Data Reform Bill plans to cut EU data law red tape
10 May 2022, 12:54
Proposals to reform UK data protection law were included in the Queen’s Speech.
A Data Reform Bill to enable the UK to reform its data protection regime and deviate from EU rules has been announced.
The Government said it wants to use Brexit as an opportunity to replace “highly complex” data protection laws inherited from the European Union.
The Bill, included in the Queen’s Speech, would be used to reform the existing General Data Protection Regulation (GDPR) and Data Protection Act, which the Government describes as complex and says currently encourages “excessive paperwork”.
The Government said the Bill would look to streamline data protection laws and cut red tape, reducing the burden on businesses by creating a more flexible, outcomes-focused approach “rather than box-ticking exercises” while also introducing clearer rules around personal data use.
Full details of the proposals have not yet been published, but it has been reported that as part of the reforms the web cookie consent banners that appear when visiting a website could be scrapped.
The Government said the changes would help increase the competitiveness of UK businesses and boost the economy.
The proposals also include plans to modernise the Information Commissioner’s Office, the UK’s data watchdog, to make sure it has the capabilities and powers to take stronger action against organisations that breach data rules.
Rafi Azim-Khan, head of data privacy at law firm Pillsbury, said the Government’s plans for data reform were not surprising, but warned against a large departure from EU law, which could risk the UK’s data adequacy ruling from the EU, which recognises the UK’s data protection standards post-Brexit and allows the continued flow of data between the two.
“There has been quite a lot of talk of the UK reforming its data laws, so this isn’t a bolt from the blue by any means,” he said.
“I think there will still be quite a bit of nervousness from businesses in the weeks ahead though.
“Any significant departure from the GDPR would not only mean renewed compliance efforts, but also potentially risk the UK’s EU data adequacy ruling.
“I’d imagine we’d see more of a pruning than root and branch reform, but hopefully we’re not left waiting too long to find out.”
