New avenues for the UK – or a road block ahead?

The government issued its extensive data protection consultation document back in September. Now, just a few days remain of the consultation period which ends on 19 November. We have studied the proposals in detail – much of it is aimed at cutting red tape and boosting innovation. The plans would reduce GDPR protections which are onerous in part. But are the changes justified just to make life easier for companies? At the end of the day, data protection is about individuals. Large organisations that PL&B deals with are likely to stick to GDPR standards anyway due to their international presence.

Some of the changes seem to have been put forward just to test the waters. For example, is there a need to change DPO requirements as someone will have to do the job anyway, or be part of a person’s job in all organisations. On the other hand, no doubt there is support for reducing the data breach notification duty. It occupies much time both at the ICO and at companies which have felt obliged to report even small breaches with no real risk to individuals.

Much of the consultation is about Artificial Intelligence. One of the more radical proposals is removing Article 22 of the UK GDPR, (the right not to be subject to a decision based solely on automated processing) as recommended by the Taskforce on Innovation, Growth and Regulatory Reform (PL&B UK Report July 2021).

Is all this a step too far for retaining EU adequacy? The EU has so far been silent, as this is after all just a consultation at this point.

Read how to process employees’ location data within the parameters of the law. This is a topical issue now that many more people work from home. The ICO recently called for views on its employment practices code which is being revised to meet these new challenges. We also report on enforcement trends in the UK and abroad, and what is required by the ICO for a Transfer Risk Assessment document.

Laura Linkomies
Editor, Privacy Laws & Business

November 2021