Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
EU United Kingdom Technology

UK To Overhaul Privacy Rules in Post-Brexit Departure From GDPR (theguardian.com) 66

Britain will attempt to move away from European data protection regulations as it overhauls its privacy rules after Brexit, the government has announced. From a report: The freedom to chart its own course could lead to an end to irritating cookie popups and consent requests online, said the culture secretary, Oliver Dowden, as he called for rules based on "common sense, not box-ticking." But any changes will be constrained by the need to offer a new regime that the EU deems adequate, otherwise data transfers between the UK and EU could be frozen. A new information commissioner will be put in charge of overseeing the transformation. John Edwards, currently the privacy commissioner of New Zealand, has been named as the government's preferred candidate to replace Elizabeth Denham, whose term in office will end on 31 October after a three-month extension.

Dowden said: "Now that we have left the EU I'm determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK. It means reforming our own data laws so that they're based on common sense, not box-ticking. And it means having the leadership in place at the Information Commissioner's Office to pursue a new era of data-driven growth and innovation. John Edwards' vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals." The GDPR data protection rules introduced by the EU in May 2018 are part of UK law even after Brexit, under the Data Protection Act.

This discussion has been archived. No new comments can be posted.

UK To Overhaul Privacy Rules in Post-Brexit Departure From GDPR

Comments Filter:
  • by fred6666 ( 4718031 ) on Thursday August 26, 2021 @09:11AM (#61732005)

    The freedom to chart its own course could lead to an end to irritating cookie popups and consent requests online, said the culture secretary, Oliver Dowden

    Wishful thinking.

    I live in Canada. I browse the web with a Canadian IP address. GDPR has no effect here. I still see those popup on many web sites. So will people in the UK, no matter which law they adopt.

    • by waspleg ( 316038 )

      Yea, they're in the US too. No one cares enough to vet.

      • by Merk42 ( 1906718 )
        GDPR applies to EU citizens, regardless of their physical location at time of browsing. So I don't see how they could "vet".
        • That's ok, I don't see how they can enforce it outside the EU where EU law does not apply regardless of what they might think. This is as bad, if not worse, than some of the stuff the US has tried in the past to apply its laws to things beyond its jurisdiction.
          • That's ok, I don't see how they can enforce it outside the EU where EU law does not apply regardless of what they might think.

            The GDPR is actually applicable to companies doing business in the EU (or those connected to them). The GDPR may protect EU citizens regardless of where they are, but it isn't applicable to every company interacting with them, just those with a presence or connection to the EU.

            So, for instance, when a citizen of an EU member country travels to the US, the GDPR doesn't offer protection for their data when they interact with US-based companies that have no presence in or connection to the EU. But if that pers

          • That's ok, I don't see how they can enforce it outside the EU where EU law does not apply regardless of what they might think.

            They can't enforce anything outside the EU. But, if you operate inside the EU like basically every multinational then they can enforce anything they like on actions taken anywhere in the world.

    • by Luckyo ( 1726890 ) on Thursday August 26, 2021 @09:20AM (#61732043)

      This is actually the idea behind a lot of consumer protection legislation. If you can get certain norms passed in a large enough geographic area, it becomes cheaper to afford same protections to everyone globally than build a separate system for those that aren't yet protected.

      So those of us involved in such activism often try to co-ordinate and focus our efforts on a specific region. That way the typical massive discrepancy in finances behind lobbying can be partially mitigated against, because there's a soft cap on money spent on lobbying, beyond which diminishing returns on pushing more money into the system become very real. The trick is to make the region small enough to get as close to financial parity with corporate lobbyists going against you as possible, while keeping the target region large enough to still matter enough that corporations invest in systems to adapt to the new rules.

      • This is actually the idea behind a lot of consumer protection legislation. If you can get certain norms passed in a large enough geographic area, it becomes cheaper to afford same protections to everyone globally than build a separate system for those that aren't yet protected.

        I get that totally. British ministers don't seem to understand however.

        • "British ministers don't seem to understand however."

          Usually it's clear, but in this case it's hard to see whether this is

          (a) a lack of understanding of "techy stuff", something for the plebs rather than us clever chaps studying classics

          or

          (b) deliberately not wanting to understand, giving a plausible deniability when their dealings with big companies and their 'chumocracy' is exposed.

