What is UK GDPR?
UK GDPR is the current data legislation in the UK. It came into effect at the start of 2021, when the UK left the European Union. Originally, the UK followed the EU’s General Data Protection Regulation (just referred to as GDPR).
The EU’s GDPR was introduced in 2018 and has been widely welcomed by data protection groups and privacy advocates. It replaced the 1998 Data Protection Act, and raised the penalties that companies could pay for mishandling user data.
UK GDPR aligns closely with the original GDPR, but a recent proposal by the UK government has now outlined a number of reforms they want to make to these laws.
Data: a new direction
The new proposals, titled “Data: a new direction”, are currently under consultation, so nothing is finalized yet. But what is the government proposing, exactly?
According to their own documents, the UK government wants to “create an ambitious, pro-growth and innovation-friendly data protection regime that underpins the trustworthy use of data.”
This appears to involve a push for deregulation, something data privacy advocates are vocally opposed to. According to digital rights campaigners at Open Rights Group, the government’s changes will reduce “transparency and accountability requirements for data controllers”.
The question is, are these fears credible?
Why does the government want to reform UK GDPR?
The UK government claims that it can generate billions of pounds for the UK economy “by removing barriers to responsible data use and reducing business burdens”.
According to their proposals, they want to make it easier for companies to comply with data regulations, which would (in theory) benefit smaller businesses rather than large corporations.
It’s hard to see how deregulation wouldn’t also help tech giants and big data-driven companies, however, even if that’s not the intention behind the reforms.
Should you be worried?
Again, we are still in the early stages of the reform process. Consultations on the proposed reforms aren’t even closed yet.
However, the UK government’s desire to deregulate the data market should raise some concerns. Tech giants and online advertisers have been growing in influence for decades, and relaxing data restrictions now can only consolidate their power.
It’s also concerning to see that the writers of the proposals have included statistics (from Deloitte and the ONS) that seem to suggest a drop in public concerns around corporate data usage.
These statistics are presented as a justification for deregulation, but it only points to the worrying fact that many people in the UK aren’t aware of the risks posed by companies mishandling their data.
The risks of corporate data management
If UK GDPR is reformed in this way, making it easier for companies to collect and store user data, individual internet users could lose even more control of their private information.
Here are three key reasons why weakening UK GDPR rules could be problematic.
- Large companies are regularly targeted by hackers and cybercriminals, but it’s often their own poor safety practices that leave them vulnerable. Weakening data protection laws could make it easier for corporations to get away with this kind of negligence.
- Your personal information is valuable. Data brokers, advertisers, and even your own internet service provider can all profit from collecting and selling your private data. Government regulation is essential to prevent invasive data harvesting practices, but these reforms could make it harder for users to protect their privacy (you can use a service like Incogni to remove your personal from data brokers).
- There is a growing imbalance between the power of consumers and that of the vast corporations they interact with. Even if the reforms do benefit smaller companies at first, these changes could still tilt the playing field in favor of the tech giants and social media conglomerates. That’s not a good trajectory for anyone who values their online rights.
Want to read more like this?
Get the latest news and tips from NordVPN.