UK to replace GDPR with ‘consumer-friendly’ privacy regime

New culture secretary decries ‘red tape,’ but detractors warn complexity could arise

Ben Wodecki

October 5, 2022

4 Min Read

New culture secretary decries ‘red tape,’ but detractors warn complexity could arise

The U.K. government plans to scrap the General Data Protection Regulation (GDPR), the EU’s data privacy regime it adopted before leaving the union.

Michelle Donelan, the secretary of state for Digital, Culture, Media and Sport, announced the move during a speech at the Conservative Party conference in Birmingham, England.

Instead, the government wants to adopt its own “business- and consumer-friendly British data protection system.”

The U.K.’s replacement would be “clearer, for businesses to navigate. No longer will our businesses be shackled by lots of unnecessary red tape,” the minister said during her speech.

The move is in line with the Truss administration’s plan to scrap all remaining EU laws and replace them with British-focused alternatives.

During a speech earlier in the week, the chancellor, Kwasi Kwarteng, announced the government would “review, replace or repeal retained EU law holding our country back.”

That planned review would cover GDPR—which provides citizens with greater transparency and control of how companies store and process their data.

Minister Donelan said the U.K.’s prospective alternative “will protect consumer privacy and keep their data safe, whilst retaining our data adequacy so businesses can trade freely."

The idea to remove GDPR from British law has been on the cards for some time. In June, the government published results from a consultation on what scrapping the existing data regimen would have. Those results claim British business would save $1.14 billion (£1 billion) by removing “bureaucracy, red tape and pointless paperwork.”

The proposed data regime changes include removing the need for small businesses to undertake data protection impact assessments (DPIAs) or appoint a data protection officer.

It would also focus on reducing ‘user consent’ forms – instead adopting an opt-in model to allow users to set their online cookie preferences to opt out automatically.

The planned changes were being led by former culture secretary Nadine Dorries. Donelan replaced Dorries as culture secretary during Prime Minister Liz Truss’s recent ascension to power. Donelan was most recently the U.K. education secretary but only held that position for just 35 hours.

Donelan was promoted to the role after a series of cabinet members resigned over Boris Johnson’s premiership, before resigning herself – making her the shortest-serving in the history of the role.

In her speech addressing the plans, Donelan said the U.K. wants to emulate data regimes in countries like Japan, South Korea and Israel.

The changes to the country’s data regime will add to her list of work, which also includes the Online Safety Bill that aims to regulate how online platforms protect users and their data. The brainchild of her predecessor, the bill’s passage through Parliament came to a stop as the government effectively disbanded during the recent leadership election.

The new prime minister is a fan of the bill - but wants any provisions it contains not to infringe on free speech.

Related stories:

Liz Truss: Where the UK’s new PM stands on AI, tech and science

UK regulator to investigate cloud computing giants’ market dominance

UK unveils plans to regulate AI

Labour MP Chris Byrant said the plan to scrap GDPR was “madness.”

“U.K. companies will still have to abide by GDPR if they want any online business in the European Union, as other non-EU companies already do. U.K. divergence will simply mean U.K. double costs,” he tweeted.

Further opposition was presented by Northern Ireland assembly member Matthew O’Toole, who told the Belfast Telegraph: “Data protection laws are a fundamental part of how businesses, governments and civil society have to operate in the digital age.

“If the Tories force through a pointlessly divergent U.K/ data regime it could threaten a vast range of everyday activity on a north-south basis.”

Such a move would only increase complexity for British businesses, according to Robin Röhm, founder of data sharing startup Apheris.

"Federated data ecosystems are the most pressing response to the problem of working across organizational and geographical boundaries as personal data never leaves its secure environment. That means it can be mapped to different privacy laws,” he said.

“If we fail to introduce federated data ecosystems now and provide companies with a way to continue collaborating, we risk causing a further widening of the connection between the EU and U.K.”

Cover image: Michelle Donelan, British secretary of state for digital, culture, media and sport

About the Authors

Ben Wodecki

Assistant Editor

Get the newsletter
From automation advancements to policy announcements, stay ahead of the curve with the bi-weekly AI Business newsletter.