Save content
Have you found this content useful? Use the button above to save it to your profile.
Perils of planned GDPR reforms
iStock_ra2studio_Chaotic planning

The dangers of chaotic GDPR reform

by

Brexit was built on calls to cut EU red tape, but as the government stumbles from one attempted GDPR reform to another, Bill Mew asks whether the unintended consequences of these moves will end up outweighing any potential value.

5th Oct 2022
Save content
Have you found this content useful? Use the button above to save it to your profile.

The current government appears to be a great deal better at identifying costs than devising more effective alternatives or considering the consequences of its own actions. The European Union was seen as an enormous drag on the UK economy, with numerous pre-Brexit studies focusing on the cost of its bureaucracy without really focusing on the implications or costs of any alternative arrangements.

As we have seen with the Northern Ireland protocol and the added bureaucracy now facing all UK firms wanting to export to the EU, these unintended consequences can be considerable.

Even with the recent mini-budget, the policy wonks focused on the potential boost to the economy from trickle-down economics, without bothering to fully cost the proposals or think what the impact of massive uncosted tax cuts might be on the UK’s economic credibility. The impacts can be seen in the recent fluctuations in the value of the pound and government gilts.

True to form, they are at it again in the field of data protection. 

Desperate for Brexit benefits

In a desperate attempt to find anything that could be reasonably described as a benefit from Brexit, the government is looking for regulations and red tape that can be dispensed with. Feeding into that urge was a working paper penned by researchers based at Oxford University that identified reducing red tape as a means of unlocking economic growth. The paper estimated that GDPR was responsible for reducing businesses profits by as much as 8%.

The first attempt to reduce the burden of GDPR was outlined in the Data Protection and Digital Information (DPDI) bill. This was not received well and was criticised by many privacy and compliance professionals, who pointed out that the policy wonks simply didn't understand how it works, in much the same way that they underestimated the customs overhead that would be caused by Brexit. 

In feedback to the DPDI proposals, experts pointed out that any organisation doing business with the EU will need to continue to abide by the EU version of GDPR whatever. Thus rather than saving anything from the introduction of a simplified UK version, most businesses would face the increased overhead and cost of having to abide by two different regulations in parallel. 

The original DPDI proposals were meant to have amended rules for personal data processing in areas like consent for online tracking and data for scientific research as well as for public sector data use and sharing. The aim was also to ease the regulatory burden of GDPR’s “one-size-fits-all” approach on small businesses. The role of Data Protection Officers was to be changed, along with that of the UK data regulator itself.

The planned changes were projected to yield savings for UK businesses of more than £1bn over 10 years.

The government was somewhat taken aback however when commentators were underwhelmed by these argued benefits and far more concerned by what could be significant unintended consequences. 

Careful what you wish for

While partial exemptions for small businesses are seen as promising, most other organisations question the need for divergence from EU regulations that will apply to them anyway, especially when any such reform could call into question the adequacy of UK data protection and its alignment with the EU version of GDPR. 

The European Commission carries out a regular, detailed assessment of the UK’s laws and systems for protecting personal data to decide whether to designate UK legislation as adequate. In the last evaluation round, the UK Home Office’s Investigatory Powers Unit was cited as being in contravention of GDPR, but this was fortunately overlooked with the decision being made in the UK’s favour.

The US was less fortunate with intrusive extraterritorial legislation such as the Clarifying Lawful Overseas Use of Data (CLOUD) Act and secret FISA warrants leading to a challenge in the EU courts (known as Schrems II) which eventually overturned Privacy Shield, the data sharing agreement between the US and EU.

Recently however the US and UK have implemented a new data access agreement for data sharing between their respective law enforcement agencies to help to combat serious crimes in both countries. This could well be interpreted under the Schrems II ruling as extending the US’s intrusive extraterritorial laws and its mass surveillance regime to the UK. 

The UK’s current adequacy decision is expected to last until 27 June 2025. Any further alignment with the US or divergence from GDPR will compound existing concerns over its renewal. And while alignment with the US may aid law enforcement, it won’t necessarily open the door to any transatlantic trade agreement. However, if the UK is unable to renew its data sharing arrangement with its nearest and largest trading partner, this will massively compound the cross channel difficulties already being experienced as a result of Brexit.

