security

New plans for a GDPR replacement have divided UK tech – TNW


The UK has finally unveiled plans for its GDPR replacement: the Data Protection and Digital Information Bill (DPDIB). Introduced in Parliament last week, the bill aims to boost economic growth while protecting privacy. 

The proposed rules promise to reduce paperwork, slash costs, foster trade, and (please, Lord) cut down on cookie pop-ups. They also controversially claim to produce savings of more than £4 billion over 10 years (more on that later).

The shadow of the UK’s withdrawal from the EU looms large over the plans. In its pitch for the bill, the government pledges to unleash an elusive Brexit dividend.

“Our system will be easier to understand, easier to comply with, and take advantage of the many opportunities of post-Brexit Britain,” said Technology Minister Michelle Donelan in a statement. “No longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR.”

That’s the plan, at least — but it’s already proved divisive. 

Cutting red tape

Data-driven trade makes a massive contribution to the UK’s coffers. In 2021, it generated an estimated £259 billion and 85% of British service exports.

The DPDIB envisions further rewards from simplified legal requirements.

“Our new laws release British businesses from unnecessary red tape to unlock new discoveries, drive forward next-generation technologies, create jobs, and boost our economy,” said Donelan.

All data regulations have to balance protecting people and promoting innovation. Under the GDPR, many companies became frustrated with the bureaucratic burdens. The DPDIB aims to tip the scales back towards business benefits.

“It was essential to clarify confusion and simplify administrative burdens.

Chris Combemale, CEO of the Data and Marketing Association (DMA), collaborated with the government on the new rules. He expects the bill to provide “a catalyst for innovation,” while maintaining the privacy protections needed for consumer trust.

“It was essential for the bill to safeguard the key ethical principles of existing laws, while clarifying areas of confusion and simplifying onerous administrative burdens on small businesses,” Combemale tells TNW via email.

The lighter regulatory load is proving popular. Businesses have welcomed the simplified requirements for recordkeeping, processing personal data, and automated decision-making, as well as the ability to reject data access requests that are “vexatious or excessive.” Praise has also been heaped on the new framework for digital IDs, extra resources for the UK’s data watchdog, and increased fines for nuisance calls and texts.

Readers Also Like:  Scammers posed as tech support to hack US agencies, NSA says - WTOK

Chris Vaughan of Tanium, an endpoint security company, says the new rules are more straightforward than the GDPR.  

“One major benefit brought by the new law is the reduction in business costs that GDPR creates — made even more welcome as organisations continue to struggle in the current economic landscape,” Vaughan tells TNW.

Relaxing rules, however, can also increase risks.

Privacy dangers

Critics warn that the new laws will endanger citizens. Upwards of 30 civil society groups have called for the bill to be dropped over concerns it will weaken data protection and harm marginalised groups.

Colin Hayhurst from Mojeek, a privacy-based search engine, is particularly troubled by the reduced accountability for “low-risk” data processing. He also worries that the bill is legislating too many complex issues at once.

“My concern is that critical issues around innovations like AI will simply not get enough scrutiny or thought,” says Hayhurst. “It’s worth noting that the EU considers AI regulation such a complicated and important subject that it has an entirely separate bill dedicated to the matter.”

Hayhurst is particularly struck by the implications for AI in research. The new bill gives commercial organisations the same freedoms as academics for any data processing for research “that can reasonably be described as scientific.”

This could create big opportunities for businesses building AI with data collection. But it could provide even more power to large companies with research arms, such as Google’s DeepMind and Meta’s FAIR.

“Big tech companies with research groups can continue to harvest and use all the personal data they have, to train AI in their research activities,” says Hayhurst. “All of this comes with risk; and unfortunately, this risk is overwhelmingly going to be shouldered by those whose data is fed into the machine, rather than the companies themselves.”

16928752317_2e39f492da_k_Sundar Pichai by Maurizio Pesce

This website uses cookies. By continuing to use this site, you accept our use of cookies.