The UK has published its response to a consultation on pulling out of GDPR, claiming that this could save British businesses £1 billion per year.
In what it describes as ‘a clampdown on bureaucracy, red tape and pointless paperwork’, the government says that the current EU data protection rules place disproportionate burdens on small businesses including startups.
It claims that with the introduction of the Data Reform Bill, the same high data protection standards will remain in place, but that organisations will have more flexibility to determine how they meet these standards.
Small businesses, it says, will no longer have to appoint a Data Protection Officer (DPO) or undertake data protection impact assessments (DPIAs).
“Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection,” says digital secretary Nadine Dorries.
“Outside of the EU, we can ensure people can control their personal data, while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation.”
The bill also addresses an abiding concern for the government by cutting down on ‘user consent’ pop-ups and banners. It plans to introduce an opt-in model and allow users to set their online cookie preferences to opt out via automated means, for example via their internet browser settings.
There are also plans to modernize the Information Commissioner’s Office (ICO) with with a clear framework of objectives and duties.
“I am pleased to see the government has taken our concerns about independence on board. Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society,” says information commissioner John Edwards.
“The proposed changes will ensure my office can continue to operate as a trusted, fair and impartial regulator, and enable us to be more flexible and target our action in response to the greatest harms.”
However, there remains significant opposition to the bill.
“The UK GDPR affords important protections to women, workers, patients, migrants, ethnic minorities, LGBT communities and everyone else,” says the Open Rights Group.
“The Data Reform Bill will endanger all this, if DCMS make the wrong calls and keep carrying out the consultation without regard of due process.”
The Open Rights Group is one of more than 30 civil society organisations to have expressed deep concerns about the bill, and particularly over the lack of consultation. In the letter, the groups express concern that the government “is keen to work with sympathising businesses and respondents of their choice while ignoring ordinary citizens and everyone who criticises their proposals.”
And while the government is claiming that the new rules will bring a boost for business, others are not so sure. The UK may not be able to maintain its data protection adequacy status with the EU – especially as it was already on shaky ground over concerns about how British security agencies collect personal data.