Time for a rethink

The DPDI bill has now been put on hold, while the government rethinks its approach. The fear is that its fervour for reform may lead to another set of proposals that overplay the anticipated advantages of divergence, while failing to appreciate its potentially catastrophic consequences.

Replies (32)

Please login or register to join the discussion.

avatar
By 2TunTed
06th Oct 2022 10:38

On the basis of their efforts so far, they should leave this well alone. Clearing up the mess of the first few weeks is going to take a while.

Thanks (0)
avatar
By AndrewV12
06th Oct 2022 10:57

'In a desperate attempt to find anything that could be reasonably described as a benefit from Brexit, the government is looking for regulations and red tape that can be dispensed with. '

As I have pointed out, surely MTD is un-necessary Red tape.

Thanks (4)
Replying to AndrewV12:
avatar
By paul.benny
06th Oct 2022 11:46

Only those with a non-existent relationship with truth could describe abolition of MTD for income tax (were it to happen) as a benefit of brexit.

Thanks (0)
Stuart Walker Yellow Tomato Copy
By winton50
06th Oct 2022 10:59

The problem is that getting rid of red tape can mean anything and is guaranteed to get the pub bore nodding away in agreement but without any specifics about what that actually means.

Similarly, there are many people that dislike having to follow rules that actually protect all of us.

GDPR has been a massive pain the backside but it has forced businesses to take data protection seriously and be more responsible with our information.

Anyone remember Dido Harding and the Talk Talk breach?

Sure there are companies that use GDPR as an excuse much in the way that people used to blame the EU for stuff that was in fact down to poor management.

There are companies that apply GDPR poorly.

But neither of these are good reasons to get rid of the regulations.

Perhaps if they want to get rid of red tape the government should start looking at the trauma that is going on with exporting to the EU.

Thanks (1)
Replying to winton50:
avatar
By paul.benny
06th Oct 2022 11:49

winton50 wrote:
.. if they want to get rid of red tape the government should start looking at the trauma that is going on with exporting to the EU.

That's all the fault of those wicked people in the EU for applying their own rules to imports from the UK. The same rules that always applied to goods from outside the EU.

Thanks (1)
Replying to winton50:
avatar
By Trethi Teg
07th Oct 2022 07:42

Whole rafts of society should be exempt from GDPR e.g. church groups, sporting clubs, sole traders, small companies less than "x" staff etc etc.

Worry about Amazon, Facebook, banks, insurance companies etc but leave the rest alone.

Thanks (0)
Replying to winton50:
avatar
By AndrewV12
07th Oct 2022 09:16

Lets not forget one persons red tape is another persons workers rights.

Thanks (0)
avatar
By mkowl
06th Oct 2022 11:23

I think we can safely see this political class generation intellect wise is pretty low on the bar

Thanks (0)
Replying to mkowl:
avatar
By tedbuck
06th Oct 2022 12:18

Not convinced it is the politicians whose intellect is below the bar. After all they merely direct policy. (Not that I have much time for them but still ..) Surely we are back to a malfunctioning Civil Service that makes rules for the sake of preserving their own jobs and making everyone else's life more difficult.
Just look at the money being thrown at MTD for ITSA and think how better it could be spent elsewhere. The same probably applies to most bureaucracy and they keep wondering why productivity is poor. I mean just look at our job - boxes to tick everywhere - standards to adhere to that make accounts run to 15 or more pages when five would do and all to comply with 'standards' that are totally irrelevant to most small businesses. It doesn't even make accounts more intelligible most of the time - I mean who on earth actually reads all the rubbish notes?

Thanks (1)
avatar
By johnjenkins
06th Oct 2022 12:38

The mess of GDPR cannot be blamed on Brexit (by the way I voted out). The EU's GDPR was taken and extended beyond belief by our Government. Now let me think why?????????? Liz has said she wants less Government meddling. She made a good start by getting rid of IR35, or was that just to get the IT people back so that she could meddle further?

