The Taskforce on Innovation, Growth and Regulatory Reform ("TIGRR"), has published its report to the Prime Minister. The report makes recommendations regarding the UK's approach to regulation post Brexit in a number of areas, including data protection. 

Although the report makes various recommendations, these would need to be taken forward by the Prime Minister and Government in order to result in a change in UK laws. 

In relation to data protection, the report recommends replacing the UK General Data Protection ("UK GDPR") with a "new, more proportionate, UK Framework of Citizen Data Rights" which would "give people greater control of their data while allowing data to flow freely and drive growth across healthcare, public services and the digital economy". 

The report asserts that the EU General Data Protection Regulation in practice "overwhelms people with consent requests and complexity they cannot understand, while unnecessarily restricting the use of data for worthwhile purposes". The report therefore proposes reform of data protection laws to "give stronger rights and powers to consumers and citizens, place proper responsibility on companies using data, and free up data for innovation and in the public interest". The report also asserts that the GDPR "is already out of date and needs to be revised for AI and growth sectors if we want to enable innovation in the UK". 

The report states there has been an over emphasis on consent, and recommends reform to "allow for more meaningful informed consent in a way that is less intrusive". In addition, the report recommends greater emphasis on "legitimacy of data processing and whether it is really in the interests of the data owner and society". The report is critical of cookie banners as an example of individuals being "bombarded with complex consent requests". Therefore, the report states a measure of whether reform has been successful would be "the end of pointless cookie banners". 

Another recommendation for proposed reform is the creation of "Data Trusts" or "Data Fiduciaries", which would be private and third sector organisations that consumers can delegate data authorisations to. 

The report also recommends that the provisions in the UK GDPR regarding automated decision making (Article 22) should be removed. The report asserts that these obligations "make it burdensome, costly and impractical for organisations to use AI to automate routine processes". 

It remains to be seen whether any of the proposals on data protection contained in the report will be taken forward and result in changes to UK data protection law. In addition, the UK would need to be mindful of the potential impact such changes could have on any adequacy decisions issued by the European Commission under the GDPR.