UK To Overhaul Privacy Rules in Post-Brexit Departure From GDPR (theguardian.com) 66
Britain will attempt to move away from European data protection regulations as it overhauls its privacy rules after Brexit, the government has announced. From a report: The freedom to chart its own course could lead to an end to irritating cookie popups and consent requests online, said the culture secretary, Oliver Dowden, as he called for rules based on "common sense, not box-ticking." But any changes will be constrained by the need to offer a new regime that the EU deems adequate, otherwise data transfers between the UK and EU could be frozen. A new information commissioner will be put in charge of overseeing the transformation. John Edwards, currently the privacy commissioner of New Zealand, has been named as the government's preferred candidate to replace Elizabeth Denham, whose term in office will end on 31 October after a three-month extension.
Dowden said: "Now that we have left the EU I'm determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK. It means reforming our own data laws so that they're based on common sense, not box-ticking. And it means having the leadership in place at the Information Commissioner's Office to pursue a new era of data-driven growth and innovation. John Edwards' vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals." The GDPR data protection rules introduced by the EU in May 2018 are part of UK law even after Brexit, under the Data Protection Act.
Dowden said: "Now that we have left the EU I'm determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK. It means reforming our own data laws so that they're based on common sense, not box-ticking. And it means having the leadership in place at the Information Commissioner's Office to pursue a new era of data-driven growth and innovation. John Edwards' vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals." The GDPR data protection rules introduced by the EU in May 2018 are part of UK law even after Brexit, under the Data Protection Act.
Re:No EU rules - no EU data - brexit is brexit... (Score:4, Interesting)
Thing is if the UK does significantly diverge from the EU on data protection then EU companies will be forced to stop sharing data with UK ones. International companies will have to either continue to comply with EU rules or segregate their systems into EU and UK sides.
That's the thing about brexit. The UK is one country and about 1/7th the size of the EU market. Demanding companies comply with special rules is a losing proposition, so in practice it's a choice between trashing our own economy and simply following EU rules without having any say in them.
Since we haven't even started diverging significantly and we are already at the point where there are food shortages we might want to think twice about this.
UK will break GDPR (Score:5, Insightful)
UK's Data Protection Act 2018 is binding, not GDPR, since end of last year.
UK will break GDPR, while loudly saying it isn't, to be the EU centre of data flow to the US after Max Schremsâ(TM)s group Noyb is forcing EU Data Protection Commissions to do their job (https://noyb.eu/en).
But at some point EU will say 'enough' and data flow to UK from the countries subject to EU law will be illegal under GDPR.
Rubbish (Score:1)
Do you think no sharing goes on between EU and US/elsewhere companies? Of course it does. Yes there'll be limitations but the idea that no data ever gets sent outside the EU is clearly rubbish. After all, most of the physical cloud servers used by EU companies are across the pond!
"Demanding companies comply with special rules is a losing proposition"
Thats what was said about financial services after Brexit. Turns out virtually no one has left the City of London and its still growing even during covid. Unlik
Re:Rubbish (Score:4, Informative)
Banks moving to EU cities [efinancialcareers.co.uk]
Amsterdam Stock Exchange overtakes London" [nltimes.nl]
Re: Rubbish (Score:1)
Those really the best links you can come up with? Have another go.
Re: (Score:2)
Bullshit. One very large US Bank told it's Bankers and Executives they needed to move to Paris. They were told very clearly by said Bankers and Executives to get fucked or they would walk over the road to a competitor.
Why ? Their wives told them very clearly they didn't want to move to Paris from London.
The trading activities of Paris, Frankfurt and Amsterdam are drops in the bucket compared to London.
As of March 2021, London is still #2 in the World behind New York. The closest European centre is Frankfurt
Re: (Score:3)
Do you think no sharing goes on between EU and US/elsewhere companies?
US company here. We do stuff to comply with GDPR. We don't have to, but we want EU money.
The UK will also like to have EU money.
