UK passes ‘adequacy’ test but are calls for GDPR protection cuts a step too far?

UK passes ‘adequacy’ test but are calls for GDPR protection cuts a step too far?

This article from Trūata’s Chief Privacy Officer and Chief of Product Innovation, Aoife Sexton, recently featured in Global Security Mag.

For a nerve-racking period of six months, the UK’s data protection practices were under close examination. A review was being undertaken, as the government was given time to prove it could continue to operate to the rigors of the GDPR following its exit from the EU. Following this review process, and demonstrating the importance of international transfers of personal data to the new data economy and global privacy framework, the European Commission adopted a decision backed by representatives of the EU countries in favor of granting the UK data ‘adequacy’, paving the way for personal data to be transferred freely from the EU to the UK.

This is a major boost for businesses who operate on a continental scale, especially following a difficult year with the Covid-19 pandemic having a detrimental impact across many industries. However, the adequacy ruling comes with a warning from the European Commission that this is not a binary decision, and the UK will be under close scrutiny.

This is in reaction to the country’s continuing signals of an intention to diverge from the European consensus on data protection and, in particular, the GDPR. There is an emerging view in the UK that it has an opportunity to cement its position as a world leader in data. The UK Government is seemingly being advised that the GDPR is prescriptive and inflexible, with a view that reform of the GDPR could accelerate growth in the digital economy.

The battle over AI

One point of contention is the implications of the GDPR for the use of artificial intelligence (AI) such as machine learning. As a technology-agnostic and principles-based regulation, the GDPR primarily addresses top-level issues, such as the repeatable governance processes and frameworks that exist within organizations.

However, in the area of AI, the UK Government is being advised that the current legislation is hampering progress in the industry, making it costly and impractical for organizations to use AI to automate routine processes. This is because the GDPR stipulates safeguards that ensure that an individual should not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly, significantly affects that individual.

The Taskforce on Innovation, Growth and Regulatory Reform (TIGRR), set up by Downing Street, has highlighted that this requirement makes it burdensome, costly and impractical for organizations to use AI to automate routine processes because they must also have a manual process for individuals who opt out of automatic processing. As such, TIGRR has recommended scrapping this safeguard. Notably, the taskforce’s 130-page report has received an endorsement from Prime Minister Boris Johnson. A statement made earlier this year from the Secretary of State for Digital, Culture, Media and Sport, Oliver Dowden, made it clear that he wants to encourage more businesses and organizations to use personal data for innovation and eventually appoint the next Information Commissioner who would be charged with ensuring that “people can use data to achieve economic goals”.

Follow the link to read the full article: UK passes ‘adequacy’ test but are calls for GDPR protection cuts a step too far?