None of this counts when it comes to Team Brexit's opportunities for willy-waving.
Lawyers say changes to UK data law will make life harder for international businesses
Legal experts say UK government plans to create new data protection laws will make more work and add costs for business, while also creating the possibility of challenges to data sharing between the EU and UK. Last week, the Queen's Speech – in which the British government sets out its legislative plans – said the ruling …
COMMENTS
-
-
Monday 16th May 2022 13:12 GMT Anonymous Coward
I think it's a combination of three things.
Firstly it's what Sam Lowe at the CER calls "performative divergence". Not diverging because it makes sense, just to show that divergence is possible.
Secondly I suspect that there have been a few people among the oligarchs in the 'Leader's Group' that have bought time with the government who have complained that consumers are too protected and it's hampering their business.
Thirdly I suspect the government would love to connect more and more datasets (facial recognition databases with DWP data? NHS data with the police?) and they have run into obstacles regarding data collection that is "reasonable" for a specific use.
-
Tuesday 17th May 2022 10:43 GMT Anonymous Coward
This is about NHS data and enabling it to be sold off with less restrictions. Boris has talked about data being the next gold rush, so somebody has been in his ear telling him there is serious money to be made. While not all of the NHS's data is UK centric most of it is, so its simpler (as simple as any big NHS project gets) to enable for them.
The other big winner are the big tech giants like Facebook and Google who can afford to quickly develop a new set of privacy rules just for the UK and would love more access to their customers' data.
-
-
Monday 16th May 2022 14:08 GMT NoneSuch
The politicians of this country, or indeed any country, will never admit they were wrong and would rather drive the UK to the brink of bankruptcy rather than saying BREXIT was a massive and expensive lie.
What amuses me are news shots of people who voted for BREXIT stuck in Spanish airport queues saying the Irish are getting preferential treatment. THEY ARE. They are members of the EU and we're not because of your ignorant choices and misleading politicians.
NSS icon, because NSS!
-
Monday 16th May 2022 14:58 GMT Anonymous Coward
the Irish are getting preferential treatment. THEY ARE. They are members of the EU
This is rather amusing in the context of the article. Citizens of EU countries can go through passport control faster, because those countries already share your flight & personal data between their immigration systems, as permitted by GDPR.
It would seem that you want the UK to share data when it's convenient for you, but object to it changing the DP rules to make it easier for businesses to share data. Smacks of cakeism to me...
-
Monday 16th May 2022 16:53 GMT Anonymous Coward
> Citizens of EU countries can go through passport control faster, because those countries already share your flight & personal data between their immigration systems, as permitted by GDPR.
Well the UK was ahead of the EU pack back in 2012 with e-Borders where they *required* all airlines/ferry companies to provide passenger data for those entering/leaving UK to Border Agency *before* the travel occurred (i.e. before the plane took off). Indeed the UK Gov even offered to provide this data to their equivalent bodies in the rest of EU without being asked for it.
Plus the UK has engaged in Policy Laundering ("https://wiki.openrightsgroup.org/wiki/Policy_Laundering") in the past - the UK used the fallout from the 2004 Madrid training bombings to convince the Spanish Gov to push for more EU personal data collection, all so the UK Gov could then claim "we don't want to collect this, the nasty EU is making us do it" when it fact the UK (behind the scenes) "authored" the EU's requirement for the collection.
> It would seem that you want the UK to share data when it's convenient for you, but object to it changing the DP rules to make it easier for businesses to share data.
A consideration of Data Protection law is the "balancing test", to balance individuals' right to privacy against the societal benefits of sharing the data in question. However many businesses (i.e. advertising/marketing/big data) in general don't want to do "balancing tests", they think they have a right to the data regardless.
-
Monday 16th May 2022 17:23 GMT Trigonoceps occipitalis
BREXIT was a massive and expensive lie.
One thing BREXIT is not is a lie. For good or ill we are out.
On the subject of e-gates, Portugal allows UK passport holders to enter using e-gates so there is no reason, except punishment, for not to allow UK passport holders to use e-gates to enter France, Germany etc.
I believe that EU passport holders can use e-gates to enter the UK. How about a bit of quid pro quo?
Do not assume that I support, or not, Brexit. Just an example of unnecessary friction as a result. Anyone could see it coming and, presumably, those who voted yes discounted the effects.
-
-
Tuesday 17th May 2022 05:32 GMT Anonymous Coward
Re: BREXIT was a massive and expensive lie.
