Yet another UK government seeks to reform GDPR
Yes, the law that needs to be harmonized with Europe for tech businesses' data to flow freely
The UK government has begun to introduce its latest update to data protection laws it claims will boost economic growth and public sector efficiency. The government said it expects it will keep the UK in line with the EU's GDPR.
Critics, on the other hand, have said the legislation could affect current privacy protections, allow automated decision-making that affects people's livelihoods, and potentially scrap safeguards for patient data.
Introduced in the House of Lords yesterday, the Data Use and Access Bill targets better efficiency in the National Health Service (NHS), the police force, and businesses with the new regime.
Technology minister Peter Kyle said: "Data is the DNA of modern life and quietly drives every aspect of our society and economy without us even noticing – from our NHS treatments and social interactions to our business and banking transactions.
"With laws that help us to use data securely and effectively, this Bill will help us boost the UK's economy, free up vital time for our front-line workers, and relieve people from unnecessary admin so that they can get on with their lives."
The Bill proposes a number of changes to UK GDPR, the legislation the UK retained from the EU's GDPR after Brexit. UK GDPR sits alongside an amended version of the Data Protection Act 2018, which previously enacted EU law.
The changes proposed to UK GDPR are unlikely to be sufficient to merit changes to data sharing arrangements with the EU, the UK's largest trading partner, legal experts have said.
Greg Palmer, partner at law firm Linklaters, said: "The new Data Use and Access Bill builds on a number of concepts in the reform proposals of the previous government, whilst removing some of the perceived passion for reform of data protection for its own sake.
"This will be welcomed by UK business as it avoids unnecessary divergence from the EU data protection regime and reduces the risk of the EU deciding the UK is not an 'adequate' jurisdiction for transfers of personal data."
Legislation would require IT suppliers for the health and care sector to ensure their systems meet common standards
In 2021, the EU gave the UK an "adequacy" ruling allowing data sharing between the two jurisdictions. The judgment remains under review. Earlier this week, a cross-party committee of the House of Lords said businesses and organizations such as the NHS would be hit by "significant" extra costs and red tape if the UK loses the right to exchange citizens' personal data seamlessly with the EU.
- NHS would be hit by 'significant' costs if UK loses EU data status, warn Lords
- US moves ahead with crackdown on data brokers selling to six 'countries of concern'
- Gary Marcus proposes generative AI boycott to push for regulation, tame Silicon Valley
- UK Regulatory Innovation Office vows to slash red tape – but we've heard it all before
However, privacy campaign groups argued the Bill reproduced many of what they see as the worst ideas contained in the previous Conservative government's proposed Data Protection and Digital Information Bill, which failed to pass into law before the July general election.
Open Rights Group legal and policy officer Mariano delli Santi said: "Strong data protection laws are an essential line of defense against harmful AI and automated decision-making systems which can be used to make life-changing decisions.
"The Data Use and Access Bill weakens our rights and gives companies and organizations more powers to use automated decisions. This is of particular concern in areas of policing, welfare and immigration where life-changing decisions could be made without human review."
Sam Smith, coordinator at health privacy campaign group medConfidential, said: "Giveaways to the Tory right are all still there, but there are no safeguards on patient data in the Bill – not cast-iron, not even lukewarm jelly safeguards."
The government claimed the new bill would provide a £10 billion ($13 billion) boost to the economy, free up 1.5 million hours of police time and 140,000 staff hours for the NHS every year.
It said "vital safeguards" would remain in place to track and monitor how personal data is used.
It said the legislation would require IT suppliers for the health and care sector to ensure their systems meet common standards to enable data sharing across platforms. ®