On 26 August 2021, the UK announced plans to change data protection and privacy laws, in a potential departure from the General Data Protection Regulation (“GDPR”). The UK’s new mission statement regarding these changes indicates that it intends to focus its attention on a new series of ‘data adequacy partnerships’ to drive international trade with countries and bodies including the United States, Australia, the Republic of Korea, and Singapore, among others.
Like a number of changes that have occurred since the Brexit referendum, the UK is differentiating itself from the EU in its approach to trade and regulation. Here, it appears that these partnerships look to circumvent or overcome last year’s Schrems II decision, which restricted data transfers outside of the EU. Given how large the trade flow continues to be between the EU and UK, any changes to data transfer rules will also need to be deemed adequate by the EU; if they’re not then the EU could impose the same restrictions on the UK as they do to other non-EU countries.
The proposed changes form part of the government’s plans to “use the power of data to drive growth and create jobs”, although some data privacy experts have voiced concerns that the changes could be used to roll back data privacy for consumers as required under GDPR, to which the UK is still subject. With this announcement, it appears that the UK government believes that it can benefit from diverging its data privacy laws from the rest of the EU. The question of whether a focus on economic growth may compromise data privacy standards remains open.
Source: www.gov.uk