On the day the UK is set to appoint its new prime minister, digital and culture secretary Nadine Dorries is introducing legislation in Parliament she promises will “drop unnecessary box-ticking and measures stifling British businesses.”
Getting its second reading in the House of Commons, the Data Protection and Digital Information Bill sets out how the UK plans to diverge from data protection legislation introduced during its membership of the European Union.
Dorries, appointed by outgoing prime minister Boris Johnson, is set to say the new data reforms would unlock growth and save businesses around £1 billion (c $1.15 billion) over the next 10 years, according to a press release her department published today.
She plans to tell the House the new rules would remove the prescriptive requirements of data laws inherited from the EU, giving organizations the flexibility to protect personal data in more proportionate ways rather than forcing them to all follow the same processes regardless of their size.
The legal changes would improve the UK’s ability to strike international data deals and make these partnerships more secure, allowing British businesses to seize billions of pounds of data trade as a reward of Brexit, according to Dorries.
In the press release, she said: “I believe changes are needed more than ever today, at a time of unprecedented pressure on the economy. We can’t afford to stick with the status quo, to keep prioritising process over results, and allowing unnecessary bureaucracy to stifle growth and innovation.
“If we were still in the EU, we’d have to keep following the current approach. Thanks to Brexit, we don’t. This data Bill is one of Brexit’s biggest rewards. It allows us to create a pro-growth, trusted system – one that is designed not for Brussels, but for the people of the UK,” said Dorries, who, representing the UK as its digital minister, reportedly asked Microsoft “when they were going to get rid of algorithms” earlier this year.
Not evident in the statement is the inconvenient fact that diverging too far from the EU’s data protection regime — the General Data Protection Directive — could have consequences for UK businesses which regularly share data with units based in the EU or its economic area.
In May, legal experts told The Register UK government plans to create new data protection laws could make more work and add costs for business, while also creating the possibility of challenges to data sharing between the EU and UK.
If the government’s legislation ends up too different from the EU’s GDPR, it could threaten the “adequacy” ruling which currently allows data sharing between the UK and Europe’s trading bloc.
“Companies with a footprint in EU and UK will not welcome proposals to diverge from GDPR. If the UK just goes on its own and tries to do something different from the EU it is going to be much more expensive for them. I don’t really see that data protection officers are hungry to do something different from GDPR,” Georgina Kon, technology and media partner at law firm, Linklaters said in May.
BCS, The Chartered Institute for IT, has also warned that proposed changes to Britain’s data protection rules put the adequacy ruling at risk.
Dr Sam De Silva, chair of BCS’s Law Specialist Group and a technology and data partner at international law firm CMS, said: “Any material deviation the UK adopts in relation to data protection does risk its adequacy status so I hope there will be a detailed and objective analysis undertaken to assess whether the benefits from UK’s data reform outweigh the risks of not continuing to have an adequacy status.
The second reading of the Data Protection and Digital Information Bill is set to begin in the Commons at 1430 UK time. ®