The UK’s new data bill would allow the state and corporations to circumvent EU rules, experts warned today.
Set to pass into law this autumn, the Data Protection and Digital Information (DPDI) Bill will amend the UK’s implementation of the GDPR.
The British government touts the bill as a post-Brexit chance to create a new data regime “tailor-made for our needs.” Ministers say the bill will cut red tape, reduce cookie pop-ups (please, Lord), and foster international trade. Over 10 years, they predict the bill will add £4.7 billion to the UK economy — a claim that’s been derided.
The plans have proven divisive. Businesses have endorsed the paperwork reduction, but critics fear the bill will wreck data rights — and not just in the UK.
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
“The DPDI Bill will rip up hard-won privacy protections,” said Mariano delli Santi, legal and policy officer for the Open Rights Group. “This will not only harm UK citizens but also the rights of Europeans living inside and outside of the UK.”
These concerns stem from post-Brexit data regulations. In June 2021, the European Commission permitted the free flow of personal data between the UK and EU without additional safeguards. This “adequacy decision” was premised on the UK following the same rules as EU member states.
That premise may now be under threat. In an open letter published today, 28 civil society groups and privacy specialists warned the Commission that the DPDI Bill will turn the UK into a “leaky valve.”
If passed, the bill would mean a wholesale deregulation of the UK’s data protection framework. According to the letter, the “dangerous” changes would allow private companies to evade EU rules by sheltering in the UK. The British government, meanwhile, would gain the power to override data protection principles “whenever it sees fit.”
As a result, European personal data could be accessed by UK authorities and sent to third countries without safeguards. The British government could also legalise invasive surveillance programmes that trump the rights of EU citizens.
If the proposals become law, the campaigners want the Commission to repeal the adequacy decision.
“The UK government’s determination to deregulate data protection is putting the adequacy agreement with the EU in jeopardy, which is a risk that the UK economy cannot afford,” said delli Santi.
Get the TNW newsletter
Get the most important tech news in your inbox each week.