          My money is on both being true to some extent. This is both the least competent and most corrupt government that the UK has

        • "British ministers don't seem to understand however." - they probably understand but are grandstanding for the gullible brexiters
    • I believe GDPR says the default settings should be only essential cookies. So teh dialogs are there but the correct dialogs are simpler to handle. The opposite approach is for instance Google, where if you want to disable all before a simple search you have to wade through endless dialogs to switch everything off; log in to switch off more an install an addon to switch off even more.

    • He means the current rules say that the website must ask you for permission to harvest your data through annoying because the EU has too many regulations. With Brexit, the websites no longer have to ask; they can harvest your data at will. Problem solved! :P
      • And his point was us folks in Fredomland still get asked, from US companies, with servers located in the US, where our data is routinely sold.

      • Indeed is is solved.
        The problem is not the asking, it is the repeated asking, to the point where people don't bother reading it at all and it could say absolutely anything and no one gives a proverbial.
        At least, people should be able to say once, "I don't care and don't ask me again".
        At worst, it should apply to absolutely all software, not just Web sites and apps, so the pain is experienced by every industry....that will kill it stone dead.

        Not all of the ddpr is bad, but the cookie warning absolutely is br

  • In the EU, we have to fill in an Accept modal form every time we visit a new site and every time we are getting a different type of cookie from an existing site. It is an utterly futile exercise as the reason I am on, for example, stackopverflow.com, is that I want it's content and refusing to click accept means I wont get it.

    This could be fixed so easily - simply allow users to have a global "Accept" as part of the web page request. But GDPR doesn't allow that.

    Most of the rest of GDPR is very sensible an

    • by AmiMoJo ( 196126 ) on Thursday August 26, 2021 @09:24AM (#61732069) Homepage Journal

      That is actually a dark pattern and is currently being challenged, with legal action to follow if changes are not made.

      GDPR says that permission to process data must be freely given. It can't be required to provide services which do not require it, like reading an article, and it can't be coerced e.g. by pre-ticking the box or using dark patterns to make opting out difficult.

      In fact it should at most be a small notice to click if you would like to opt in to tracking, nothing more.

      There is no way it should default to accept, the default should be deny and the user can manually send an acceptance header if they want to. If they don't, only a minimal request that doesn't interfere with site operation or force the user to dismiss it should be made.

      • Today, all major browsers feature the “Do Not Track” attribute, which web sites are encouraged by not legally obliged to respect.

        The problem with the privacy elements of the GDPR is that the technology community had already given them the blueprints to excellent, workable solutions, which the EU and enacting states [including the UK] appear to have cheerfully ignored.

        If the EU were to suggest, say, that if the browser industry developed a set of very simply privacy-related flags, that a us
      • It can't be required to provide services which do not require it, like reading an article,

        Not quite. It's more nuanced than that. You absolutely can be required for a service which doesn't actually require it. What it can't be is required for an incidental service.

        E.g. You stumble on a public website, it doesn't need to track you. But it's a public website stumbled upon. The GDPR says you can't require the reader to accept permission to process this data. But as soon as you login to a website, it's no longer incidental. At the moment you sign up to something it absolutely can be a condition that

    • In the EU, we have to fill in an Accept modal form every time we visit a new site and every time we are getting a different type of cookie from an existing site.

      Not just the EU. These GDPR pop-ups have been applied universally, we're all getting spammed by this crap.

  • by F.Ultra ( 1673484 ) on Thursday August 26, 2021 @09:32AM (#61732099)

    Now that we have left the EU I'm determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK

    Why do I get the feeling that the result will be something that will only benefit data vendors such as Google and be a huge step backwards for individuals...

    • Hard to say. The UK has generally had a certain level of data protection beyond that mandated by the EU, and there's not a huge amount of political pressure to give American companies an advantage here.

      There's also a lot to be said for remaining largely compatible with EU rules simply to enable existing business to operate as before. On the flip-side, there's a lot of pressure to remove "red tape" and offer British companies an advantage over EU companies.

      Personally I think this is going to largely be
      • by Malc ( 1751 )

        Sounds like it's going to create a lot of red tape for companies that do business outside the UK, or even with parts of the UK like Northern Ireland. Just ask Marks and Spencers how well they're doing with the regulations and keeping food supermarkets in N. Ireland stocked. I really think there's a segment of the Tory party that is enjoying creating intra-UK friction with the goal of making parts leave: call it "extreme gerrymandering" because it removes a ton of seats from parliament that they have no ch

        • they've already stuffed the UK export businesses with 100 of pages of extra red tape, why should internet be excluded? Seems they are doing their best to screw of the UK business economy.
      • Re: (Score:3, Informative)

        by blugalf ( 7063499 )

        This.

