{"id":617737,"date":"2023-03-14T09:49:15","date_gmt":"2023-03-14T14:49:15","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/03\/14\/new-plans-for-a-gdpr-replacement-have-divided-britains-tech-sector\/"},"modified":"2023-03-14T09:49:15","modified_gmt":"2023-03-14T14:49:15","slug":"new-plans-for-a-gdpr-replacement-have-divided-britains-tech-sector","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/03\/14\/new-plans-for-a-gdpr-replacement-have-divided-britains-tech-sector\/","title":{"rendered":"New plans for a GDPR replacement have divided Britain\u2019s tech sector"},"content":{"rendered":"
\n

The UK has finally unveiled plans for its GDPR replacement: the Data Protection and Digital Information Bill (DPDIB). Introduced in Parliament last week, the bill aims to boost economic growth while protecting privacy.\u00a0<\/span><\/p>\n

The proposed rules<\/span><\/a> promise to reduce paperwork, slash costs, foster trade, and (please, Lord) cut down on cookie pop-ups. They also controversially claim to produce savings of more than \u00a34 billion over 10 years (more on that later).<\/span><\/p>\n

The shadow of the UK\u2019s withdrawal from the EU looms large over the plans. In its pitch for the bill, the government pledges to unleash an elusive Brexit dividend.<\/span><\/p>\n

\u201cOur system will be easier to understand, easier to comply with, and take advantage of the many opportunities of post-Brexit Britain,\u201d said Technology Minister Michelle Donelan in a statement. \u201cNo longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR.\u201d<\/span><\/p>\n

That\u2019s the plan, at least \u2014 but it\u2019s already proved divisive.\u00a0<\/span><\/p>\n

Cutting red tape<\/h2>\n

Data-driven trade makes a massive contribution to the UK\u2019s coffers. In 2021, it generated an estimated \u00a3259 billion and 85% of British service exports.<\/span><\/p>\n

The DPDIB envisions further rewards from simplified legal requirements.<\/span><\/p>\n

\u201cOur new laws release British businesses from unnecessary red tape to unlock new discoveries, drive forward next-generation technologies, create jobs, and boost our economy,\u201d said Donelan.<\/span><\/p>\n

All data regulations have to balance protecting people and promoting innovation. Under the GDPR, many companies became frustrated with the bureaucratic burdens. The DPDIB aims to tip the scales back towards business benefits.<\/span><\/p>\n

\n

\u201cIt was essential to clarify confusion and simplify administrative burdens.<\/p>\n<\/blockquote>\n

Chris Combemale, CEO of the Data and Marketing Association (DMA), collaborated with the government on the new rules. He expects the bill to provide \u201ca catalyst for innovation,\u201d while maintaining the privacy<\/a> protections needed for\u00a0consumer trust.<\/span><\/p>\n

\u201cIt was essential for the bill to safeguard the key ethical principles of existing laws, while clarifying areas of confusion and simplifying onerous administrative burdens on small businesses,\u201d Combemale tells TNW via email.<\/span><\/p>\n

The lighter<\/span> regulatory load is proving popular. Businesses have welcomed the simplified<\/span> requirements for <\/span>recordkeeping, processing personal data, and automated decision-making, as well<\/span> as the ability to<\/span> reject data access requests that are \u201cvexatious or excessive.\u201d Praise has also been heaped on the new <\/span>framework for digital IDs, extra resources for the UK\u2019s data watchdog, and<\/span> increased fines for nuisance calls and texts.<\/span><\/p>\n

Chris Vaughan of <\/span>Tanium<\/span><\/a>, an endpoint security company, says the new rules are more straightforward than the GDPR.\u00a0\u00a0<\/span><\/p>\n

\u201cOne major benefit brought by the new law is the reduction in business costs that GDPR creates \u2014 made even more welcome as organisations continue to struggle in the current economic landscape,\u201d Vaughan tells TNW.<\/span><\/p>\n

Relaxing rules, however, can also increase risks.<\/span><\/p>\n

Privacy dangers<\/h2>\n

Critics warn that the new laws will endanger citizens.<\/span> Upwards of 30 civil society groups have called for the bill to be dropped over concerns it will weaken data protection and harm marginalised groups.<\/span><\/p>\n