After all, most of the physical cloud servers used by EU companies are across the pond!
No, the cloud providers have EU datacenters. Most EU cloud servers are located in Germany or Ireland.
Re: Rubbish (Score:2)
No. With AWS you get a choice where to host your cloud and its backups. They have no interest in the EU GDPR, that's the users problem.
Re: (Score:2)
They have no interest in the EU GDPR, that's the users problem.
If you want those users to pay you, it becomes your problem.
Re: (Score:2)
Well I suggest you go tell Bezos. We had a choice where to host our cloud and you could choose any datacentre in the world. We chose the USA even though we're in the UK because the majority of our clients are in the US though some are in the EU and UK.
Re: (Score:2)
Why would I tell Bezos?
My company wants EU people to pay us.
EU people won't pay us if we don't comply with GDPR.
So we comply with GDPR, and get paid.
Re: (Score:2)
You must have very law abiding clients. Ours never asked and we don't even mention it :)
Re: Rubbish (Score:1)
Isn't it your job to guide your clients through the whole process? Or are you at one of those companies that just gives the client what they ask for, instead of what they want?
Re: (Score:2)
Re: No EU rules - no EU data - brexit is brexit... (Score:3)
Re: (Score:2)
That is unfortunately true.
Re: (Score:2)
British citizens' data not going to Europe is another upside of Brexit.
Re: (Score:1)
Why would it end popups? (Score:5, Informative)
The freedom to chart its own course could lead to an end to irritating cookie popups and consent requests online, said the culture secretary, Oliver Dowden
Wishful thinking.
I live in Canada. I browse the web with a Canadian IP address. GDPR has no effect here. I still see those popup on many web sites. So will people in the UK, no matter which law they adopt.
Re: (Score:2)
Yea, they're in the US too. No one cares enough to vet.
Re: (Score:2)
Unenforceable (Score:2)
Re: (Score:3)
That's ok, I don't see how they can enforce it outside the EU where EU law does not apply regardless of what they might think.
The GDPR is actually applicable to companies doing business in the EU (or those connected to them). The GDPR may protect EU citizens regardless of where they are, but it isn't applicable to every company interacting with them, just those with a presence or connection to the EU.
So, for instance, when a citizen of an EU member country travels to the US, the GDPR doesn't offer protection for their data when they interact with US-based companies that have no presence in or connection to the EU. But if that pers
Re: (Score:2)
That's ok, I don't see how they can enforce it outside the EU where EU law does not apply regardless of what they might think.
They can't enforce anything outside the EU. But, if you operate inside the EU like basically every multinational then they can enforce anything they like on actions taken anywhere in the world.
Re:Why would it end popups? (Score:5, Insightful)
This is actually the idea behind a lot of consumer protection legislation. If you can get certain norms passed in a large enough geographic area, it becomes cheaper to afford same protections to everyone globally than build a separate system for those that aren't yet protected.
So those of us involved in such activism often try to co-ordinate and focus our efforts on a specific region. That way the typical massive discrepancy in finances behind lobbying can be partially mitigated against, because there's a soft cap on money spent on lobbying, beyond which diminishing returns on pushing more money into the system become very real. The trick is to make the region small enough to get as close to financial parity with corporate lobbyists going against you as possible, while keeping the target region large enough to still matter enough that corporations invest in systems to adapt to the new rules.
Re: (Score:2)
This is actually the idea behind a lot of consumer protection legislation. If you can get certain norms passed in a large enough geographic area, it becomes cheaper to afford same protections to everyone globally than build a separate system for those that aren't yet protected.
I get that totally. British ministers don't seem to understand however.
Re: (Score:3)
"British ministers don't seem to understand however."
Usually it's clear, but in this case it's hard to see whether this is
(a) a lack of understanding of "techy stuff", something for the plebs rather than us clever chaps studying classics
or
(b) deliberately not wanting to understand, giving a plausible deniability when their dealings with big companies and their 'chumocracy' is exposed.
