Hogan Lovells partner gives testimony to UK Parliament on the future of data privacy
24 May 2023, London – Hogan Lovells Global Co-head of Privacy and Cybersecurity, Eduardo Ustaran, provided testimony this month to the UK Parliament’s Public Bill Committee, which is currently scrutinising the proposed Data Protection and Digital Information Bill. Also putting UK data protection law in the spotlight this month is the 5th anniversary of the GDPR.
Introduced last year as a way to reduce compliance costs for businesses whilst providing protections for individuals’ privacy and data security, the current Bill, rather than replacing existing UK data protection legislation, amends the existing UK GDPR (the UK’s retained version of the EU General Data Protection Regulation). Ustaran highlighted that “The way to look at UK data protection reform is to regard it as a useful exercise not just for the UK, but for the EU and the world at large because it is looking at how to reform elements of the law in order to make it more effective and pragmatic.” According to Ustaran “This is an important perspective in terms of a legal reform that may possibly influence the way in which the EU GDPR evolves.” .
Recognising that consistency is key to compliance, Ustaran pointed out that “the proposed UK data protection law will provide a baseline for compliance with the UK and the EU GDPR, which is key to achieving global compliance with data protection law. Some organisations are exploring applying the proposed new approach to UK data protection law in order to operate across the world in an efficient but still compliant way.”
The absence of radical change to the proposed UK data protection framework means the amendments do not affect the essence of UK data protection law. Therefore, Ustaran explained that “the changes that are being proposed are extremely unlikely to affect the adequacy determination by the European Union in the same way that if the EU were to make the same changes, the UK would be very unlikely to withdraw its own adequacy determination of EU data protection law.”
According to Ustaran “What is crucial is that we look at how the existing GDPR can be made more modern and relevant, especially in light of new technologies such as AI.”
Some giving evidence felt that the Bill could go further, especially with regard to issues around AI and the use of algorithms to avoid bias and discrimination.
Ustaran has noted previously that AI regulation has a lot to learn from current privacy regulation. “AI, and particularly its reliance on personal information for machine learning purposes, can effectively be regulated through the thoughtful application of long-standing principles. Well-known building blocks of sophisticated privacy frameworks around the world, not least the GDPR, are applicable to and compatible with the responsible development and use of AI.”
The Bill is in the early stages of its legislative development and must clear several more hurdles before it becomes law later this year.