Sailors could face two regimes in Europe • The Register

Browsers will have to comply with two different data regimes in Europe under UK legislation proposed to replace EU laws.

The UK government has promoted its approach as a way to ease the burden of cookie consent for website users, but the new law could be difficult for browser makers wanting to comply with EU and UK regimes. United States, which currently fall under the General Data Protection Regulation. (GDPR).

The UK bill, which is up for debate in parliament, says websites will not need to require users to consent to “collect information for statistical purposes” about how a website or service is used “for the purpose of making improvements to the website”. .

However, it also offers Internet users the right to enable or disable cookie tracking at the browser level.

Jonathan Kirsop, Partner and Head of Information Law at Pinsent Masons, said: “This could help users get rid of the myriad consent requests they receive while browsing the internet. such an approach would not be straightforward, however, as it would be difficult to assert that any general consent given by users satisfies the requirements of the EU GDPR.Companies supplying browsers or publishing websites across Europe should deal with two very different regimes.

The Conservative government has said it wants to relax data protection laws and allow data sharing with other countries while maintaining its data-sharing agreements with the EU, the so-called adequacy agreement. with the UK’s largest trading partner.

“We now have the opportunity to seize the benefits of Brexit and transform the UK’s independent data laws. We have designed these new updates to our data protection framework to work in our interests, protect our citizens and unburden our businesses,” said Matt Warman, minister for media, data and digital infrastructure, introducing the bill.

“Through this bill, we will realize the opportunities for responsible data use while maintaining the UK’s high data protection standards. The EU does not require countries to have the same rules to grant adequacy, we are therefore convinced that these reforms are compatible with maintaining a free flow of personal data from the European Economic Area.”

But Kirsop said the proposals could jeopardize adequacy, making life more difficult for businesses sharing personal data between the UK and EU.

“The proposals could be seen as diverging enough from the EU’s GDPR to threaten the UK’s adequacy status, potentially plunging global businesses back into costly and time-consuming remediation programs less than five years after leading extensive work to comply with the GDPR before it took effect,” he said.

On the other hand, “those seeking substantial streamlining of requirements and the removal of barriers to innovation and business, whether perceived or real, may feel that the bill does not go far enough,” he said in a blog post.

Bill follows government consultation, ‘Data: A New Direction’ [PDF]which raised concerns when it opened the debate about removing the right for individuals to challenge automated decisions made about them.

As AI-based decision-making becomes more popular in applications from healthcare to financial services, campaigners have challenged proposals to remove these rights, set out in EU law, given loopholes potential of AI, including biased training data.

The bill introduced in parliament reframes the argument around challenges to automated decisions. It creates a right to “human intervention” in decision-making, but it only applies to “significant” decisions, rather than decisions that produce legal effects or similar significant effects, Kirsop said. .

The proposed laws also remove the requirement for companies to carry out a data protection impact assessment and replace it with the need to carry out an assessment of high-risk processing, the details of which have yet to be defined.

The bill also proposes changes to the way the government works with the Information Commissioner’s Office (ICO), the data protection watchdog. Open Rights Group chief executive Jim Killock said the changes would put ministers in charge of the ICO and trigger a new wave of police oversight powers.

“British businesses will be sweating as they try to make up their minds about yet another big and costly change to the regulatory regime,” he said. “This bill will remove important protections against bias and prejudice afforded to women, workers, patients, migrants, ethnic minorities, vulnerable individuals and communities, and all others.”

MPs will then consider the bill for second reading, which is expected to take place in September. ®

Comments are closed.