Sun Jun 20 2021
A UK Government taskforce is alarming privacy campaigners with their overhaul of GDPR legislation
A UK Government taskforce called the Task Force on Innovation Growth and Regulatory Reform (or TIGRR) has, according to the Open Rights Group, signalled “the Government’s desire to gut GDPR and your privacy rights”.
The taskforce, which is compromised of three Tory MP’s, released a report last week that made suggestions for reforms the UK could make to EU GDPR regulations in the post-Brexit landscape, including data protection legislation.
As reported by cloudThing, Digital Secretary Oliver Dowden also commented back in March that he thought Britain needed to "take a slightly less European approach to data privacy".
TIGRR is being headed up by Ian Duncan Smith, alongside Theresa Villiers and George Freeman, all of whom have commented to say that GFPR is "stifling, already out of date and a cause of unnecessary confusion”.
Backing this up they reference cookie opt out boxes that have sprung up all over the web, pointing out that GDPR has overwhelmed people with "consent requests and complexity they cannot understand, while unnecessarily restricting the use of data for worthwhile purposes".
Privacy campaigners have pushed back on that though, stating that many consent requests are in fact a ‘technical loophole’ that are more often than not unlawful under GDPR, which funding and more rigorous enforcement would resolve.
The specifics of the report has called for a change to UK data protection legislation (currently inline with GDPR) to remove both Article 5 and 22.
Article 5 requires any data collected to be restricted to "specified, explicit and legitimate purposes" and "adequate, relevant and limited to what is necessary” or in other words… sites can only collect data about a person if they actually need that data to fulfil the purpose of the website (an e-commerce site could ask for your address to deliver to you but not your gender, as that likely isn’t relevant). The taskforce however says that’s hindering the development of AI.
Article 22 covers the rights of an individual, in specific, to not be subject to a decision based solely on automated processing, including profiling.
Although TIGRR claims to have consulted widely on these recommendations with academics, parliamentarians, experts and think tanks, campaigners have noted that the list is tech industry heavy, with none of the academics actually named.
The report is significant, because it signals the Government's desire to gut GDPR and your privacy rights. It’s a dangerous attempt to remove any oversight, deferring decision-making to machines. If a decision that produces a legal obligation wasn't reviewable, AI would effectively become a backdoor to justify any kind of abuse: think of a company claiming a debt against you based on an automated decision that cannot be understood, or Government denying benefits to an individual based on criteria that cannot be scrutinised.
The thinktank institute for Government, when consulted on the report, commented to say it’s a “positive vision” but did point out that it failed to acknowledge how moving away from an EU GDPR model might affect business operating in Europe
A major overhaul of GDPR data protection rules risk the EU withdrawing its (yet to be confirmed) data adequacy decision - without which businesses will find it much more difficult and costly to transfer personal data from the EU to the UK.
Sun Jun 20 2021