New plans to replace GDPR split UK tech

The UK has finally unveiled its alternative to the GDPR, the Data Protection and Digital Information Bill (DPDIB). The bill, which was introduced to Congress last week, aims to promote economic growth while protecting privacy.

Proposed rule We promise to reduce paperwork, reduce costs, facilitate transactions, and (please Lord) reduce cookie pop-ups. They also claim that over ten years he generated over £4 billion in savings (more on this later).

The UK’s exit from the EU casts a heavy shadow on the plan. In the bill pitch, the government promises to unlock the elusive Brexit dividend.

“Our system will be easier to understand and comply with, allowing us to take advantage of Britain’s many opportunities post-Brexit,” Technology Secretary Michelle Donnellan said in a statement. “Our businesses and citizens no longer need to be caught up in a barrier-based European GDPR.”

At least that’s the plan, but it’s already proven to be divisive.

cut the red tape

Data-driven trade is making a significant contribution to the UK’s coffers. In 2021, it will generate an estimated £259bn and 85% of UK services exports.

DPDIB envisions further rewards from simplified legal requirements.

“Our new legislation will free UK businesses from unnecessary bureaucracy, unlock new discoveries, drive next-generation technology, create jobs and boost the economy,” Donnellan said. increase.

All data regulation must balance protecting people and fostering innovation. Under GDPR, many businesses have become frustrated with the bureaucratic burden. DPDIB aims to bring scale back to business benefit.

“It was imperative to clarify the confusion and simplify the administrative burden.

Chris Combemale, CEO of the Data and Marketing Association (DMA), has worked with the government on the new regulations. He hopes the bill will provide a “catalyst for innovation” privacy Necessary protection for consumer trust.

“It was essential that this bill would protect important ethical principles in existing legislation while also clarifying areas of confusion and simplifying the burdensome administrative burden for small businesses,” Combemale said. told TNW in an email.

Writer Regulatory loads have proven to be common.Businesses welcome simplification the requirements of Record keeping, personal data processing and automated decision-making as the ability to Deny “annoying or excessive” data access requests.The new work has also received rave reviews. A framework for digital identities, additional resources for the UK data watchdog, and Increased fines for spam calls and text messages.

Chris Vaughan taniumEndpoint security company says the new rules are simpler than the GDPR.

“One of the main benefits of the new legislation is the business cost savings that GDPR will create, which is even more welcome as organizations continue to struggle in the current economic climate,” Vaughan told TNW. I’m talking

However, relaxing the rules can also increase risk.

privacy risk

Critics warn that the new law puts citizens at risk. More than 30 civil society groups are calling for the bill to be withdrawn over concerns that it will undermine data protections and harm marginalized groups.

Colin Hayhurst Mozik,privacy-Based search engines have been particularly plagued by declining accountability for “low-risk” data processing. He is also concerned that the bill enacts too many complex issues at once.

“My concern is that critical issues around innovation like AI are not receiving enough scrutiny and consideration,” says Hayhurst. “It is worth noting that the EU sees AI regulation as a very complex and important issue. completely separate invoice concentrate on this issue. ”

Hayhurst, in particular, AI Researching. The new bill gives commercial organizations the same freedoms as academics for any purpose. data Processing for research that is “reasonably described as being scientific”.

This could present huge opportunities for companies building AI on data collection. But larger companies with research arm such as Google’s DeepMind and Meta’s FAIR could offer even more power.

“Large technology companies with research groups can continue to collect and use all personal data in their possession to train AI in their research efforts,” says Hayhurst. “This all comes with risks. Unfortunately, this risk is overwhelmingly borne by the people whose data is fed to the machines, not the companies themselves.”

To mitigate risk, rules around responding to data access requests can be tightened, especially if the data is profitable. A one-month response deadline may be fine for a small company, but it’s not a good fit for a global company with warehouses full of supercomputers.

