GDPR is the gold standard for data protection. While it’s certainly not perfect in every detail, it sets a clear standard for making sure that in most cases you have to opt in to having your data collected for a specific purpose, and if your data is stolen or exposed, the company concerned must disclose the fact to you and data protection regulators promptly.
These EU data protection rules should be paving the way to similar standards around the world, but now it seems the UK wants to start making our data less safe.
While the UK is no longer in the EU, it has GDPR-compatible data protection laws. That might not be the case for much longer.
As TechCrunch’s Natasha Lomas (always worth reading on this stuff) reports:
For months, now, ministers have been eyeing how to rework the U.K.’s current (legacy) EU-based data protection framework — to, essentially, reduce user rights in favor of soundbites heavy on claims of slashing “red tape” and turbocharging data-driven “innovation.” Of course the government isn’t saying the quiet part out loud; its press releases talk about using “the power of data to drive growth and create jobs while keeping high data protection standards.” But those standards are being reframed as a fig leaf to enable a new era of data capture and sharing by default.
And the whole idea is ridiculous unless the UK wants to do even less trade with the EU. Scrapping GDPR will lead to even more ‘red tape’ for businesses who want to transfer data to and from the EU, as the UK will lose its ‘equivalency’ status.
There’s no doubt that GDPR compliance is a burden on businesses, but a modern-day government wouldn’t argue that car seat belts are an unnecessary manufacturing burden. Carmakers got used to it. So why is our data so easy to disregard?