Portugal allows UK passport holders to go through e-gates to speed up some of the processing, but they're still queuing up to have their passports stamped afterwards before entering Portugal. This is not treating UK passport holders the same as EU passport holders.
When EES and ETIAS come online, UK passport holders will be processed by those instead of having their passports stamped, EU passport holders won't be.
When a British passport holder travels from one Shengen country to another by land they should report their presence in each new Shengen country and be prepared to answer questions about reason for stay, place of stay, sufficient funds, etc... This is not treating UK passport holders like EU passport holders.
UK continues to use e-gates and single queues in airports because it doesn't have the space to do anything else. Likewise for goods shipments UK is waving everything through inbound because it doesn't have the infrastructure to do proper checks (smugglers' charter).
-
Tuesday 17th May 2022 10:13 GMT Warm Braw
Re: BREXIT was a massive and expensive lie.
How about a bit of quid pro quo?
Strangely enough, EU countries are not all the same and have their own procedures and autonomy. There's an implementation cost to making exceptions - such as having a special category of e-gate users who are not in the EU. Portugal (and Spain) see an economic benefit in extending access to UK citizens who are a significant source of tourist income. Other countries don't see the same imperative, though the roll-out of ETIAS may well change things. Sovereignty, innit?
What's interesting is that the UK is defiantly resisting flexibility even in the face of its own economic detriment. All of the EU citizens who could previously visit the UK with their ID cards now need a passport - which many will not get simply for the "privilege" of seeing Big Ben from a bus. It's one reason why language schools are struggling to survive and the formerly-buoyant market for EU school trips to the UK has vanished. The UK is deliberately punishing itself.
-
Tuesday 17th May 2022 12:25 GMT H in The Hague
Re: BREXIT was a massive and expensive lie.
"All of the EU citizens who could previously visit the UK with their ID cards now need a passport"
Yup! That's one thing I really don't understand. Presumably in most EU member states the ID cards and passports are generated using the same databases and are therefore pretty much equivalent. (Or have I got that wrong?) Seems pointless and must really hurt the language school and school trips market.
-
-
Tuesday 17th May 2022 14:48 GMT Roland6
Re: BREXIT was a massive and expensive lie.
>On the subject of e-gates, Portugal allows UK passport holders to enter using e-gates so there is no reason, except punishment, for not to allow UK passport holders to use e-gates to enter France, Germany etc.
Obviously wasn't paying attention!
The UK had a choice it could have negotiated with the EU about borders and movement of people as part of the Withdrawal Agreement or, as it did do wait until I had left the EU and then negotiate such matters with each individual EU member... So I suggest you address your gripe not to "the EU" but those in Westminster who negotiated the UK's withdrawal.
-
-
-
-
Monday 16th May 2022 10:14 GMT Anonymous Coward
"a data protection framework that is focused on privacy outcomes rather than box-ticking"
Actually that was what many complained about GDPR, because it says what is required but not how to do it. and most executives and lawyers really like "box-ticking" because it is simple to implement, and makes fake compliance easier.
Best practices" were introduced based on the Regulation, but are not part of the Regulation itself - there is no "box ticking" there.
-
Monday 16th May 2022 16:51 GMT Anonymous Coward
Re: "a data protection framework that is focused on privacy outcomes rather than box-ticking"
As with plenty of EU regulations, the implementation details are left to the member countries transcription in their local laws.
Eg, we in France already had strong data protection in place, with existing how-tos that didn't change mucb with the GDPR.
-
Monday 16th May 2022 17:01 GMT Anonymous Coward
Re: "a data protection framework that is focused on privacy outcomes rather than box-ticking"
> As with plenty of EU regulations, the implementation details are left to the member countries transcription in their local laws.
Nope, that would be what happens with a EU Directive.
The GDPR is a Regulation (that's what the "R" in GDPR stands for), it is not transcribed into National Law, rather the GDPR itself becomes effective in all EU member states. What the GDPR does permit, however, is derogations from some specific aspects of it and those derogations are defined/implemented by national law, e.g. the UK DPA 2018 defines some UK derogations from GDPR.
Quote from https://en.wikipedia.org/wiki/Regulation_(European_Union):
"A regulation is a legal act of the European Union that becomes immediately enforceable as law in all member states simultaneously. Regulations can be distinguished from directives which, at least in principle, need to be transposed into national law."