        It's why UK officials routinely indulge in pompous, arrogant and grandstanding anti-EU rhetoric wrt to all things Brexit ("so that they're based on common sense, not box-ticking"). These primitive appeals to the average Brits' sense of superiority and latent contempt for the continent (which they rationalize as EU criticism) are covering for the fact that very little that was actually wrong with EU rules and very few things will change in practice.

    • by AmiMoJo ( 196126 )

      Some UK companies have already been cut off from the EU market due to problems shipping stuff there, handling tax and the shear cost of it making their products uncompetitive. Similarly people in the UK have lost access to many EU vendors and cheaper prices.

      All this will do is force service providers to cut themselves off from the EU if the laws diverge too much. The cookie requests should not be there anyway, GDPR forbids them in their current form and if the UK wants to really do something about them then

    • Now that we have left the EU I'm determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK

      Why do I get the feeling that the result will be something that will only benefit data vendors such as Google and be a huge step backwards for individuals...

      Because “Let's take back control” was just double-speak for weakening those pesky EU regulations on labor standards, consumer protection, data protection, human rights, etc.

  • by The Evil Atheist ( 2484676 ) on Thursday August 26, 2021 @09:55AM (#61732219)

    as he called for rules based on "common sense, not box-ticking."

    Just like how common sense was supposed to keep COVID deaths magically low in the UK.

    Mark my words, just like every other Brexit outcome, these "rules" would be crafted to benefit Boris Johnson's mates and their mates.

  • by Fudoka ( 1831404 ) on Thursday August 26, 2021 @09:57AM (#61732229)
    This from the Government which is trying to to hand over all the NHS patient data without consultation for a handful of beans.
  • by aj50 ( 789101 ) on Thursday August 26, 2021 @10:05AM (#61732253)

    Common sense would lead to banning all forms of cross-website tracking.

    Somehow I doubt that's what they have in mind.

  • Good luck with that (Score:4, Informative)

    by DrXym ( 126579 ) on Thursday August 26, 2021 @10:18AM (#61732305)
    The UK is already looking to sell off information such as NHS data to the highest bidder. Any "common sense" changes to privacy laws will undoubtedly leave people a lot less privacy than they enjoyed before.
  • Everything goes and all our citizens' data is up for grabs!!
  • "... while kowtowing to the rules of the massive trading block it is dependent on for its survival".

    Expect more of this nonsense, it plays well to the cheap seats.

  • any info will be for sale to any one for any use under only one condition , they can pay for it .
  • The problem is a lack of enforcement.

    At the moment website ignore the do not track header [wikipedia.org] and instead bombard users with popup demands to ignore that.

    The IOC could enforce DO-NOT-Track.

  • Fixing those cookie annoyances is literally the subject of a GDPR update currently in the process of becoming law!
    But the goal in the EU is to do it with no compromises. E.g. killing off that "legitimate interest" bullshit is a key bullet point.

    Honestly, I prefer doing it right instead of half-assing it. Just like I prefer a firewall that, when freshly installed, bugs me a lot because there is a lot of new stuff to decide on, rather than a firewall that lets through a lot of shit because the rules were too

  • The Johnson has already legislated to ban protest. Regardless of their claims that it's only about loud or disruptive protests, it actually allows the police to stop any protest anywhere.

    They have also removed the public interest defence from journalist reporting on whistleblowers. That's people like Glenn Greenwald in jail.
    https://www.ft.com/content/35d... [ft.com]

    They have appointed three party apparatchiks to the BBC. The latter is no longer an independent news source for the first time in its history.

    They are

    • by hoofie ( 201045 )

      Supermarket shelves are not empty, that is a load of wank.

      Why are there transport issues though? Free movement flooded the market with cheap Eastern European lorry drivers. Now that cheap supply is gone, there is a huge shortage of local drivers and the money is terrible. Only belatedly is the transport industry walking up to the hole they dug for themselves years ago and are now throwing money around like a demented chimp to hire drivers. Unfortunately it costs a fortune to get a HGV licence and the DVLA a

  • It should apply to all software, not just the Web. Then it would die the death it deserves. This just holds the Web platform form back.

Single tasking: Just Say No.

Working...