Proposed changes to UK data protection law must not jeopardize the flow of data between the UK and EU, IT experts warn.
As part of the Queen’s Speech, the government announced plans to reform “highly complex” data laws inherited from the EU with a new post-Brexit data reform bill.
Ministers said the new law will streamline data protection rules and cut red tape, helping businesses and the economy.
However, industry experts from BCS, the Charted Institute for IT, have called for changes to protect the UK’s existing data adequacy agreement with the EU – where the bloc recognizes the UK’s post-Brexit data protection standards as being in line with those of the EU and therefore allows the continuous flow of data between the two.
A wide range of companies and sectors rely on the transfer of personal data to the EU to conduct their business and deliver their services, and the loss of this seamless flow could have a significant impact.
“Any material departure that the UK adopts in relation to data protection puts its adequacy status at risk, so I hope that a detailed and objective analysis will be carried out to assess whether the benefits of UK data reform outweigh the risks, if not continues to have an adequacy status,” said Dr. Sam De Silva, Chair of BCS’ Legal Specialist Group.
He added that the overall aim of the government’s proposals was “not surprising” and generally followed a previously published consultation paper on the subject.
Under the government’s plans – which have yet to be fully released – the existing General Data Protection Regulation (GDPR) and Data Protection Act would be reformed, with proposed changes to include the removal of cookie consent banners on websites.
“However, the devil will of course be in the detail – we don’t have an eye on that yet,” said Dr. De Silva, adding that the cookie consent banner reform in particular may not have a drastic impact on the UK-EU data relationship.
“If this detail shows the need to remove the web cookie consent banners, as radical as it may seem, businesses would still need to comply with the UK GDPR principles of lawfulness, fairness and transparency when using cookies or similar technologies,” he said .