A new Information Commissioner... what will this mean for web surfers?

September 28, 2021
Who is the new Information Commissioner?
The UK Government has selected John Edwards, a privacy lawyer most known for publicly “hating Facebook” as the next head of the UK’s data watchdog. He’s currently the Privacy Commissioner of New Zealand and will be replacing Elizabeth Denham, who has been criticised for being soft on tech giants when it comes to data privacy.
Edwards is predicted to take on Facebook and various other tech giants in his new role. He will also examine online advertising practices and lead the investigation into the infamous CCTV footage leak that led to the resignation of Matt Hancock, former Health Secretary.
Since Brexit, how have we been handling data?
We’re still very much aligned with EU regulations and enforce strict rules about data protection and getting consent from people to collect their data. So in this sense, not much has changed since Brexit when it comes to the UK’s data protection framework, with the exception of the recent developments that we’ve set out in our most recent blogs (see links below).
In June 2021, the UK was awarded with an adequacy decision from the EU. This means that the EU considers our post-Brexit framework to be up to their very high standards when it comes to data protection, allowing the UK to still transfer data to and from the EU. The decision was only awarded on the condition that data protection standards stay parallel to the EU’s. It therefore came as a shock to many last week when Edwards’ new team declared plans to take a “slightly less European approach” with a particular focus on making compliance less demanding for businesses.
It’s a significant shift from 2016 when the previous Digital Minister, Matt Hancock (yes, that Matt Hancock) was a strong believer in the EU’s General Data Protection Regulation (GDPR). He dubbed it a “decent piece of legislation” — and made several comments that there would be less chance for the UK to depart from EU standards in data protection post-Brexit.
Big changes planned for the future
Fast forward to 2021, Edwards’ team plan to push forward data-driven innovation, boost international trade and completely reform data protection rules as we know them, labelling this project “one of the big prizes of leaving the EU”. The Government have suggested that a staggering £11bn of trade "goes unrealised around the world due to barriers associated with data transfers".
Among the main changes put forward for the new reforms are plans to reduce those (VERY) annoying cookie permission requests when you access a website and cookie pop-up banners. The new view is that only cookies that pose a “high risk” to privacy will require consent, finding that many of them are “pointless”.
Since the second half of the pandemic, some ministers have been discussing how to modify the UK’s EU-based data protection framework, to effectively reduce user’s rights to consent, in favour of slashing “unnecessary barriers and burdens” that are often just “box ticking exercises” that can often be a nuisance when surfing the web.
Such proposed changes may lessen the administrative burden for Microsoft Partners in the long term but it will also mean keeping a close eye on how these changes will impact the data protection set up in both contracts and processes as well as updating their website terms and privacy policies.
This is part of our data protection series. Read more here:
- New EU SCCs - Are you prepared?
- How will processing personal data change post-brexit?
- More about Standard Contractual Clauses (SCCs)