Colin Hayhurst from <\/span>Mojeek<\/span><\/a>, a privacy-<\/span>based search engine, is particularly troubled by the reduced accountability for \u201clow-risk\u201d data processing. He also worries that the bill is legislating too many complex issues at once.<\/span><\/p>\n

\u201cMy concern is that critical issues around innovations like AI will simply not get enough scrutiny or thought,\u201d says Hayhurst. \u201cIt\u2019s worth noting that the EU considers AI regulation such a complicated and important subject that it has <\/span>an entirely separate bill<\/span><\/a> dedicated to the matter.\u201d<\/span><\/p>\n

Hayhurst is particularly struck by the implications for AI<\/a> in research. The new bill gives commercial organisations the same freedoms as academics for any data<\/a> processing for research \u201cthat can reasonably be described as scientific.\u201d<\/span><\/p>\n

This could create big opportunities for businesses building AI with data collection. But it could provide even more power to large companies with research arms, such as Google\u2019s DeepMind and Meta\u2019s FAIR.<\/span><\/p>\n

\u201cBig tech companies with research groups can continue to harvest and use all the personal data they have, to train AI in their research activities,\u201d says Hayhurst. \u201cAll of this comes with risk; and unfortunately, this risk is overwhelmingly going to be shouldered by those whose data is fed into the machine, rather than the companies themselves.\u201d<\/span><\/p>\n

\"16928752317_2e39f492da_k_Sundar
Google\u2019s acquisition of DeepMind sparked fears that NHS patient data would be accessible to US healthcare companies.<\/span>\u00a0Credit: Maurizio Pesce<\/a><\/figcaption><\/figure>\n

To mitigate the risk, rules on responses to data access requests could be tightened \u2014 particularly when the data creates profit. A one-month deadline for replies may be appropriate for small companies, but not for global corporations with warehouses full of supercomputers.<\/span><\/p>\n

\u201cThere is an irony that companies are able to make it incredibly easy for themselves to collect data on a person and then very difficult for the person who owns the data to find out what data a company holds on them!\u201d says Hayhurst. \u201cThis is one area where a \u2018one size fits all\u2019 approach doesn\u2019t deliver for consumers.\u201d<\/span><\/p>\n

The digital economy<\/h2>\n

Despite his misgivings, Hayhurst acknowledges that the government has responded to feedback. Notably, a proposal to drop the balancing test for a \u201climited, generic, but exhaustive list of activities\u201d has not made it into the final text. However, concerns remain that businesses will be held to lower ethical standards.<\/span><\/p>\n

Critics are particularly wary of the reduced requirements for oversight, recording, and user control of data processing. <\/span>There is also extra room for data processing without an individual\u2019s consent. <\/span>These changes could leave the public both more at risk and less confident <\/span>in the digital economy.<\/span><\/p>\n

\n

\u201cThe government is selling out personal privacy for business benefits.<\/p>\n<\/blockquote>\n

\u201cIf businesses aren\u2019t aware of how much data is being collected, what for, and the implications of its use, how can they expect consumers to trust them with such information?\u201d asks Angel Maldonado, CEO of e-commerce firm<\/span> Empathy.<\/span><\/a><\/p>\n

Michael Queenan, CEO and co-founder of <\/span>Nephos Technologies<\/span><\/a>, takes the criticisms a step further.<\/span><\/p>\n

\u201cThe government has decided to sell out personal data privacy for business benefit and innovation,\u201d Queenan tells TNW. \u201cWhy else would it remove important, already adopted, global data protection steps?\u201d<\/span><\/p>\n

One motivation may be the potential savings. As previously mentioned, the reforms are predicted to unlock \u00a34.7 billion for the UK economy. But evidence for this claim is hard to find.<\/span><\/p>\n

The government references the figure <\/span>with a link<\/span><\/a>, which has been broken since we first saw the announcement<\/span>. The source <\/span>can be found<\/span><\/a> via the Wayback Machine, but the estimate it links was published back in July 2022 \u2014 when <\/span>a different version of the bill<\/span><\/a> was introduced. Critics <\/span>suspect that the \u00a34.7 billion estimate has little basis in reality.<\/span><\/p>\n

\u201cContrary to saving businesses billions, the bill could result in higher compliance costs and administrative burdens for businesses that operate in multiple jurisdictions,\u201d says Shaun Hurst, Principal Regulatory Advisor at regtech firm <\/span>Smarsh<\/span><\/a>.<\/span><\/p>\n

