The Data Protection &
TAKEAWAYS
The new
Businesses already face an uphill struggle keeping pace with fast changing and numerous new data laws being passed in multiple
The
The
It remains to be seen what amendments might be made as the Bill passes through the parliamentary stages, but some key changes proposed from the prior DPDI Bill remain while some proposals are new. Key proposals include:
- Modernizing the
UK's privacy regulator, theInformation Commissioner's Office , and empowering it to take stronger actions against organizations; - Removing consent requirements for cookie use in an expanded range of exempted purposes (e.g., statistical information or user preferences);
- Increasing fines to GDPR levels for nuisance marketing calls and texts;
- Removing the need to do a balancing test for certain "legitimate interests" processing (with a new list including direct marketing and intraorganizational data transfers);
- Changing the purpose limitation principle to benefit controllers;
- Changing the grounds for refusing data subject requests;
- Changing restrictions on AI and automated decision-making;
- Freeing up businesses to process personal data for research purposes (any processing that "could reasonably be described as scientific" and a proposed new illustrative list);
-
A new adequacy test for international data transfers from the
UK , provided the third-country protections are not "materially lower" than theUK GDPR, when assessed in a "holistic way;" -
Confirming transfer mechanisms lawfully entered into before the
UK GDPR reforms take effect remain valid; -
Removing requirements for appointing
UK representatives (less onerous than EU rule); - Relaxing rules around ROPA requirements (only if of high risk to the rights and freedoms of data subjects);
- Changing rules around DPOs (new "senior responsible individual" or SRI);
- Changing rules around DPIAs (new high-risk threshold); and
- DSIT/Secretary of State being given new powers in the Bill to determine the details of when data can be processed.
The government has stated that the changes "introduce a simple, clear and business-friendly framework" ... "taking the best elements of GDPR and providing businesses with more flexibility." It remains to be seen if the new law will be simple to comply with in practice and how it will coordinate with laws in other jurisdictions. It also remains to be seen how the EU will view the GDPR cherry picking and changes. If it takes a dim view, it could still risk the
Businesses will need to revisit their operations now that we have the details of these proposed DPDI2 changes.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Mr
NY 10019-6131
Tel: 202663 8000
Fax: 202663 8007
URL: www.pillsburylaw.com
© Mondaq Ltd, 2023 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source