Brace yourselves: new UK data laws are coming

The Government have just announced their plans to gut the UK General Data Protection Regulation. They are proposing to bonfire your rights and remove the protections the law affords to your private life, vulnerabilities, and aspirations.

This is but a natural product of poor proposals being discussed in a rigged consultation process. Big multinational corporations, their lawyers, and corporate-funded think tanks were advising the Government on how to keep our data safe, courtesy of the “International Data Transfers Expert Council”. At the same time, the Department for Digital, Culture, Media, and Sport were taking care of ignoring the critical voices of civil society and ordinary citizens, in a delicate balance of arbitrary cherry-picking and a smokescreen of wishful thinking.  

The outcome of such a shiny example of integrity in policymaking is rather damning. According to what the Government have announced, individuals would lose protections against discrimination and abuses, only to get less choices in return. Dodgy businesses would get their licence to be malicious, reckless, and to launder your personal data oversea, far from your eyes and those of the Regulators. The cherry on the cake, the Information Commissioner’s Office (the Regulator) would be coopted by the same Government they should keep an eye on. 

This is Open Rights Group first take on the formal response to the consultation, and there will be more to unpack. In the meanwhile, let’s take a sneak preview at what the Government have just unveiled.

Less choice for you, less accountability for law-breakers

Online advertisers have long kept records of the things we read, watch and do online. Knowing that we would have refused, they extorted our consent with illegal cookie pop-ups, whose only purpose were to exhaust us. In response to this, the Government are boldly taking the side of the abusers and the law-breakers: the UK Data Reform Bill will make it the default setting to spy on us, and your burden to opt-out of something you never wanted in the first place.

These proposals come along with more freedom for businesses and the Government to manage data risks by making infringements less contestable and not bothering about carrying out risk assessments, or implementing governance measures that are meant to prop up and demonstrate responsible uses of data. Recruiting or dismissals, your VISA applicationyour eligibility for hospitalisation, your entitlement to compensation or benefits: the burden to scrutinise and challenge bad decisions that someone else is responsible for would fall on you.

Finally, the (welcomed) support for binding privacy signals that would allow Internet users to opt-out automatically via their browsers does not mitigate the fundamental erosion of individuals’ online privacy and right to choose, nor for the harms they would be exposed to because of the “do first-apologise later” approach the UK Data Reform Bill would unleash. 

So long ICO, and thank you for all the fish

Principles and legal boundaries are fundamental stepping stones for the protection of our personas, but so are the effective implementation of enforcement of these rules. In the UK, this would be the task of the Information Commissioner’s Office, the independent watchdog that oversee the use of personal data by both private actors and the Government. 

However, the UK Data Reform Bill will codify cronyism into law. The Secretary of State is being given the power to arbitrarily amend the Commissioner’s salary, issue “a statement of priorities” to their Office, and vetoing the adoption of statutory codes and guidance, thus exposing the ICO to political direction, corporate capture and corruption. Worried about the ICO new guidance or investigation? Giving a substantial donation to the party in Government will ensure that the Secretary of State takes care of your concerns.

Human rights are in peril, and so are British businesses

The protection of our private lives is a fundamental right, enshrined in article 8 of the European Convention of Human Rights, that we enjoy as individuals. However, the Government are replacing the rights-based framework provided by the UK GDPR with “New data laws to… protect consumers”, turning us from “people with rights into data points with exploitable commercial potential”. Unsurprisingly, the Government are also getting rid of the Human Rights Act, and they preparing to sell your privacy to oversea partners such as the United States and Australia, both of which lack meaningful data protection standards.

In doing so, the UK Government are on a collision course with their international obligations under the ECHR and the CoE convention 108+ on personal data protection – both fundamental elements of the UK adequacy determination, and whose rupture would spell troubles for the UK digital sector. Without an adequacy decision, businesses will need to implement onerous safeguards whose estimates are “between £1 billion and £1.6 billion”. This figure is already enough to offset the benefits claimed by the DCMS, and it does not account for the reduction in EU-UK digital trade, investments, and the relocation of businesses and personnel outside the UK.

It’s not a done deal

Beyond the fig leaf of pretentious press releases lies an irrational move that goes against efforts by many jurisdictions to introduce the robust data protection standards that the UK Government are so keen to slash and burn. 

Countries like Nigeria and Brazil already recognise privacy and data protection as fundamental rights. Chile is also discussing a rights-based data protection framework, while Canada is debating a Bill that would require companies to identify, assess and mitigate the risk of harm and bias before AI systems are deployed. Even the United States and India are — slowly and with some difficulties — advancing toward stronger data protection laws.

At a time when personal data can be leveraged to do all sort of wrong things, depicting data protection as a burden is wrong, irresponsible and negligent. It is about being on the wrong side of history, and it condones a society run by privateers, fraudsters and crooks.

We at OpenRightsGroup want to write a different ending to this story. Join our campaign, and help us Stop Data Discrimination.