-
-
-
-
Monday 16th May 2022 14:37 GMT Anonymous Coward
Re: Any business experience in government?
Well there's Grant Shapps, the current Secretary of State for Transport. His Wikipedia page has plenty of information on his business dealings under the heading "Business Ventures". Apparently he founded his first business at the age of just 22. As to whether any of them were outside the UK, the item about his company "20/20 Challenge" has the prices and returns listed in US dollars.
Didn't Jacob Rees Mogg's company move to Dublin a few years ago? Although I seem to recall he's not an active director of it (he's a sleeping partner in it I think).
-
-
Tuesday 17th May 2022 11:14 GMT Anonymous Coward
Re: Any business experience in government?
Thanks for the correction - I did recall that the "move to Dublin" wasn't quite what it was portrayed as, but forgot the details. And I now see that Rees-Mogg's Wikipedia page describes him as "a partner in the business who does not make investment decisions", so he wasn't directly involved.
-
-
-
Monday 16th May 2022 10:26 GMT Philip Storry
And nothing much will change for 95% of companies
GDPR doesn't apply to territories. It applies to EU citizens.
Given that we have Northern Ireland as part of the UK, no company can operate there as an employer without having to adopt GDPR as their minimum standard for data processing.
And given that the Common Travel Area allows Irish citizens - who are also EU citizens - to work in the UK, this then extends to the rest of Great Britain.
The only way to avoid GDPR in the UK is to simply not trade with, employ, or provide services to anyone Irish. Which is hardly practical.
Of course, the hardcore Brexit supporters may see this as part of the return to the Glorious Past. No doubt they're eager to break out their old "No Irish, No Blacks, No Dogs" signs and are eagerly awaiting legislation on the latter two groups to follow.
Meanwhile everyone looking to the future will just follow GDPR because anything else would be a waste of time.
This is the most prominent example of how we'll be rule takers, not rule makers - until we rejoin the EU. Quite ironic really.
-
Monday 16th May 2022 11:07 GMT EricM
Re: And nothing much will change for 95% of companies
You seem to imply that Gov.UK will only "ease the burden" of GDPR by removing some of its rules, while otherwise keeping it compatible. In this scenario companies could simply still follow GDPR rules and go about their business as before.
But as I read the announcement, the idea really is to come up with a new, different set of rules, presumably easier, but not necessarily a subset of GDPR rules.
So companies operating in UK and the EU might end up having to comply to 2 different, even potentially conflicting sets of rules in parallel, at higher operational cost.
Conflicts might even lead to a future SchremsX decision against the UK, even further excluding UK companies from EU service business.
-
Monday 16th May 2022 11:34 GMT Doctor Syntax
Re: And nothing much will change for 95% of companies
If the EU decides that the new legislation is no longer sufficient to support adequacy then at best companies might have a lot of additional hoops to jump through to do business with EU residents.
A Schrems style situation might even become a Schrems plus. Whilst the consumer rights side of the EU pushes GDPR etc the trading side doesn't really want to avoid doing business with the US and keeps inventing new fig leaves for Schrems to tear down. They might be less inclined to do the same for a country they regard as uncooperative.
-
Monday 16th May 2022 14:37 GMT James 139
Re: And nothing much will change for 95% of companies
Something tells me, every time I read these sort of Government ideas, that they are convinced that most businesses in the UK don't do anything outside the UK.
It's the only thing that seems to make a reasonable excuse for it.
And, that being the case, only a small number are being expected to have to end up following 2 sets of rules, just a shame that past evidence suggests otherwise.
-
Tuesday 4th October 2022 15:59 GMT Anonymous Coward
Re: And nothing much will change for 95% of companies
>Something tells me, every time I read these sort of Government ideas, that they are convinced that most businesses in the UK don't do anything outside the UK.
The vast majority of UK businesses are single-operator with zero employees (~75% or 4.2m). Another 1.4m are SMEs, so most businesses don't actually do anything outside the UK - and most probably nothing outside a 25mile radius.
-
-
Monday 16th May 2022 11:21 GMT Mike 137
Re: And nothing much will change for 95% of companies
"GDPR doesn't apply to territories. It applies to EU citizens"
Unfortunately, it doesn't. It specifically applies to persons present in the territories regardless of their citizenship, and to businesses located anywhere processing the personal data of persons in the territories.
Article 3 states:"This Regulation applies to the processing of personal data of data subjects who are in the Union" So the data protection rights of an American on holiday in Paris (while they remain there) are the same as those of a permanent resident.
