Skip to main content

Hello. It looks like you’re using an ad blocker that may prevent our website from working properly. To receive the best experience possible, please make sure any ad blockers are switched off, or add to your trusted sites, and refresh the page.

If you have any questions or need help you can email us.

The pointless war on GDPR

Changing the current system will be disruptive, time-consuming, expensive and counterproductive

Image: The New European

If Liz Truss wants to present herself as the face of sensible reconciliation with Europe after her meeting with Emmanuel Macron at European Political Community (EPC) meeting in Prague last week, she will be shocked to hear about some of what happened at the Conservative Party conference, which closed only 24 hours earlier.

Amid the risible spin over her humiliating tax U-turn, there was also plenty of time for ministers and MPs to try to outperform each other with various hare-brained schemes. Top prize seemingly was destined to anyone who could come up with an idea that did not work, that would make things much worse for the British economy but which could be sold as a triumph to the rabidly anti-EU Tory rank and file.

The winner, therefore, is the new secretary of state for digital, culture media and sport Michelle Donelan, who is planning to tear up the UK’s General Data Protection Regulation (GDPR) and replace it for seemingly no good reason other than it originated with the European Union.

Data gathering might sound like some obscure branch of the computer industry, but it is now vital to almost every business, and that means data protection is vital to us all. Details of your finances, your employment, tax and legal history, your possessions and the things you like and dislike are all prized by businesses. Supermarkets use data to target deals at shoppers and advertising agencies use it to target adverts. GDPR exists to give you some power – the ability to consent, or not consent, to having your data stored and then sold on by one company to another.

The government was already in the process of changing GDPR – there is even an act going through parliament to do just that – but that has now been suspended so that the government can look at it again. Ms Donelan now says the new improved version will be a “business- and consumer-friendly British data protection system” and promises “that it will be simpler, it will be clearer, for businesses to navigate. No longer will our businesses be shackled by lots of unnecessary red tape.”

There are two big issues with this. The first is that the business world is used to GDPR and spent years preparing for it. They were starting to prepare for the new British version too, but all that work has had to be suspended and business now awaits the government’s final decision, again. As the Institute of Practitioners in Advertising’s director of legal and public affairs, Richard Lindsay complained: “from an ad industry perspective, businesses cannot afford any further disruption which a fundamental redesign would seem likely to impose.”

And although the minister seems to think that there are huge changes that can be made to these rules with no adverse effects, the second major worry is that they will just go too far. If Britain changes its data protection rules too much, makes them too slack and too easy to get around, the EU will simply refuse to accept them.

As Konrad Shek, director of policy research at the Advertising Association told me, “It depends on the ambition of the divergence. If you try to diverge too much then there is always the risk that it becomes double compliance.” An attempt, therefore, to water down the strict protections the EU has put in place means UK firms wanting to do business in the EU, or put themselves in front of European consumers – virtually all of them – would face two lots of rules, one British and one EU, and two lots of costs to implement them. “I would argue there is a general limit on how much divergence you can have before it becomes counterproductive,” said Shek.

Leaving the EU’s GDPR is likely, therefore, to be rather like leaving the Customs Union. You get to set your own very slightly different customs rules but in return, you open yourself up to massive delays and costs at the border with the EU, which far outweigh any possible benefits.

The UK has some room for manoeuvre but the basic principle is this: The EU must accept that the UK system is “adequate”; that is as good as its own system and so data transfers between the UK and EU businesses and governments can continue. If the British government rewrites its rules dramatically so that they are no longer considered “adequate” those transfers would have to stop. Firms would have no choice but to comply with both systems if they wanted to do any business at all in the EU.

The minister says the new all-British GDPR system will still be “adequate” but she also says the current system is “limiting the potential of our businesses”. Nothing could be further from the truth. Complying has allowed them access to 450 million customers; changing the system could well block them from those customers unless they pay up to comply with two different standards. It will make things tougher for businesses and restrict growth – it could even have been thought up by the anti-growth coalition.

But GDPR is only the start. The prime minister herself has declared that by the end of 2023 “all EU-inspired red tape will be history”. This is where the argument over GDPR is really helpful because it shows how pointless and indeed counterproductive this whole exercise is. The government, with a recession and energy crisis and a cost of living disaster to deal with is going to exhaust vast amounts of its bandwidth on abolishing “EU red tape”, just as it slashes away at the civil service which will be dealing with some of the fallout from its abolition.

The current system is useful to industry, which can still use it to trade across the EU. Changing it will be disruptive, time-consuming, expensive and probably pointless.

The room to “improve” or just abandon the rules and regulations we helped set as a member of the EU is almost non-existent and will make no difference to the UK economy. The OBR has looked at this exhaustively and found it makes no measurable difference to growth.

Any attempt to make UK legislation weaker or lighter will eventually hit the brick wall that is trade with the EU. Companies will just have to adopt EU rules to sell in the EU and UK ones to sell here. “Red tape” doubles. Hey presto, British industry is worse off, not better off.

The EU can even retaliate if UK law is weakened so much it means British firms enjoy an unfair advantage in the EU. There really is very little room for manoeuvre, very little if anything to be gained and a great deal to be lost.

The PM’s growth strategy, which to a great extent consists of claiming that British industry can be set free by a bonfire of EU rules, is a fraud.

Hello. It looks like you’re using an ad blocker that may prevent our website from working properly. To receive the best experience possible, please make sure any ad blockers are switched off, or add to your trusted sites, and refresh the page.

If you have any questions or need help you can email us.

See inside the What the hell is wrong with Suella Braverman? edition

Image: The New European

Alastair Campbell’s Diary: The dishonourable Paul Dacre

Why are so many stories that are bad for the government unreported in large sections of the press? Simple. Intellectual corruption

Image: The New European

Burning down the house

Mortgages helped cause the 2008 financial crash. Now they may bring about a new crisis