The UK Introduces Its Version of the GDPR

Hello all! 

It’s an especially notable week in privacy because the UK government has reintroduced their new version of the GDPR, the Data Protection and Digital Information Bill. 

Businesses might feel frustrated at the proliferation of yet more data privacy regulations. However, they should take comfort in the fact that the bill is more like a UK version of the GDPR  than a complete overhaul. In addition, according to its sponsors, the bill will “reduce costs and burdens for British businesses and charities, remove barriers to international trade and cut the number of repetitive data collection pop-ups online.” 

The bill purports to reduce the burden of compliance on small businesses through a variety of reforms, such as only requiring organizations with high-risk processing activities to keep processing records.  

All told, the bill represents a reaction to some of the GDPR’s more burdensome requirements. The biggest criticism of regulation as a whole is that it’s anti-competitive; only large enterprises have the resources to dedicate to compliance, while small businesses are subject to an undue burden. At the same time, consumer rights need to be respected, and there’s just no guarantee they will be without legal protection.  

Legislators know this, and each of these new laws can be thought of as experiments to identify the right blend of restrictive and permissive provisions. Eventually, we’ll find the right mix. But until then, the business community will have to contend with a small galaxy of legislation. 

The bill still has a long way to go—the UK legislative process involves several stages of readings, debates, and votes—and it may undergo significant changes as it proceeds through the legislature. We’ll be tracking its process and any developments in Privacy Insider. 

Best, 

Arlo 

P.S. The Osano team will be attending the International Association of Privacy Professional’s (IAPP’S) Global Privacy Summit in Washington D.C. this April! If you’ll be attending as well, come by booth 318 to ask questions, talk about all things data privacy, or just say hi. 

Top privacy stories of the week

Texas state representative introduces comprehensive state privacy bill draft 

Texas State Representative Giovanni Capriglione has introduced a new comprehensive privacy bill modeled after the Virginia Consumer Data Protection Act (VCDPA). If it passes, the bill would make Texas the sixth U.S. state to enact major privacy legislation, following California, Virginia, Colorado, Utah, and Connecticut. 

Read more 

New U.S. House data privacy bill could limit state insurance regulators' authority 

The U.S. House Financial Services Committee is considering a bill that would update the data privacy provisions in the Gramm-Leach-Bliley Act of 1999. The bill, referred to as the Data Privacy Act of 2023, would expand privacy notice requirements, make it easier for consumers to opt out of data-sharing, and let federal data privacy standards preempt state privacy standards, among other provisions. 

Read more 

FTC to ban BetterHelp from sharing mental health data with advertisers 

The FTC alleges that BetterHelp, a popular online mental health counseling service, shared email addresses, IP addresses, and information users filled in a preliminary health questionnaire during signup, with Facebook, Snapchat, Criteo, and Pinterest. These third parties then used consumers’ information for advertising and to identify consumers with similar profiles and promote BetterHelp’s counseling services. The FTC is proposing to ban BetterHelp from engaging in this data sharing practice and to pay $7.8 million to its users. 

Read more 

Irish Data Protection Commission publishes 2022 Annual Report 

The Irish Data Protection Commission recently published its report on its activities over the course of 2022. Among other findings, the report highlighted the over €1 billion in fines, the closure of over 10,000 cases, and nearly 6,000 data breach notifications. 

Read more 

Privacy bill to move forward in Canadian House of Commons next week as TikTok concerns grow 

Partially in response to scrutiny over TikTok’s data collection practices, Canadian representatives are advancing a previously unprioritized privacy bill for debate at a second reading once the House returns from a two-week break Monday. The bill would strengthen requirements around disclosure, data collection consent, and enforcement. 

Read more 

New UK privacy bill introduced 

The UK has introduced a new data privacy protection bill to replace the GDPR known as the Data Protection and Digital Information Bill. After Brexit, the UK retained a number of EU laws, including the GDPR. The bill was first introduced last summer and paused in September 2022 to allow time for a co-design period with business leaders and data experts. Should the bill pass, the UK government estimates it will create £4.7 billion in savings for the UK economy over the next 10 years 

Read more 

WhatsApp agrees to be more transparent on policy changes, EU says 

Following complaints from consumer bodies across Europe, WhatsApp has agreed to transparently explain changes to users’ contracts, to prominently display the option for users to accept or reject changes, and more. 

Read more 

Osano blog: Making the business case for your data privacy program 

Most organizations underestimate the scope needed for a truly functional data privacy program, if they’re willing to dedicate resources to data privacy at all. This blog post provides actionable tips for privacy professionals interested in “selling” the idea of a data privacy program internally. 

Read more 

If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.