Technology minister Michelle Donelan defends data reforms
Science, innovation and expertise secretary Michelle Donelan has stated {that a} extra agile method to dealing with data and privateness points is required to fulfill the challenges of the unfolding “technological revolution”, and dedicated to persevering with her “open door policy” with business.
Speaking at a data safety occasion hosted by the International Association of Privacy Professionals (IAPP), Donelan outlined the advantages of the UK authorities’s proposed data regime, which was launched to Parliament the day earlier than because the Data Protection and Digital Information (DPDI) Bill.
Noting that the invoice had been co-designed with business from the very starting, Donelan stated “industry engagement is my primary focus” and that she’s going to announce extra alternatives for alternate and collaboration of experience and concepts between authorities and the personal sector within the coming months.
“As part of that openness with industry, I will continue my open door policy that I’ve always taken as a minister, where new ideas and concerns are always welcome,” she stated. “Data protection laws have changed absolutely dramatically [over the past two decades]. But this change was incremental, piece by piece, building on best practice and constantly improving on what came before – our data bill represents the next step.”
Donelan famous, nonetheless, that the data invoice just isn’t all about business, and that previous to the invoice being printed, “many commentators made the mistake of assuming that prosperity for businesses and privacy for individuals is a zero-sum game”.
She added: “I don’t see it as a trade off at all. Successful businesses need competent consumers who are clear about what happens to their data and need to trust that it will be handled with transparency, with integrity and, of course, with responsibility.”
The “current one-size-fits-all, top-down approach” to data safety, Donelan stated, focuses an excessive amount of on “ticking boxes”, and has additionally led to “public disillusionment and confusion” that has finally broken confidence and assist for rules such because the DPDI Bill.
“Outdated protection and privacy certainly does not work unless the public and businesses buy into it and agree that it’s proportionate, and they agree with its aims,” she stated. “For too lengthy, data privateness protections have been one thing to get round, to dismiss, or to probably not perceive or worth.
“We want people to comply with our new data protection bill because they see and they understand the benefits for them and their businesses, not because they’re afraid of enforcement action, or bored of pop-ups – that’s why it’s really important we make it simple.”
However, she additionally famous the necessity for “real deterrence” to maintain data protected within the UK, including that the Information Commissioner’s Office (ICO) will probably be empowered beneath the DPDI Bill to levy fines as much as 35 occasions bigger than the present restrict.
“We’re also modernising the Information Commissioner’s Office as a whole, ensuring that it has the capabilities and the powers that it needs, the freedom to allocate its resources and better accountability to both Parliament and of course the public,” she stated. “The results of all of this will be overwhelmingly positive for the British public and our country.”
Reactions to the invoice
Although the total results of the invoice in observe are but to be understood, as the total textual content was solely printed 8 March, reactions to date have been blended.
Alistair Dent, chief technique officer at data science consultancy Profusion, stated there was lots to love within the announcement of the invoice, significantly across the certainty it’ll present for British companies.
However, he famous {that a} key challenge is whether or not the invoice will stay as much as its aim of making certain companies can proceed sending private data abroad through present worldwide switch mechanisms.
“This is very important to UK businesses, as failure to make it compatible with, for example, GDPR, will mean that companies which deal with EU citizen’s data will have to comply with both sets of legislation – which will significantly increase costs,” he stated.
“This bill is obviously at a very early stage and there’s a lot of areas that still need clarification – not least how it will be adequately enforced. We must remember that, despite its flaws, GDPR has really helped to improve online privacy and increase accountability for businesses. The government is very keen to be seen to be cutting red tape and using ‘common sense’ in its rule making, but this must not come at the expense of protecting people online.”
Georgina Graham, a data and expertise lawyer at regulation agency Osborne Clark, stated: “Businesses will be pleased to see the new measures designed to reduce paperwork and increase flexibility around compliance – for example, records of processing have turned into an administrative burden for many businesses, so this proposed change might genuinely save businesses time and costs. Conversely, consumers will likely be pleased to see the increase in fines for nuisance calls and texts.”
She added that, with the EU-UK data adequacy resolution scheduled for evaluate in 2024, “the UK government will need to be mindful of the risks involved in diverging too far from the EU GDPR” if it desires companies to proceed sending data to Europe.
Commenting on the invoice on the identical IAPP occasion however on a special panel, former info commissioner Elizabeth Denham stated: “The UK is walking that very fine line to make sure that we retain adequacy, and that’s what businesses in the UK want.”
She added, nonetheless, that she doesn’t suppose the modifications to the UK data safety regime are substantive, and would relatively see the UK be part of different international locations exterior the EU with “full throated support for a new way” for regulating data safety.
During the identical panel, Max Schrems, an Austrian lawyer who has been difficult the legality of varied worldwide data switch mechanisms for the reason that early 2010s, stated the UK’s data reforms imply the nation is not related from a European perspective when difficult poor data safety practices.
“If we go after a company, we’ll go after a UK company in Europe, we will go directly to Europe, it just is not relevant anymore from a litigation perspective,” he stated.
Michael Queenan, co-founder and CEO of UK data firm Nephos Technologies, stated the UK authorities has “decided to sell-out personal data privacy for business benefit and innovation” with the invoice.
“When you remove regulations, compliance becomes cheaper, but at what expense? This needs to be collectively addressed to genuinely encourage business growth, drive innovation and protect our data,” he stated.
“The new DSIT in principle is a good step, but it has its work cut out. Currently, promises are being made without adequate funding or tools to deliver. Besides, anyone who trades with other countries, including EU countries, will still have to comply with their data laws to be able to use the data of citizens from that country so I don’t really know how they can claim it makes international trade easier.”
