This article is more than 1 year old

Lawyers say changes to UK data law will make life harder for international businesses

Concerns raised over government drive to implement distinct post-Brexit policy

Legal experts say UK government plans to create new data protection laws will make more work and add costs for business, while also creating the possibility of challenges to data sharing between the EU and UK.

Last week, the Queen's Speech – in which the British government sets out its legislative plans – said the ruling Conservative party planned to replace the EU's General Data Protection Regulation (GDPR) to ease the burden on business with an approach to data protection that encourages innovation while retaining protection of personal data and privacy.

Companies with a footprint in EU and UK will not welcome proposals to diverge from GDPR

But Georgina Kon, technology and media partner at law firm Linklaters, said that since many large companies operate both in the EU and the UK, they would end up having to comply with two regimes.

"Companies with a footprint in EU and UK will not welcome proposals to diverge from GDPR. If the UK just goes on its own and tries to do something different from the EU it is going to be much more expensive for them. I don't really see that data protection offers are hungry to do something different from GDPR," she said.

Businesses had already "done a huge amount of work and spent a lot of money" complying with GDPR.

The political rhetoric around Brexit is likely to spur the Conservative government to set out the differences between UK data law and the EU's regime.

"I think the government is serious about this wanting to make a political point about Brexit," she said.

In documents released with the Queen's Speech, the government said new legislation would be aimed at "increasing the competitiveness and efficiencies of UK businesses by reducing the burdens they face, for example by creating a data protection framework that is focused on privacy outcomes rather than box-ticking."

Kon said: "There is some truth that the EU does require lots of documents to be drawn up and to be retained but a lot of the box-ticking is designed to help people think about compliance and also to make it easier for regulators to spot issues."

If the government's legislation ends up too different from GDPR, it could threaten the "adequacy" ruling which currently allows data sharing between the UK and Europe's trading bloc. The government's proposals also said planned legislation would enable "data to be shared more efficiently between public bodies, so that delivery of services can be improved for people."

However, Kon said sharing data between public bodies created the possibility of government surveillance on personal data. Similar concerns about data sharing in the US led to the Schrems II decision, when the EU Court of Justice struck down the so-called Privacy Shield data protection arrangements between the political bloc and the US, triggering a fresh wave of legal confusion over the transfer of EU subjects' data to America.

The EU and US officials have suggested they are getting close to an agreement that could replace Privacy Shield and comply with the court's ruling.

Dr Chris Pounder, director of data protection specialist training company Amberhawk, said the government was keen to show Europeans that the UK will go its own distinctive way with data protection. "However, there are serious risks of a significant degradation in privacy protection arising from the [Department for Digital, Culture, Media and Sport] proposals and from those changes proposed to Articles 8 and 10 of the Human Rights regime proposed by the Ministry of Justice." ®

More about


Send us news

Other stories you might like