Thanks (1)
Replying to johnjenkins:
avatar
By Hugo Fair
06th Oct 2022 16:50

Careful you don't swallow the hook along with the bait, John.

"She made a good start by getting rid of IR35" ... but she didn't/hasn't.
The announcement was merely to roll back the last two sets of legislation - so that 'determination' of worker/non-worker status reverts back to the contractor, who is then on the hook for repulsing any attacks from HMRC.

Thanks (4)
Replying to Hugo Fair:
avatar
By johnjenkins
07th Oct 2022 10:12

I take your point, only time will tell if I'm right. To me this is the first step in getting rid of IR35. Let's face it you can't have a growth policy and the not get rid of stuff that inhibits that growth.

Thanks (1)
Replying to johnjenkins:
Stuart Walker Yellow Tomato Copy
By winton50
06th Oct 2022 16:50

johnjenkins wrote:

The mess of GDPR cannot be blamed on Brexit (by the way I voted out). The EU's GDPR was taken and extended beyond belief by our Government. Now let me think why?????????? Liz has said she wants less Government meddling. She made a good start by getting rid of IR35, or was that just to get the IT people back so that she could meddle further?


Which bits specifically were extended between EU and UKGDPR?
Thanks (1)
Replying to winton50:
avatar
By Paul Crowley
07th Oct 2022 09:17

I suspect john means that the UK took it seriously.

Thanks (0)
Replying to winton50:
avatar
By johnjenkins
07th Oct 2022 10:17

The main one is the collection of personal data for National Security etc. which leads me to believe that any personal data can be collected.

Thanks (0)
avatar
By listerramjet
06th Oct 2022 14:05

Am I alone in thinking we have far too much regulation, most of it pointless?

Thanks (0)
Replying to listerramjet:
avatar
By johnjenkins
06th Oct 2022 14:43

No

Thanks (0)
Replying to listerramjet:
avatar
By paul.benny
06th Oct 2022 17:09

For every piece of regulation that *you* think is pointless or unnecessary, you will find another person who thinks it's essential. And vice versa.

Thanks (1)
Replying to paul.benny:
avatar
By Hugo Fair
06th Oct 2022 18:52

... but often not in equal volumes (of naysayers and supporters), which is of course where the fun/problem starts.

In the real world (as opposed to platforms like this), the opposing views - which are often more a matter of priority than out-and-out opposition - might once have expected to get an equal hearing before some 'expert group' made a decision.
However it is now increasingly a matter of 'populism' or who shouts loudest.

Thanks (1)
Chris M
By mr. mischief
07th Oct 2022 07:08

Who will win this exciting battle between Brexit fantasy and hard reality? For an accurate prediction, ask the people of Northern Ireland!

Thanks (1)
Replying to mr. mischief:
avatar
By johnjenkins
07th Oct 2022 10:33

If the EU use common sense then there is nothing to resolve. No border whatsoever.
The problem is the EU want restrictions where you can't really have them. The EU should solve the problem of illegal immigrants coming from France first. The EU is defunct as it is, so a new agreement between European countries should be considered without the idealism of one country with one Parliament etc. USSR didn't work and the only reason why the USA works is that different states have different rules (e.g. death penalty in one state but not another). Ask someone who comes from Texas where they come from. They say I'm a Texan not an American.

Thanks (0)
Replying to johnjenkins:
Chris M
By mr. mischief
10th Oct 2022 11:54

Thanks for that UKIP party political broadcast. This is the sort of Brexity drivel which has confronted hard reality since 2016. Latest score:

Brexiteers 0 EU 9

(but 1,000 appeals for penalties by the Brexiteers have been turned down by VAR, otherwise it would all have been different.)

Thanks (0)
Replying to mr. mischief:
avatar
By johnjenkins
10th Oct 2022 12:22

Hard reality is not having any border at all. It's called common sense, which I'm afraid the EU are well short of. So come on Mr clever cloggs what is wrong with having no border? Oh silly me, you don't like the thought of the UK going it alone and prefer a country called Europe (or whatever) don't you? Of course you're entitled to your opinion but isn't it about time you and your ilk started pulling towards a United Kingdom instead of this constant "blame it on brexit" gripe. As for UKIP, got the job done didn't they?

