The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO’s favourite weekly read ☕️

The UK lays out proposed new data protection laws

So the UK has finally opened up on its plans to reform current data protection laws.

I mentioned this proposed post-Brexit data regime a few weeks back.

There are a few interesting points here:

• The government has suggested that ‘organisations that have already invested significant time and efforts into EU data protection laws compliance’ will not be required to make substantial changes.

• The UK claims these updates will save £1bn in 10 years. Outside of overusing the term ‘EU red tape,’ there’s no clear justification for this figure or why it’s over ten years.

• A significant change is that the reform bill will try to address cookie opt-in consent banners. The aim is to set an overall approach to how an individual’s data will be collected and stored. They hint at this being done at the browser level. There’s no clarity on if it would be possible to set different settings for different services.

• The UK says it is still considering how to amend Article 22 of the UK GDPR - so keep your eyes peeled for news in this area.

Many of these suggestions seem to focus on aspects of the GDPR that have demonstrated teething issues.

But the devil is in the detail - without setting out how this will work in practice, it’s hard to understand what this will mean for businesses of all sizes.

Another great illustration that, as DPOs, we need to be able to adapt to changing regulations across the regions in which we operate.

Does Congress finally have a deal on data privacy?

For decades, US lawmakers have sought to pass comprehensive federal data protection legislation. But it’s something that has struggled to ever pass a deeply divided Congress.

However, this week this idea has moved one step closer to being a reality.

This idea is called the American Data Privacy and Protection act. And this week, lawmakers on both sides of the aisle made clear that they are the closest they have ever been to establishing federal data protection laws.

This is the closest we’ve come to establishing a national standard — a standard that many have said for a long time is urgently needed. - Rep. Cathy McMorris Rodgers

The measures allow for Americans to access, correct, and request the deletion of any personal data companies have collected on them.

Only time will tell if the act will win bipartisan support. But this could be one of the most significant changes of recent times for American businesses and how they collect and use data.

Other interesting links

• Around £13m in data privacy fines are still unpaid.

• The UK government is holding a call for views on plans to improve the security and privacy of apps and app stores.