My money is on both being true to some extent. This is both the least competent and most corrupt government that the UK has
Re: (Score:2)
Re: (Score:2)
I believe GDPR says the default settings should be only essential cookies. So teh dialogs are there but the correct dialogs are simpler to handle. The opposite approach is for instance Google, where if you want to disable all before a simple search you have to wade through endless dialogs to switch everything off; log in to switch off more an install an addon to switch off even more.
Re: (Score:2)
Re: (Score:2)
And his point was us folks in Fredomland still get asked, from US companies, with servers located in the US, where our data is routinely sold.
Re: Why would it end popups? (Score:1)
Indeed is is solved.
The problem is not the asking, it is the repeated asking, to the point where people don't bother reading it at all and it could say absolutely anything and no one gives a proverbial.
At least, people should be able to say once, "I don't care and don't ask me again".
At worst, it should apply to absolutely all software, not just Web sites and apps, so the pain is experienced by every industry....that will kill it stone dead.
Not all of the ddpr is bad, but the cookie warning absolutely is br
The most public feature of GDPR is the most broken (Score:2, Insightful)
In the EU, we have to fill in an Accept modal form every time we visit a new site and every time we are getting a different type of cookie from an existing site. It is an utterly futile exercise as the reason I am on, for example, stackopverflow.com, is that I want it's content and refusing to click accept means I wont get it.
This could be fixed so easily - simply allow users to have a global "Accept" as part of the web page request. But GDPR doesn't allow that.
Most of the rest of GDPR is very sensible an
Re:The most public feature of GDPR is the most bro (Score:5, Informative)
That is actually a dark pattern and is currently being challenged, with legal action to follow if changes are not made.
GDPR says that permission to process data must be freely given. It can't be required to provide services which do not require it, like reading an article, and it can't be coerced e.g. by pre-ticking the box or using dark patterns to make opting out difficult.
In fact it should at most be a small notice to click if you would like to opt in to tracking, nothing more.
There is no way it should default to accept, the default should be deny and the user can manually send an acceptance header if they want to. If they don't, only a minimal request that doesn't interfere with site operation or force the user to dismiss it should be made.
Not Only But Also (Score:2)
The problem with the privacy elements of the GDPR is that the technology community had already given them the blueprints to excellent, workable solutions, which the EU and enacting states [including the UK] appear to have cheerfully ignored.
If the EU were to suggest, say, that if the browser industry developed a set of very simply privacy-related flags, that a us
Re: (Score:2)
It can't be required to provide services which do not require it, like reading an article,
Not quite. It's more nuanced than that. You absolutely can be required for a service which doesn't actually require it. What it can't be is required for an incidental service.
E.g. You stumble on a public website, it doesn't need to track you. But it's a public website stumbled upon. The GDPR says you can't require the reader to accept permission to process this data. But as soon as you login to a website, it's no longer incidental. At the moment you sign up to something it absolutely can be a condition that
Re: (Score:2)
In the EU, we have to fill in an Accept modal form every time we visit a new site and every time we are getting a different type of cookie from an existing site.
Not just the EU. These GDPR pop-ups have been applied universally, we're all getting spammed by this crap.
Re: (Score:2)
And they could still kick your ass.
Re: (Score:2)
Re: (Score:2)
He's been doing it to every article for months. He thinks it's brilliant and incredibly funny.
Just remember, he votes. And if you don't, he gets to pick who's in charge.
Color me skeptical (Score:4)
Now that we have left the EU I'm determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK
Why do I get the feeling that the result will be something that will only benefit data vendors such as Google and be a huge step backwards for individuals...
Re: (Score:1)
There's also a lot to be said for remaining largely compatible with EU rules simply to enable existing business to operate as before. On the flip-side, there's a lot of pressure to remove "red tape" and offer British companies an advantage over EU companies.
