allowing data to continue flowing freely between the UK and EU.