“The irony is that while companies can easily collect data about individuals themselves, they make it very difficult for data owners to find the data they hold,” Hayhurst says. . “This is one area where he can’t serve consumers with a ‘one-size-fits-all’ approach.”

digital economy

Despite the concerns, Hayhurst acknowledges the government has acted on the feedback. In particular, the proposal to remove the Balance His test for “a limited, general but exhaustive list of activities” is not included in the final text. However, concerns remain that companies will be held to lower ethical standards.

Critics are particularly wary of the relaxed requirements for monitoring, recording and user control over data processing. There is also room for processing data without the individual’s consent. These changes may leave the public more at risk and less confident in the digital economy.

“Governments are selling out individual privacy for business gain.

“If businesses are unaware of the amount of data collected, its purpose, and the implications of its use, how can we expect consumers to trust businesses with such information?” CEO Angel Maldonado asks: sympathy.

Michael Quinan, CEO and Co-Founder Nephos Technologiestakes the criticism one step further.

“The government has decided to sell personal data privacy for business benefit and innovation,” Queenan told TNW. “Is there any other reason to remove critical, already-in-place, global data protection procedures?”

One motivation may be potential savings. As previously mentioned, the reform is projected to bring her £4.7bn in profits to the UK economy. However, evidence for this claim is difficult to find.

The government is referring to the numbers with linkhas been broken since the first time I saw the announcement.Origin can find Via the Wayback Machine, but the quote it links to was published in July 2022. Different versions of invoices was introduced.critic I suspect the £4.7bn estimate is largely unfounded.

“As opposed to saving businesses billions of dollars, this bill could result in higher compliance costs and administrative burdens for businesses operating in multiple jurisdictions.” , said Sean Hurst, Principal Regulatory Advisor at RegTech Firms. smash.

GDPR agreement

Deviations from the GDPR are DPDIB. Governments have emphasized the benefits of these deviations, but they also threaten data transfers with the EU.

The UK now has EU data adequacy status, which protects the flow of data between both jurisdictions. However, MEPs are regarded as a problem In Britain’s planned reforms. If they decide the new bill does not meet the required standards, the sufficiency agreement could be lost.

As a result, companies selling both in the UK and the EU cWith only two sets of laws. Tech giants may be reluctant to develop product and policy variations for the new regime, while domestic firms may consider moving to unions.

“It would be an advantage to be relieved of red tape only if businesses could continue to deal with European citizens and their data across borders, using the adequacy ruling that has been in force in the UK since Brexit. It will be. Amanda Bullock CEO Open UKis a non-profit organization representing open technology.

However, governments have publicly stressed the importance of maintaining data validity. Some privacy experts believe the new measures will meet EU requirements.nevertheless The UK holds data validity and companies doing business in the EU must meet GDPR standards. As a result, the main beneficiaries of the new regime are: Companies operating exclusively in the UK market.

“I think these so-called ‘savings’ will never materialize for most businesses. Founder of Fahad Dibecha acura casta digital marketing agency based in London. “Even if you have visitors from Europe or are doing business with Europe, you still need to comply with the GDPR. It will be.”

That said, moving away from GDPR could have positive consequences globally. Security company founder Ilya Korochenko Immuniweb A member of Europol’s network of data protection experts, he hopes the bill will influence EU rules.

He worries that businesses are suffering from GDPR fatigue, inconsistent enforcement across member states, and the rising cost of formal compliance.

“European businesses will have a significant competitive advantage in the global market if the European GDPR goes through a similar series of improvements and simplifications,” says Korotchenko.

“If the trend of over-regulation continues, the costs and penalties for non-serious breaches will likely outweigh the costs of the overall implementation of the burgeoning EU cybersecurity regulations and directives, so large-scale and deliberate You will see non-compliance.”

This is a brave call to balance, but like all data protection debates, consensus approval is unlikely. There is at least one thing we can agree on.DPDIB” is a horrible acronym.