1) The UK Government published their plans to water down GDPR. It is bad, incredibly bad. My first reaction on @OpenRightsGroup blog, but if you scratch under the surface it gets even worse. You won't believe how bad it is. Thread below
📣 This excellent blog by our very own @ds_m4riano is an essential read for anyone who wants to understand Government proposal for a new UK data protection regime. openrightsgroup.org/blog/why…

12:36 PM · Sep 10, 2021

57
1,752
374
2,192
2) First things first, Government purports the new framework as intended to ‘maintain high data protection standards’. Except that, in their consultation they NEVER, EVER touch upon or seek views on how to strengthen protection for individuals.
3
59
2
241
3) Moving to funnier stuff, the UK new framework manages to scrap data protection in its entirety with one, single blow. It introduces a legal ground to ‘improve services for customers’
5
114
9
324
4) If you work in data protection, you know that ‘we process your data to improve our services’ is a practical joke, i.e. the single, most abused buzzword the industry uses when they're doing something bad. This will be made legal under UK Government plans.
5
135
5
437
5) The new framework also wants to introduce fees to exercise data subject access requests. I will spell it you: you will have to pay money to exercise your data rights and access personal data held by *all data controllers*.
9
128
17
338
6) The UK Government also wants to dictate ICO priorities, and have the power to amend the Information Commissioner's salary without Parliamentary scrutiny. In other words, they want to put the ICO under Government direction.
4
81
8
233
7) Govt will control the ICO directly, by setting their agenda, and indirectly, by retaining the ability to retaliate against Commissioners who do not please Government, and award Commissioners that do what Government want. We remind you that the ICO is supposed to be a watchdog
3
80
1
287
8) Also, Government would allow solely automated decision making based on legitimate interest. Organisations will be able to take life-changing decisions about you in a black box, insofar it fits the new legal grounds (such as reporting criminal acts, or improving services)
7
55
7
207
9) Elizabeth Denham G7 proposal for binding privacy signals lasted very little. This would be too inconvenient for surveillance advertising crooks, and unnecessary: they now have a handy legal ground for processing data and ‘improve customers experience’ (see n. 3,4).
1
34
1
159
10) Of course, this also means that adtech companies won't need to ask you whether you want to be tracked or not. They don't need it anymore. After displaying bad faith for years, the adtech industry is getting their free-of-jail card.
2
66
4
242
11) There are other funny stuff, such as the removal of accountability requirements. Organisations will be free to shred the evidence that they did something wrong. In its stead, they will have to organise privacy trainings.
4
79
2
205
12) Further, data breaches will need be notified only when the risk to individuals is material. No seriously, I don't even feel like commenting on this one.
5
76
9
235
13) Just to make sure you can't hold a Controller accountable anymore, you will have to demonstrate that you tried to negotiate a solution with the offender before reporting it to the ICO. The ICO was in dire need of another ground to arbitrarily dismiss complaints (sarcasm).
5
45
1
191
14) Of course, organisations will have to demonstrate they have complaint procedures in place, but we also saw that they have limited need to keep records anyway (see n. 11). What could possibly go wrong?
2
34
1
163
15) To conclude, Government proposed deregulation of the GDPR confirms an old saying: no good story ever started with someone saying ‘we will cut red tape’.
4
88
1
343
17) For those who may be interested, I made a new blog out of this thread.
UK data laws have turned hostile, and you’re the target: if Govt goes through with it, distrust and exploitation will be the price to pay for using digital services in the UK Hostile Digital Environment. Have a look at my last blog, or read the key highlights in the thread below
Show this thread
0
8
0
10