Personally I think this is going to largely be
Re: (Score:2)
Sounds like it's going to create a lot of red tape for companies that do business outside the UK, or even with parts of the UK like Northern Ireland. Just ask Marks and Spencers how well they're doing with the regulations and keeping food supermarkets in N. Ireland stocked. I really think there's a segment of the Tory party that is enjoying creating intra-UK friction with the goal of making parts leave: call it "extreme gerrymandering" because it removes a ton of seats from parliament that they have no ch
Re: (Score:2)
Re: (Score:3, Informative)
This.
It's why UK officials routinely indulge in pompous, arrogant and grandstanding anti-EU rhetoric wrt to all things Brexit ("so that they're based on common sense, not box-ticking"). These primitive appeals to the average Brits' sense of superiority and latent contempt for the continent (which they rationalize as EU criticism) are covering for the fact that very little that was actually wrong with EU rules and very few things will change in practice.
Re: (Score:3)
Some UK companies have already been cut off from the EU market due to problems shipping stuff there, handling tax and the shear cost of it making their products uncompetitive. Similarly people in the UK have lost access to many EU vendors and cheaper prices.
All this will do is force service providers to cut themselves off from the EU if the laws diverge too much. The cookie requests should not be there anyway, GDPR forbids them in their current form and if the UK wants to really do something about them then
Re: (Score:3)
Now that we have left the EU I'm determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK
Why do I get the feeling that the result will be something that will only benefit data vendors such as Google and be a huge step backwards for individuals...
Because “Let's take back control” was just double-speak for weakening those pesky EU regulations on labor standards, consumer protection, data protection, human rights, etc.
Common sense (Score:3)
as he called for rules based on "common sense, not box-ticking."
Just like how common sense was supposed to keep COVID deaths magically low in the UK.
Mark my words, just like every other Brexit outcome, these "rules" would be crafted to benefit Boris Johnson's mates and their mates.
What about the NHS data (Score:3, Insightful)
Common sense not box-ticking (Score:3)
Common sense would lead to banning all forms of cross-website tracking.
Somehow I doubt that's what they have in mind.
Good luck with that (Score:4, Informative)
World leading data policy (Score:2)
Should read: "UK to make a show of independence.." (Score:2)
"... while kowtowing to the rules of the massive trading block it is dependent on for its survival".
Expect more of this nonsense, it plays well to the cheap seats.
They are tories (Score:1)
do not track header (Score:2)
The problem is a lack of enforcement.
At the moment website ignore the do not track header [wikipedia.org] and instead bombard users with popup demands to ignore that.
The IOC could enforce DO-NOT-Track.
The EU is overhauling it too! (Score:1)
Fixing those cookie annoyances is literally the subject of a GDPR update currently in the process of becoming law!
But the goal in the EU is to do it with no compromises. E.g. killing off that "legitimate interest" bullshit is a key bullet point.
Honestly, I prefer doing it right instead of half-assing it. Just like I prefer a firewall that, when freshly installed, bugs me a lot because there is a lot of new stuff to decide on, rather than a firewall that lets through a lot of shit because the rules were too
This looks like a soft coup (Score:2)
The Johnson has already legislated to ban protest. Regardless of their claims that it's only about loud or disruptive protests, it actually allows the police to stop any protest anywhere.
They have also removed the public interest defence from journalist reporting on whistleblowers. That's people like Glenn Greenwald in jail.
https://www.ft.com/content/35d... [ft.com]
They have appointed three party apparatchiks to the BBC. The latter is no longer an independent news source for the first time in its history.
They are
Re: (Score:2)
Supermarket shelves are not empty, that is a load of wank.
Why are there transport issues though? Free movement flooded the market with cheap Eastern European lorry drivers. Now that cheap supply is gone, there is a huge shortage of local drivers and the money is terrible. Only belatedly is the transport industry walking up to the hole they dug for themselves years ago and are now throwing money around like a demented chimp to hire drivers. Unfortunately it costs a fortune to get a HGV licence and the DVLA a
Why just the Web? (Score:1)
It should apply to all software, not just the Web. Then it would die the death it deserves. This just holds the Web platform form back.