Data protection updates
Sign up to myFT Daily Digest to be the first to know about Data protection news.
Brussels has warned that it will sever a data-sharing agreement with the UK if London’s attempts to rewrite its internet laws are found to pose a threat to EU citizens’ privacy.
On Thursday, the UK government announced proposed reforms to its future data laws, including removing the cookie pop-ups that inform internet users that they are being tracked online.
It also said that it planned to pursue data-sharing agreements with a range of non-EU countries including the US and Australia, while loosening the rules that apply to personal data use by UK small businesses and charities.
In an interview with the Daily Telegraph newspaper on Thursday, the UK’s culture secretary Oliver Dowden called the cookie notices “pointless”, and said any that did not pose a “high risk” to privacy would be done away with.
In response, an EU spokesperson said that Brussels was monitoring the UK’s decision “very closely”, adding that “in [a] case of justified urgency” that threatened its citizens, it would “immediately” revoke its data-sharing arrangement with the UK.
The move comes as the UK looks to chart its own course on internet regulation after leaving the EU. It is also in the process of ratifying a landmark new law on online safety.
However, experts warn that in diverging from the data protection standards required by the EU in exchange for the free flow of data between the two regions, the UK risks hurting businesses and citizens.
Adam Rose, data protection partner at law firm Mishcon de Reya, said: “Today’s announcements put the UK on a collision path with the EU, but also more widely with civil society organisations, with the likelihood of serious domestic data litigation in the future.”
William Bain, head of trade policy at the British Chambers of Commerce, added: “We will examine carefully any proposals for divergence from GDPR or other data protection or handling legislation. Firms need concrete assurances from government that these would not put our adequacy relationship with the EU at risk.”
Some also argue that the government’s announcement on cookie pop-ups masks more substantial changes that could conflict with the EU’s general data protection regulation (GDPR).
Lilian Edwards, law professor at Newcastle University and an expert in internet law, said Dowden’s attack on cookie notices “smacks of being a smokescreen” that disguised a broader weakening of good data protection practices.
“This sort of pro-Brexit talk-up is likely to achieve almost nothing — as any firm contracting with the EU and many other countries will in any case have to stick to GDPR standards — and merely jeopardise our fragile and crucial adequacy agreement,” she added.
The Department for Digital, Culture, Media and Sport also announced on Thursday that John Edwards, New Zealand’s privacy commissioner, would succeed Elizabeth Denham as head of the Information Commissioner’s Office. It added that the role would probably be expanded “to encourage the responsible use of data to achieve economic and social goals”.
Edwards, who oversaw New Zealand’s data-sharing agreement with the EU, has been extremely outspoken in his criticism of big tech companies such as Facebook, whom he referred to as “morally bankrupt pathological liars” in a since-deleted tweet in 2019, after the deadly attacks on two mosques in Christchurch.
Outgoing commissioner Denham said Edwards would bring “extraordinary breadth, international leadership and credibility” to the job, but warned that any reforms must ensure that “people continue to trust their data will be used fairly and transparently, both here in the UK and when shared overseas”.
She added: “Implementing any changes parliament decides on will fall to my successor, who will take on a role that has never been more important or more relevant to people’s lives.”
Additional reporting by Peter Foster