-
Monday 16th May 2022 11:23 GMT Doctor Syntax
Re: And nothing much will change for 95% of companies
GDPR is written into the current UK Data Protection Act, give or take a little wriggle room for HMG to indulge in its data fetish. That means it applies in the UK anyway.
The scope is a little different to what you say, however. The restriction would be on forms of business that involve collecting personal data so business to business transactions might not be affected nor consumer cash transactions. OTOH GDPR applies to EU citizens as a whole, not just Irish citizens.
A specific point about Irish ancestry, however, is that it can grant citizenship to those not born in Ireland so that my grandchildren have dual British and Irish (and hence EU) nationality despite being born in England by virtue of the fact that their mother was born in Belfast (not even in the RoI).
-
-
Monday 16th May 2022 15:04 GMT Anonymous Coward
Re: And nothing much will change for 95% of companies
The RoI has always considered NI to be part of the "national territory" (although it watered down that consititutional claim as part of the Good Friday Agreement). Anyone born in NI is an Irish Citizen, and is entitled to an Irish passport, Irish secession from the UK notwithstanding.
-
-
-
Monday 16th May 2022 12:58 GMT Len
Re: And nothing much will change for 95% of companies
The biggest problems will be for the many UK tech services companies. If you are a data analytics company and some of your customers have users all over the EU, your company will need to meet the legal requirements of the GDPR before they can give you access to some of their user data. Same if you run an online payroll system, office and collaboration tools, business process outsourcing etc. etc.
It will likely pan out as a classic case of the Brussels effect, UK companies doing international business will still have to adhere to GDPR standards. Only UK companies that target the UK alone because it's legally too much hassle to go international (betting firms? pension tools? some fintechs?) have the luxury of a single regulatory environment with reduced data protection. It will be very interesting to see what this will do the SaaS sector in the UK.
-
Monday 16th May 2022 14:11 GMT Doctor Syntax
Re: And nothing much will change for 95% of companies
The problem I see with this is that if the prevailing legislation doesn't meet GDPR requirements and something like the proposed public body data sharing comes into play then it might be impossible to claim GDPR compliance.
Never mind, companies can just set up an EU subsidiary to do what would otherwise have been done in the UK, or even just move the whole business to the EU. In the meantime the UK remains the best place in the whole world for something or other. What was it? Ah, yes: taking back control.
-
Tuesday 17th May 2022 10:42 GMT Cederic
Re: And nothing much will change for 95% of companies
It's almost as though UK companies will be prevented from doing business in the EU to the same extent that US ones are.
Oh woe, pity our poor businesses, being held back and prevented from growth, just like Google, Amazon, Apple, Facebook, Microsoft and Twitter.
-
Tuesday 17th May 2022 09:08 GMT codejunky
Re: And nothing much will change for 95% of companies
@Len
"It will likely pan out as a classic case of the Brussels effect, UK companies doing international business will still have to adhere to GDPR standards. Only UK companies that target the UK alone"
Didnt need the extra text after that. The domestic market is a real thing. I have no idea what the UK gov will do and expect they will probably cock up somehow, but if they water down rules we dont care about and dont want to apply domestically it would be a great boost domestically while those dealing with the EU will need to follow EU rules, Amazingly that is the norm when dealing with any country, we dont domestically apply Chinese law just because we want to trade with them.
Fingers crossed the gov do an overall good job
-
-
Monday 16th May 2022 15:01 GMT Anonymous Coward
Re: And nothing much will change for 95% of companies
GDPR doesn't apply to territories. It applies to EU citizens.
You have that 100% backwards. GDPR applies to processing of data concerning people who are physically present in the EU. Citizenship has absolutely nothing to do with it. An American on holiday in France has his data protected by GDPR when it's being processed by an EU company.
-
Monday 16th May 2022 17:29 GMT Anonymous Coward
Re: And nothing much will change for 95% of companies
"GDPR doesn't apply to territories. It applies to EU citizens."
First off, you appear to be referring to the EU GDPR. There is now also the UK GDPR (since the end of the transition period). Currently the UK GDPR is a copy of the text of the EU GDPR with all references to the EU crossed out and UK Goverment written in. The "risk" is that the UK Gov is making noises about changing the UK GDPR at which point it will diverge from the EU GDPR and risk the current EU's adequacy "finding" being removed.
