BRUSSELS—The U.K. government is considering revisions to a data-protection bill it proposed in July that would relax rules businesses must follow on collecting and using customers’ personal data.
“We’re working right now with our ministers to see what further changes might be helpful,” said Owen Rowland, head of domestic data protection policy in the U.K.’s Department for Digital, Culture, Media and Sport. The government will consult with companies on revisions, he added, speaking at a privacy conference in Brussels on Wednesday.
If U.K. data protection law strays too far from the European Union’s General Data Protection Regulation, however, an existing legal deal known as an adequacy agreement between the two jurisdictions could be jeopardized, privacy experts say.
Broadly, the U.K. is seeking to relieve businesses and government offices from some of the strict provisions of the GDPR, which currently applies in Britain. Relaxing some data rules could save the U.K. an estimated £12 billion, equivalent to $14 billion, each year, Mr. Rowland said.
The U.K. has had two changes of government since data laws were proposed this summer. Michelle Donelan, who became the U.K.’s culture secretary in September, said last month that the legal changes to replace the GDPR will be “business- and consumer-friendly.”
Adequacy agreements allow companies to move personal data easily between specific regions. Britain left the EU in 2020 and was given adequacy status within a few months. The EU officials who oversee the arrangement have said they could suspend the system if British data protection laws change too dramatically.
Mr. Rowland said his office will set up roundtables and other channels for companies to share feedback on the rules in the coming weeks. The government held a formal public consultation before presenting the proposal this summer.
A separate bill under discussion in Britain’s parliament could also pose a risk to the EU-U.K. data arrangement, said Eleonor Duhs, a partner and head of data privacy at law firm Bates Wells & Braithwaite London LLP, speaking at the same conference.
If it is approved, that draft legislation—known as the revocation and reform bill—would automatically strip away EU laws that still apply in the U.K. by the end of 2023, including ones guaranteeing certain fundamental rights, such as data protection. “This is an absolutely enormous change,” Ms. Duhs said.
The draft data protection legislation would loosen some aspects of the GDPR such as requirements for companies to obtain permission from individuals for their data to be tracked online.
Corporate privacy analysts are monitoring how far the data reforms will go. Eventually, the future U.K. legislation might even influence other jurisdictions, much like the GDPR caused a domino effect of new privacy laws around the world, said John Bowman, lead for AI ethics client engagement at
International Business Machines Corp.
“The world is changing, the GDPR will change at some point, and they may be inspired by what the U.K. is doing,” Mr. Bowman said.
Write to Catherine Stupp at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8