Thanks (0)
avatar
By Agutter Accounts
02nd Nov 2022 10:25

All Brexit has done is replaced one set of red tape with another. Who outside Britain will recognise new post-Brexit standards vis a vis EU ones? European standards are widely recognised beyond Europe's boundaries.

But as Forrest Gump would say "stupid is as stupid does".

Thanks (0)
Replying to Agutter Accounts:
avatar
By johnjenkins
02nd Nov 2022 12:49

British standards have been, are and always will be much higher than EU standards and are recognised worldwide.
Wherever you go there is red tape so your statement doesn't mean anything. I say again to you, stop living in the past and get behind the UK as it moves forward in a world, which is not only going through a major crisis, but a rather complicated change while it finds a substitute for Communism and Capitalism.

Thanks (0)
Replying to johnjenkins:
avatar
By Agutter Accounts
03rd Nov 2022 15:57

Many EU members have standards above the EU minimum. Britain is not alone in that at all. What you fail to realise is that being part of the EU standards regime facilitates access to a large market on our doorstep. Your absurd Brexit has put up barriers to that and crashed cross-Channel trade as a result.

It is you who is living in the past. Any possibility of "Global Britain" died with the Empire thank goodness and was gone by 1970. But still our leaders seem to think letting their gobs go about confronting all and sundry they do not like is a good idea. That is why we have had disasters like Iraq and Afghanistan.

What we are doing confronting China on the other side of the world I do not know. We do not have the resources. Those need to go to defence in Europe, especially with Putin on the loose. That has been a wake up call for NATO.

As a member of the European Movement I am part of what will be the future. The younger generation is strongly in favour of an eventual return to the EU, and I firmly believe that will happen. Without that crucial membership Britain has no future.

Thanks (0)
Replying to Agutter Accounts:
avatar
By johnjenkins
04th Nov 2022 12:05

I also believe in a strong Europe and I also believe that there will be an agreement in the future but certainly not in its present form. As I previously said to make it work you have to have common sense and flexibility. We could start with an agreement based on USA and then tweek it to cater for the needs and idiosyncrasies of the countries involved. This "you will do this and that" attitude from EU will never work, especially with us Brits. The middle East and Africa was always going to be a disaster. Reason being the world is getting smaller with the high tech we have and people want more. Trying to get the balance between old ways and new technology with new ways is very difficult and will lead to a lot more confrontation.

Thanks (0)
Replying to johnjenkins:
avatar
By Agutter Accounts
05th Nov 2022 14:31

I would point out to you that the EU is composed of 27 sovereign states. No one dictates to anyone. That is a myth. Policy is agreed by the Council of Ministers more often than not by majority voting these days. EU standards are a minimum by which all must comply but most member states gold-plate EU directives with additions above the standard. Britain did regularly.

I suggest the US is a poor model and frankly the country looks like falling apart at the moment due to partisan polarisation, helped along by that ultra-narcissist Donald Trump. We need to keep our distance.

Thanks (0)
Replying to Agutter Accounts:
avatar
By johnjenkins
07th Nov 2022 09:17

What Trump did was to unite the people (although to some he showed the split) and invest in the people. The American constitution is the longest agreement (for want of a better word). It's main aim is to "serve its people". When that does not happen problems occur. The EU does not "serve its people", it serves itself.
Most of the world is divided so it really is time for the rest of us to look at the German coalition and adapt it to our politics.

Thanks (0)
Replying to johnjenkins:
avatar
By Agutter Accounts
08th Nov 2022 12:16

I beg to differ about the Eu but we have exhausted that subject.

To get a German model, the electoral system here must change to a PR system. We have variosu models in the devolved parliaments that seem to work so it is down to the Big Two reckoning it is not in their interests and the cosy duopoly they have had for a century.

Thanks (0)
Replying to Agutter Accounts:
avatar
By johnjenkins
08th Nov 2022 12:59

My other post replying to you suggests just that.

Thanks (0)
Replying to johnjenkins:
avatar
By Agutter Accounts
09th Nov 2022 14:57

Indeed. We largely agree on the outlines of reform.

Thanks (0)