UK's attempts to rewrite laws could risk data arrangement with the EU
The EU can terminate its adequacy decision with the UK, in cases where developments affect users' privacy
The EU Commission has warned that it will closely monitor any changes to the UK's data rules, and will cancel its data-sharing agreement with London if new rules are found to pose a threat to the privacy of EU citizens.
"When adopting the EU adequacy decisions, the Commission was fully aware of the risk of possible further divergences of the UK system from the EU system," a spokesperson told Reuters.
"This is why in case of problematic developments that negatively affect the level of protection found adequate, the adequacy decision can be suspended, terminated or amended at any time by the Commission."
The warning came immediately after the UK government announced that it would reform the data rules that it agreed as an EU member, last week. The government said it would adopt a 'common sense' approach going forward, to help secure new data arrangements with the United States, Australia and other nations to break down barriers and boost trade after Brexit.
The digital ministry said that new data adequacy arrangements mean organisations would not be required to implement expensive compliance measures to share personal data globally when doing business.
As part of the proposed reforms, the UK plans to remove cookie pop-ups that tell people that they are being tracked online - although the cynical could see conflating these and the GDPR, as the government seems to be doing, as an attempt to garner public support for scrapping data privacy legislation.
The Secretary of State for Digital, Culture, Media and Sport, Oliver Dowden, told The Telegraph that the warning were "pointless," and that anything that did not pose a "high risk" to user privacy would be banished.
The government is also planning to loosen rules that apply to personal data use by small businesses and charities in the UK.
"Now that we have left the EU, I'm determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK," he added.
Earlier this year, Dowden said that Britain needs to take a "slightly less European approach" on privacy, and should focus more on the results that "we want to have" following the country's exit from the European Union.
The UK announced its own version of the GDPR shortly after Brexit, which the EU recognised, enabling the seamless flow of data to continue between the two regions. But the government now wants to strike new data adequacy deals with other countries.
Some experts are concerned over the move. They have warned that the UK risks hurting businesses, by moving away from the data protection standards the EU requires for the free flow of data between the two regions.
"Today's announcements put the UK on a collision path with the EU, but also more widely with civil society organisations, with the likelihood of serious domestic data litigation in the future," Adam Rose, data protection partner at law firm Mishcon de Reya, told the Financial Times.
Lilian Edwards, law professor at Newcastle University, said the announcement on cookie notification "smacks of being a smokescreen" disguising a broader weakening of good data protection practices (told you - Ed.).
"This sort of pro-Brexit talk-up is likely to achieve almost nothing - as any firm contracting with the EU and many other countries will in any case have to stick to GDPR standards - and merely jeopardise our fragile and crucial adequacy agreement," she added.
The government also announced last week that New Zealand's Privacy Commissioner, John Edwards, was its preferred candidate for the job of Information Commissioner: the person heading the UK's data regulator, the Information Commissioner's Office (ICO).
If appointed, Edwards will replace the current Information Commissioner Elizabeth Denham, who has been criticised for failing to take effective steps to tackle social media giants.
The government said the new Information Commissioner would 'go beyond the regulator's traditional role,' saying the role would be 'balanced' between protecting rights and promoting 'innovation and economic growth'.