Monday Morning Moan - playing dare with data adequacy is a digitally dumb idea for Brexit Britain

The UK government’s oft-rehearsed intention to turn Brexit Britain into a global digital powerhouse got another airing last week as the country’s Department of Digital, Culture, Media and Sport (DCMS) dusted down its ‘mission statement’, this time around grouped into ten bite-sized chunks of 'approving headline'-shaped policy. 

Frankly, there’s nothing that we can’t all hum along with here, given how many times we’ve heard this particular tune before. The UK will be “unlocking the power of data”, it seems, and “unleashing the transformational power of tech” as well as that old classic of “rolling out world-class digital infrastructure nationwide”. 

That last chunk of the digital mega-mix has been a particular favorite with government ministers for many years now, with former DCMS minister Matt Hancock, UK tech’s very own Jive Bunny, repeatedly promising ‘broadband for all’ at every opportunity, while simultaneously announcing and re-announcing the same (actually rather small) pot of funding to help the country hit the high notes. 

How did that work out? Ask my broadband connection, currently boasting a BT guaranteed download speed of 1 mbps. No, that’s not a typo, there’s no ‘0’ missing there as you might expect, let alone a couple of them as you might hope. It’s just one. That’s the internet speed BT will currently guarantee in the center of a city in the South East of England in 2021. (What Hancock’s ‘broadband for all’ money went on, lord alone knows. Maybe it went on the PR budget to keep flogging the same budget allocation as new cash every few weeks?)

So forgive me if I don’t feel that the latest chorus from Hancock’s successor Oliver Dowden represents any kind of serious key change as he promises that the UK is going to be "levelling up digital prosperity", "using digital innovation to reach carbon Net Zero" and, of course, "championing free and fair digital trade". 

Dare you! Go on, I dare you! 

Actually that last claim is the only one that elicited any form of reaction from me as its timing co-incided with what looks like the scaling up of some decidedly ill-advised brinksmanship with the European Union on the subject of data protection.

It’s only a matter of weeks ago that the European Commission (EC) agreed a data adequacy agreement in principle with post-Brexit Britain. Such an agreement is needed to ensure that data can flow between the UK and EU freely, without the need for businesses to engage with additional mechanisms and standard contractual clauses that consume a lot of time and money and might slow down arrival at the "sunlit uplands" of Brexit.

When part of the EU, the UK was deemed ‘adequate’ in terms of data protection standards due to coming under the auspices of the General Data Protection Regulation (GDPR), in common with all other 27 member states. 

But while the British government had stated during the Brexit negotiations that GDPR would continue to be the standard it would adhere to, there were many in Europe suspicious of the UK’s longer-term intent, particularly in relation to its thoughts on state-sponsored snooping, where a leaning towards a more US-flavored bent was feared.

As such the data adequacy approval didn’t come in time for Brexit day itself and is only now falling into place with highly-vocal caveats from the EU side about the importance of regular review based on how the UK is ‘behaving’ itself’. 

Paranoia on the part of the Eurocrats? Maybe not, as Minister Dowden took it upon himself, with the ink not even dry on the data adequacy deal itself, to start mouthing off in public about the UK taking “a slightly less European approach to privacy" in the future, which will only have the sceptics on the continent arguing, ‘I told you so!’. 

Don't play that song again!

The Dowden comments shouldn’t come as any surprise. Earlier this month the DCMS stance was that the EU "does not hold the monopoly on data protection", factually accurate perhaps, if staggeringly diplomatically inept given the lack entente cordiale that already existed on the subject. But his latest remarks can only escalate tensions as he told journalists: 

I'm seeking to set out where we are going to go with data now that we have left the European Union and are not subject to EU jurisdiction…I’m very keen that we ensure that we continue to have strong data protections and indeed that's why the EU has provisionally recognised us as data adequate, but I think there's real opportunities for driving growth in respect of data.

Zut alors! That noise you can hear is the French:

Je te l’ai dit!

Dowden went on:

There is a sweet spot for the UK whereby we hold onto many of the strengths of GDPR in terms of giving people security about their data, but there are obviously areas where I think we can make more progress. In our rule making, we can take a slightly less European approach, as set out in GDPR, by focusing more on the outcomes that we want to have and less on the burdens of the rules imposed on individual businesses.

Gott im Himmel! That noise you can hear is the Germans: 

Ich habe es Ihnen gesagt!

To be fair, Dowden is consistent in his view in so far as he appears to think that pretty much every country has failed to get data protection legislation right: 

Clearly countries like China have a very strong state role, if you look to the US they have the interests of very large tech companies that predominate them, and I think the EU increasingly looks to a slightly more protectionist view of data.

O jee! That noise you can hear is the Dutch: 

Dat zei ik toch!

My take

Linguistic jests apart, this is a very dangerous game for Dowden to be playing, presumably in the cause of furthering ‘look at all the things we can do now we’re not held back by Brussels’ party line for the Brexit faithful.

It comes as DCMS has also been citing new data from UK trade body Tech Nation - based on figures provided by the Office for National statistics (ONS) and Companies House - to the effect that 19,465 new tech businesses were set up in the UK in 2020, while it was also a record year for venture capital into British ICT firms. 

Of course, all this happened in a year when the UK was still fully-compliant with GDPR and with data flowing unimpeded both ways across the English Channel. Start messing around with ‘improving’ the UK data regime and the response from Brussels could well be to start making life more complicated and more costly for fledgling firms and established UK-based International players alike.

When might all this occur?  Well, Dowden’s made it clear that his plan is to get someone else to do his dirty work for him, namely whoever takes over as the new Information Commissioner. Among the chosen candidates required qualities will be, it seems, that he or she is “somebody that is not just focusing on data through a negative prism” in terms of how data protection rights are ensured, but someone who’ll take policy decisions aimed at “creating opportunities for business”. 

I want to be proven wrong here, but I fear the Eurosceptics were right - and I don't mean the Brexit-backing ones in the UK. The concern in the EU about Britain's online security regime is genuine and loose talk like this from Dowden is only going to increase those fears among the doubters. And in a week when Wired revealed that revealed that the UK government is secretly trialing web snooping tech with the help of a couple of unnamed ISPs, who can blame them for being concerned?  

By all means, let's have another national sing-along about making Britain the heart of a global digital empire - and I am all for the aspiration, just totally lacking any belief that the people are in power to make it happen! - but when it comes to data protection, let's leave well alone. The UK doesn't need a cover version of GDPR!