Donelan hints at replacing GDPR with British alternative
But industry is confused by the scrapping of Data Reform Bill
The UK will replace the EU's General Data Protection Regulation (GDPR) with its own simpler system, according to Digital Secretary Michele Donelan.
Speaking at the Conservative Party conference in Birmingham on Monday, Donelan - Secretary of State for Digital, Culture, Media and Sport - said the Government wants to switch to a "business- and consumer-friendly" replacement of the GDPR.
"Our plan will protect consumer privacy and keep their data safe, whilst retaining our data adequacy so businesses can trade freely," she told delegates, adding that the new system would be "simpler" and "clearer" for businesses to navigate.
"No longer will our businesses be shackled by lots of unnecessary red tape."
She said the new system emphasise "growth and common sense" (two words beloved by the Tory Party, but in little evidence in the last decade - Ed.) and will work to secure data privacy while preventing losses from cyberattacks and data breaches.
"This will allow us to reduce the needless regulations and business-stifling elements, while taking the best bits from others around the world to form a truly bespoke, British system of data protection."
The EU implemented the GDPR in 2018, altering how businesses acquire, use and safeguard the personal information of EU citizens.
Given that the Government has already declared its intention to draft a new Data Reform Bill that would be distinct from the existing GDPR and Data Protection Act, many people found Donelan's remarks confusing.
"We had the Data Reform Bill, it had some sensible enough changes whilst also towing EU adequacy line," Alexander Milner-Smith, partner at Lewis Silkin's Data & Privacy Group, told City AM. "Whether we need further change really is questionable. It already arguably struck that balance, so this latest news seems a little redundant."
The Government announced the Data Reform Bill in May as part of the Queen's Speech. It was scheduled for its second reading in Parliament on 5th September, the day the outcome of the Conservative leadership election was announced. However, the debate was cancelled when Liz Truss was declared the winner.
Previously, the Johnson Government had said it wished to use Brexit as an opportunity to reform the "highly complex" data protection laws inherited from the EU.
Industry reaction is confused
The Information Commissioner's Office said it was 'pleased to hear the Government's commitment to protecting people's privacy, preserving adequacy and simplifying data protection law.'
Tech businesses, though, have reservations about the move.
Anthony Drake, director of tech advisory ISG, said Donelan's statement was more of a headline generator than anything practical for business. He added that a guideline on this issue is "a tough balance to get right."
While it was desirable that the GDPR burden be reduced for small businesses, Drake said, organisations that operate from the UK into the EU would still need to comply with both the GDPR and the new UK requirements.
"The introduction of new, competing regulations will do little to lessen the burden of red tape."
Robin Röhm, CEO of data collaboration platform Apheris, said the plans, if put into effect, might make it more difficult for businesses in the EU and UK to exchange data across borders.
In February last year, the EU determined the UK presently provides a level of data protection that is basically similar to both the GDPR and the Law Enforcement Directive (LED). However, the EU reserves the right to amend its position if UK legislation deviates too far from EU law.