The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️
UK publishes post-Brexit data protection laws
It’s here, it’s finally here! The Data Protection and Digital Information Bill.
This is the UK’s first significant post-Brexit data protection law. And the UK government has published the proposed bill.
The bill is only the start of this entire process, it remains to be seen how the bill will change as it moves through the legislative process, especially with the change in Leader that is currently happening in the UK.
What does this mean for DPOs, and how can you anticipate what the change in legislation will mean for your organization?
I’ll try to give a summary of some of the changes below:
Early indications are that the bill is more of a revolution than an evolution. This will come as a relief for companies that transfer personal data from the EU to the UK because it reduces the risk that the Eu might rescind the UK’s adequacy status.
The bill preserves the UK GDPR, the Data Protection Act 2018, and the PECR. Which could potentially mean a lot of cross-referencing.
Changes to what constitutes legitimate interests.
The possibility of refusing excessive data subject access requests.
Much higher fees for breaches.
Lots more exceptions to the requirements to obtain consent to cookies. This one has been a big part of the political debate around the new bill.
Proposals to regulate the use of AI.
Whatever happens in the coming months I’ll be sure to try my best to keep you updated as things develop.
Is EU-US privacy alignment inevitable?
So claims a Senior Counsel Data Privacy.
This article makes the interesting point that despite computer technology existing mainly in the US, it’s the EU where the standard of data protection is set.
This alignment is inevitable because the EU’s data privacy policy does not exist in isolation. This is often leveraged in trade deals and other global cooperation efforts.
As well as this, the current geopolitical situation means that there is enormous political will to find common ground. This is now achieved instantly, whereas in the past, it could take years.
As the article points out:
As the bonds and the economic cooperation go deeper and deeper, there are many avenues and initiatives for cooperation and discussion, such as the EU-US Trade and Technology Council. As things seem to accelerate rapidly, it is not possible to bridge all EU – US data privacy differences overnight. For this reason, we will very likely see a more modest, short-term solution with long term alignment in many areas of policy in the years to come.
You can read the entire piece here. But it seems that it’s a matter of time before the US implements a similar privacy act.