The UK government has reintroduced the Data Protection and Digital Information Bill, which aims to modify the European privacy law that was adopted as British law before leaving the European Union.
The proposed changes claim to reduce paperwork requirements and save billions of pounds, but critics argue that the modifications will water down privacy rights and potentially lead to increased surveillance of vulnerable populations.
Additionally, some tech companies have expressed concerns that a UK version of the law will lead to greater regulatory costs.
The bill includes changes such as empowering the government to authorize permissionless data processing for purposes such as national security and crime, which civil rights groups have criticized as undemocratic.
The government has also stated that it will limit compliance documentation to organizations that pose high risks to individuals’ rights and freedoms, while loosening GDPR restrictions on automated decision making.
While the UK assimilated the GDPR as domestic law in 2018, the proposed modifications aim to replace it with a bespoke British system of data protection, though the bill introduced by Technology Secretary Michelle Donelan is not a complete replacement.
Small and mid-size British software businesses have urged the government not to proceed with the reintroduction, arguing that a divergence from the GDPR in the UK will add to their regulatory burden rather than decrease it, and companies will need to remain compliant with GDPR in any situation.