Last week, the DCMS published its long-awaited response to the “Data: a new direction” consultation, providing insight into the feedback received from those who responded to the government’s call for views, and outlining its plan moving forward with regard to the proposals that have been abandoned, and those that will go ahead.
The biggest headlines largely centred around reforms to the Privacy and Electronic Communications Regulation, with the removal of cookie banner requirements and intended future move to an opt-out rather than opt-in model of consentAn unambiguous, informed and freely given indication by an individual agreeing to their personal data being processed.; a massive increase in fine levels (£17.4 million or 4% of global turnover); and increased powers of enforcement for the Information Commissioner’s OfficeThe United Kingdom’s independent ‘supervisory authority’ for ensuring compliance with the UK GDPR, Data Protection Act 2018, the Privacy and Electronic Communications Regulations etc..
Other changes of note include the removal of several accountabilityPerhaps the most important GDPR principle, which requires controllers to take responsibility for complying with the GDPR and, document their compliance. requirements (DPIAs, RoPAs, and DPOs) in favour of a new more flexible Privacy Management Programme; a broadening of the scope of alternative transferThe movement of data from one place to another, this could be, for example, from one data controller to another, or from one jurisdiction to another. mechanisms; and a potential change of name for the regulator.
Whilst it is too early to tell how these reforms will manifest themselves when they eventually pass into law, initial review suggests that, particularly for businesses operating in both the UK and EU, the “clarifying” of UK law in this way may have actually created more confusion.
To read the full consultation response, click here.