GDPR arrangements<\/h2>\n

Divergences from the GDPR are a recurring theme in pitches for the <\/span>DPDIB. The government has emphasised the benefits of these deviations, but they also threaten data transfers with the EU.<\/span><\/p>\n

The UK currently has EU data adequacy status, which protects the flow of data between both jurisdictions. MEPs, however, <\/span>have taken issue<\/span><\/a> with Britain\u2019s planned reforms. If they decide that the new bill doesn\u2019t meet the requisite standards, the adequacy agreement could be lost.\u00a0<\/span><\/p>\n

As a result, companies selling<\/span> in both the UK and EU would have to<\/span> c<\/span>omply with two sets of laws. Tech giants may be reluctant to develop product and policy variations for a new regime, while domestic firms could consider relocating to the union.<\/span><\/p>\n

\u201cBeing released from red tape will only be a benefit if business continues to be able to work with European citizens and their data across borders by taking advantage of the adequacy ruling that has applied to the UK since Brexit,\u201d says <\/span>Amanda Brock, CEO at <\/span>OpenUK<\/span><\/a>, a non-profit that represents open technology.<\/span><\/p>\n

\"Michelle
As the first secretary of state for the newly-created Department for Science, Innovation, and Technology (DSIT), Michelle Donelan is responsible for British tech regulation.<\/figcaption><\/figure>\n

The government has, however, publicly stressed the importance of maintaining data adequacy. Some privacy experts are also confident that the new measures will fulfil the EU\u2019s requirements. Yet even if <\/span>the UK retains data adequacy, firms that trade in the EU must meet the GDPR standards. Consequently, the main beneficiaries of the new regime may be <\/span>companies that only operate in the UK market.<\/span><\/p>\n

\u201cI think these so-called \u2018savings\u2019 will never materialise for most businesses,\u201d says <\/span>Farhad Divecha, founder of <\/span>AccuraCast<\/span><\/a>, a London-based digital marketing agency.<\/span> \u201cIf you have visitors from Europe or do business with Europe, you still have to comply with GDPR. So if anything, we\u2019ll end up having more complicated requirements that differ for your customer base in the UK versus in Europe.\u201d<\/span><\/p>\n

Nonetheless, the departure from the GDPR could have positive global outcomes. <\/span>Ilia Kolochenko, the founder of security firm <\/span>ImmuniWeb<\/span><\/a> and a member of Europol\u2019s Data Protection Experts Network, hopes the bill can influence the EU\u2019s rules.<\/span><\/p>\n

He fears that businesses are struggling with GDPR fatigue, inconsistent enforcement across member states, and the growing costs of formalistic compliance.<\/span><\/p>\n

\u201cEuropean companies would gain a significant competitive advantage on the global market if European GDPR goes through a similar set of improvements and simplifications,\u201d says Kolochenko.<\/span><\/p>\n

\u201cIf the trend of overregulation persists, we will probably see massive and deliberate non-compliance, as costs and penalties for non-major infringements will likely be much less important than costs of a holistic implementation of the mushrooming EU cybersecurity regulations and directives.\u201d<\/span><\/p>\n

It\u2019s a valiant call for balance, but one that\u2019s unlikely to gain consensus approval \u2014 just like every other argument on data protection. Despite these deep divisions, there\u2019s surely at least one thing on which we all can agree: \u201c<\/span>DPDIB\u201d is a hideous acronym.<\/span><\/p>\n<\/p><\/div>\n

Read More<\/a>
\n Thomas Macaulay<\/p>\n","protected":false},"excerpt":{"rendered":"

The UK has finally unveiled plans for its GDPR replacement: the Data Protection and Digital Information Bill (DPDIB). Introduced in Parliament last week, the bill aims to boost economic growth while protecting privacy.\u00a0 The proposed rules promise to reduce paperwork, slash costs, foster trade, and (please, Lord) cut down on cookie pop-ups. They also controversially<\/p>\n","protected":false},"author":1,"featured_media":617738,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[974,28890,46],"tags":[],"class_list":{"0":"post-617737","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-plans","8":"category-replacement","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/617737","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=617737"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/617737\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/617738"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=617737"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=617737"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=617737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}