The UK government is anticipating the approval of the Data Protection and Digital Information (DPDI) Bill this autumn, a legislation designed to reshape the UK’s compliance with GDPR to suit domestic needs. Touted as a post-Brexit opportunity that will bolster international trade while reducing bureaucratic hassles like numerous cookie pop-ups, the proposed bill is projected to add £4.7 billion to the nation’s economy over the next decade.
While businesses are applauding this potential reduction in paperwork, critics argue that it could lead to severe infringements on data rights. The Open Rights Group has expressed grave reservations about the bill’s impact on privacy protections. “The DPDI Bill will rip up hard-won privacy protections,” warns Mariano delli Santi from the Open Rights Group.
What makes these concerns even more pressing is their impact on post-Brexit data regulations. In 2021, an ‘adequacy decision’ by the European Commission allowed unobstructed flow of personal data between EU and UK without additional safeguards, underlining trust in UK’s adherence to EU rules. However, an open letter from 28 civil society groups and privacy specialists suggests that the new DPDI Bill might undermine this premise and turn UK into a “leaky valve” where corporations can circumvent GDPR by operating from within its borders.
If approved, critics fear that the new law would enable widespread deregulation of UK’s data protection framework and permit invasive surveillance programs infringing upon rights of both local and EU citizens alike. Consequently, campaigners are urging for a repeal of the ‘adequacy decision’ by EU commission if this proposal becomes law. Such an outcome would undoubtedly strain relations between UK and EU further while posing significant risks to privacy rights.