Secondly the EU GDPR applies to EU citizens personal data no matter where they are in the world (with some caveats), but *also* applies to the processing of personal data within the EU borders regardless of whether that processing is of EU or non-EU citizens.
For example if a company based in Germany is only processing the personal data of Turkish people it still needs to comply with (aspects of the) EU GDPR.
Likewise if a USA-based/headquarterd company is processing the personal data of EU citizens it *may*, in some cases, be required to comply with aspects of EU GDPR (depending on whether it has operations/subsiduaries in the EU, whether it targets EU citizens located in the EU, etc). Obviously whether the EU could actually take action regarding any breaches of EU GDPR by a non-EU based company is another matter completely, that's why there's the requirement for such a company to appoint a EU-based Representative.
"Given that we have Northern Ireland as part of the UK, no company can operate there as an employer without having to adopt GDPR as their minimum standard for data processing."
To clarify, a Northern Ireland-based company already has to comply with UK GDPR. In your scenario they would perhaps in some cases have to comply with EU GDPR.
"And given that the Common Travel Area allows Irish citizens - who are also EU citizens - to work in the UK, this then extends to the rest of Great Britain."
This may require such NI-based and GB-based companies to comply with EU GDPR and to appoint a Representative in the EU if they do not have a EU-based subsiduary.
"The only way to avoid GDPR in the UK is to simply not trade with, employ, or provide services to anyone Irish. Which is hardly practical."
Again you mean "avoid EU GDPR".
Also how would, for example, a NI-based company avoid this scenario when they have not seen their customer's passports (including those born in NI who hold either an Irish or both Irish and British passports)? Indeed some people may not possess a passport at all (a passport is an indication of nationality, not a requirement to hold such nationality).
-
-
Monday 16th May 2022 10:55 GMT Andy E
Additional and unnecessary costs
Developing a DP regime that substantially differs from GDPR will add additional and unnecessary costs to the businesses and organisations that have to comply with its requirements.
I can't see what the attraction is, except to monetarize and share the data subjects personal data without their knowledge or consent (that's the "innovation" bit).
-
Monday 16th May 2022 12:51 GMT Nick Ryan
Re: Additional and unnecessary costs
It's definitely about making money, not "innovation". After all, these are the elected criminals that think that it is perfectly reasonable to sell country-wide personal medical data to the US pharma industry and to control this through a paper based time limited "opt-out".
-
Monday 16th May 2022 15:00 GMT Anonymous Coward
Re: Additional and unnecessary costs
Or it's another performative act by a governement used to making pronouncements to their voting base that in reality have little effect other than to make life difficult but look good as Daily Mail headlines.
ie another populist move to appeal to those who are fond of phrases like "it's data protection gone mad I tell you".
-
Tuesday 17th May 2022 06:02 GMT Dan 55
Re: Additional and unnecessary costs
"Mr Johnson, tear down those cookie banners!" cry the Mail and Express (previously briefed by government).
GDPR has nothing to do with cookie banners, that's the EPD, but it's a good excuse to get the low-information electorate cheering while more rights are removed.
-
-
Monday 16th May 2022 11:03 GMT Peter D
Improve data sharing between public bodies...
When I was a civil servant 40 years ago hardly any data sharing between government departments was allowed. For low clearance staff departments had no access to criminal records and instead personnel departments collected press cuttings relating to staff with convictions. When I later worked on computerising HR functions of a department I was amazed at the number of people whose careers had been stopped in their tracks without their knowledge because they were unlucky enough to have a local reporter write up their conviction. Now the pendulum is swinging too far in the other direction.
-
Monday 16th May 2022 18:15 GMT Anonymous Coward
Data Protection howler from Health Service org
In related news, today I finally received, via FOI Request, a HSC (Northern Ireland version of "NHS") organisation's written response to a ICO letter (relating to a case I opened with ICO):
"Let me start by apologising unreservedly for any confusion caused by previous correspondence in this matter. There clearly has been a misunderstanding collectively on our part on the legal basis applicable for use by ECR since the project was initiated."
That is the org responding to ICO's demand that the org provide documentary proof that the project used the claimed lawful basis for the processing (including sharing) of sensitive personal (health) data processing of the whole (approx 1.9 million) NI population since 2013 despite multiple sets of evidence (DPIAs, Privacy Notices, Data Sharing Agreements, emails, Public Information) to the contrary.
