September 21, 2021

Volume XI, Number 264

Advertisement

September 20, 2021

Subscribe to Latest Legal News and Analysis

UK Consults on New Data Protection Regime

The UK government has unveiled its much-trailed plans to reform its data protection laws, outlined in a consultation document which is open for public comment until 19 November 2021.

Since Brexit was finalised at the start of 2021, the United Kingdom has retained much of the EU General Data Protection Regulation. The government’s plans, if implemented, would see the UK move away from the EU’s approach in several key ways, which may lead to trouble for the continuation of the adequacy decision granted by the EU in June. If terminated, the adequacy decision, currently permitting free flows of personal data between the EU and the UK, could cause increased costs and bureaucracy for businesses on both sides of the Channel to continue their data transfers. 

Some of the changes to the UK GDPR proposed in the consultation document are:

  • Making the legitimate interests lawful basis easier to use, by publishing a limited, exhaustive list of legitimate interests that organisations can use without having to complete a balancing test.

  • Removal of the right to human review of decisions made on the basis of solely automated data processing.

  • Introducing a fee for responding to subject access requests and allowing organisations to refuse to comply with requests at a lower threshold than “manifestly unfounded”, as allowed in the current legislation.

The proposals also introduce potential changes to the UK’s Privacy and Electronic Communications Regulations, including:

  • Increasing the current maximum penalty of £500,000 for breaches of the direct marketing regulations to the higher of 4% of global turnover or £17.5 million, thereby matching the maximum penalty under UK GDPR.

  • Removing the requirement for websites to obtain consent before serving some analytics cookies.

  • Extending the “soft opt in” for direct marketing to organisations other than businesses, such as charities and political parties.

Copyright 2021 K & L GatesNational Law Review, Volume XI, Number 258
Advertisement

About this Author

Nóirín McFadden Intellectual Property and Communications Attorney K&L Gates London
Senior Associate

Nóirín McFadden is a senior associate in the firm’s London office. She concentrates her practice on intellectual property, technology and commercial matters. Nóirín has experience in data and trade mark licensing and in distribution agreements and has also worked on a range of technology matters including software licensing and online agreements. Nóirín advises on wide-ranging data protection issues, including data transfers.

+44.(0)20.7360.8135
Claude-Étienne Armingaud, KL Gates, Paris, data protection lawyer, commercial contracts attorney
Partner

Claude-Etienne Armingaud’s practice focuses on the representation of public and private companies in the area of information technologies and intellectual property law. Mr. Armingaud provides counsel to his clients at all stages of their corporate life cycle and in wide-ranging transactions, including in connection with litigation compliance matters, intellectual property protection and development, data protection strategic operations, and other commercial contracts.

Mr. Armingaud regularly advises start-up companies in matters relating to...

33-0-1-58-44-15-16
Advertisement
Advertisement
Advertisement