Brexit Britain took the first teetering steps towards deviating from its agreed alignment with European Union (EU) data protection standards yesterday, but failed to deliver much by the way of detail.
As Prince Charles delivered the Queen’s Speech to the Houses of Parliament yesterday, contained within the legislative program outlined was a reference to data reform. This had been widely flagged up with UK Government ministers making claims for some time that the country’s data protection regime should be ‘less European’ - for which, read less complex and onerous in its requirements on business. This, runs the argument, is a so-called Brexit Benefit and makes the UK a more attractive place for inward investment and doing business.
It’s also likely to result in a breakdown of the already hard-won data adequacy agreement with the EU, the consequences of which are yet to be mapped out. The existing adequacy deal runs out in 2024 and is subject to approval for renewal based on how closely the UK has kept to the EU standards.
The UK Department for Digital, Culture, Media and Sport (DCMS) said on its website that:
Government wants new data regime “based on common sense, not box ticking” to cement UK’s position as a science and tech superpower. (SIC)…Now that we have left the EU, the government wants to create a pro-growth and trusted data regime that unleashes data’s power across the economy and society, for the benefit of British citizens and British businesses.
It goes on:
The government will maintain the UK’s world-leading data protection standards and proposals will be built on key elements of the current UK data protection regime (General Data Protection Regulation (UK GDPR) and Data Protection Act 2018), such as principles around data processing, people’s data rights and mechanisms for supervision and enforcement.
However, the government recognises that the current regime places disproportionate burdens on many organizations. For example, a small hairdressing business should not have the same data protection processes as a multi-million pound tech firm. Our reforms would move away from the “one-size-fits-all” approach and allow organisations to demonstrate compliance in ways more appropriate to their circumstances, while still protecting citizens’ personal data to a high standard.
Apparently the reforms planned will:
- Cement our position as a science superpower, simplifying data use by researchers and developers of AI and other cutting edge technologies.
- Build on the unprecedented and life-saving use of data to tackle the COVID-19 pandemic.
- Secure the UK’s status as a global hub for the free and responsible flow of personal data - complementing our ambitious agenda for new trade deals and data partnerships with some of the world’s fastest growing economies.
- Reinforce the responsibility of businesses to keep personal information safe, while empowering them to grow and innovate.
- Ensure that the ICO (Information Commissioner’s Office) remains a world-leading regulator, enabling people to use data responsibly to achieve economic and social goals.
Digital Secretary Oliver Dowden is quoted as stating:
Data is one of the most important resources in the world and we want our laws to be based on common sense, not box-ticking. Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society.
These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic.
But what can you expect from a government department responsible for digital whose Secretary of State is happy to tell journalists that the internet is about ten years old?
DCMS inevitably trotted out some supportive comments to back up its case. According to Bojana Bellamy, President of Centre for Information Policy Leadership (CIPL):
The UK Government’s plan to reform data protection regime is bold and much needed in the modern digital and data driven age. It could be a win-win for all – organisations, individuals, and society…I hope other countries follow the UK’s lead.
Sue Daley, Director of tech and innovation at UK tech trade association techUK, took a more cautious stance:
The data reform consultation is the start of an important conversation that must include a wide range of stakeholders to explore how we could make the UK’s data protection framework work better for citizens and businesses.
That's true - but how likely is it that ministers are (a) ready to listen (b) capable of understanding what they're being told?
Brussels is going to be on red alert about any deviation from and downgrading of protection levels. - and with the Northern Ireland Protocol seemingly set to be torn up by the UK, Eurocrats are unlikely to be in the mood to play nicely in terms of their response.
This is a bad idea.