Basically they're admitting "no one here knows what lawful basis we've allegedly used since July 2013" - which then means that all the health-sector organisations (Trusts, GP Practices, Dentists, Pharmacists, etc) participating in this project have been breaching both the UK DPA 1998 (for 2013-2018) and GDPR/UK DPA 2018 (for 2018-the present day) on a daily basis since July 2013.
This organisation have also ignored ICO's written demand to produce said documentary proof within a 14 day period (its now 23 days beyond the end of that period). The ICO case officer apparently does not want to escalate yet to submitting a "Information Notice" (a legal demand to produce the requested information).
UK government agencies see Data Protection Law as a "blockage" that needs to be removed so that they can share all the personal data they have between all departments. The only reason we have any GDPR protections was due to the UK's membership of the EU at the time of GDPR's introduction. Now the UK Gov is starting to remove those protections step-by-step.
Things are not helped by the fact that the ICO is an ineffectual regulator and does not have the "regulatory appetite" to adequately enforce data protection law.
-
-
Tuesday 17th May 2022 15:26 GMT Anonymous Coward
Re: Data Protection howler from Health Service org
"Does not knowing what lawful basis they used mean the data was shared unlawfully? Or that they broke the law in not correctly recording it?"
As per Data Protection law "they" (the participant organisations involved in the sharing) were required to identify (i.e. decide upon) one, or more, lawful bases for processing personal data and one, or more, lawful conditions for sharing sensitive personal data (i.e. health related).
That they failed to document said identified lawful bases and conditions, in this case via the project/system's Data Sharing Agreement (DSA), means they cannot prove (i.e. to ICO) that they reached any such decision. The burden of proof lies with them.
If they never identified any lawful basis (and lawful condition in this case as they are processing health data) then they have clearly acted unlawfully.
It is further complicated for them as there is not just a single organisation involved - there needs to be a form of Data Processing Agreement (DPA) in place between organisations (whether for Controller-Processor or Joint Processors relationships) and that document must contain information regarding lawful bases/conditions as it forms one of the "strands" that governs the data protection relationship between the orgs and all the orgs need to understand what they are agreeing to and so that information must be in whatever DPA document they sign. For this particular system/sharing their DSA acts as the required DPA document.
The IT system enables the sharing of personal health data between 500+ organisations and its DSA governs the operation of the system as well as the participants involvement (i.e. sharing) with the system - however the agreed versions of the DSA never defined *any* lawful bases or lawful conditions used (and therefore none were agreed by the parties). As the DSA is the sole legal "framework" for any such sharing to occur then the lack of definition of lawful bases and conditions means any sharing has never occurred in a fashion compliant with Data Protection law and therefore has been unlawful.
Other related documentation such as multiple DPIAs, Privacy Notices, etc each refer to differing lawful bases/conditions allegedly being used. Basically the orgs (well actually the org running it on behalf of the others) can't even tell a consistent story, every document they produce, every letter they write, tells a different story.
Additionally as approx 470+ of those organisations allegedly party to the DSA have never actually seen/agreed/signed the DSA then any sharing that those organisations performed or use they made of data shared by the other orgs (who did agree to the DSA) via the system has been unlawful. Likewise the orgs that did agree to the DSA are on the hook (i.e. as Joint Controllers) for the use they made of data shared by the orgs who never agreed to the DSA.
-
-
-
Monday 16th May 2022 20:55 GMT Anonymous Coward
Misdirection and Window-Dressing......
Quote: "...replace the EU's General Data Protection Regulation (GDPR) to ease the burden on business with an approach to data protection that encourages innovation while retaining protection of personal data and privacy...."
Quote: "...creating a data protection framework that is focused on privacy outcomes rather than box-ticking...."
Quote: "...the UK will go its own distinctive way with data protection..."
Link1: https://www.bloomberg.com/features/2018-palantir-peter-thiel/
Yup....Palantir now contracted to work on the NHS!!
Link2: https://www.theregister.com/2022/01/10/ipco_report_2020/
Yup....GCHQ "keeping us safe"....by ignoring UK Laws!!
Link3: https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds
Yup...the usual excuse "The data is anonymised".....is a lie....see Link1.
So....who do you believe?
My take: GDPR is (still) a joke......
....and the proposals reported here are misdirection and window dressing.......
Link4: https://www.wired.com/1999/01/sun-on-privacy-get-over-it/
Yup....Scott McNealy got it right twenty-three years ago.......