A "truly bespoke British data protection regime" - blue meat thrown to activists as Brexit Britain takes aim at GDPR

Fresh from crashing the British economy with its ‘fiscal event’ just over a week ago, the new Conservative government of Prime Minister Liz Truss is meeting for its annual conference this week.

The new UK regime hasn’t had the most auspicious of starts and there’s a lot of red meat - or blue meat, rather - that needs to be thrown into the rather sparse audience in Birmingham this week to keep it happy.

So, with that in mind, there goes GPDR, it seems - and with it, assuming it comes to pass, an incoming act of political and societal folly from the UK Department of Digital, Culture, Media and Sport (DCMS) that will have long-reaching impact on Brexit Britain’s trading prospects.

GDPR, the European Union’s data protection and privacy regime, has been touted around the world as a major achievement, with many other governments looking to it as a template for their own efforts to bring their own data rules into line with the modern day.

Not so on the right of the British Conservative party where it’s viewed as a totemic representation of all that’s bad with Brussel’s red tape, imposing strangulating restrictions on UK business.

While the UK Government under Theresa May and latterly Boris Johnson both publicly pledged to  continue to adhere to GDPR post-Brexit, there has also been a barely concealed intention of axing the Regulation at the first opportunity. Former DCMS boss Oliver Dowden was happily talking up the prospect of changes early last year when he stated:

I think there's real opportunities for driving growth in respect of data…In our rule making, we can take a slightly less European approach, as set out in GDPR, by focusing more on the outcomes that we want to have and less on the burdens of the rules imposed on individual businesses.

As diginomica noted at the time, this is the political equivalent of playing dare with the rest of Europe, where suspicions run high about what the UK’s long term intentions around data protection really are. Certainly, the Eurocrats are on red alert. Built into the long-delayed and desperately needed Data Adequacy agreement with Brussels is a warning that this will be regularly reviewed and subject to revocation should the UK break away from alignment with GDPR.

The next scheduled review is due in 2025, but the European Commission could take action before then if it was deemed necessary.  If the Truss administration wants data to keep flowing back and forth across the Channel, this is a dangerous gamble to take.

British, British, British

But in the new political idiocracy, gambles are what it’s all about, it seems. So it is that the present DCMS Secretary of State Michelle Donelan - and such is the febrile state of the UK political scene currently that ‘present’ is a necessary qualifier for any ministerial title - clambered to her feet at the Conservative conference to confirm:

We will be replacing GDPR with our own business and consumer-friendly British data protection system. I can promise ... that it will be simpler, it will be clearer, for businesses to navigate. No longer will our businesses be shackled by lots of unnecessary red tape.

See, there it is, that continental red tape reaching out across the water to throttle British business as part of the plan to ensure the failure of Brexit. The usual cliches were trotted out to back this up - apparently lots of churches are worried that they can’t send out the parish newsletter without breaking the law! As Donelan’s present - see proviso above - boss would doubtless have read from the auto-cue in her place:

That. Is. A. Dis. Grace! (*pause for applause with inane grin on face*)

It’s also not true, but hey ho, blue meat, people, blue meat!

So what’s to be done? Apparently the Truss government is going to achieve what the May and Johnson regimes failed to pull off and have our cake and eat it too! Donelan promises:

Our plan will protect consumers privacy and keep their data safe while retaining our data adequacy so that businesses can, of course, trade freely.

Simple, huh? 

Gone will be the spectre of Brussels rules and in will come a new regulatory regime that will have the spirit of GDPR, but distilled into Great British form, a - it says here - “truly bespoke, British system of data protection” that will “focus on growth and common sense”!

Hurrah! (*Pause for applause with determined look of Britishness on face*).

Seriously though, what does that mean, Secretary of State, what does it actually mean?

Ah well, that’s going to be a bit of a work in progress, it seems, involving lots of lovely consultation with British businesses to determine the way ahead.  What is happening in the short term is that the proposed Data Reform Bill - which planned  some amendments to data protection policy, but on the whole stuck pretty closely to pan-Europe thinking - is now on hold.

That’s presumably because it doesn’t go far enough in its ‘rip up GDPR’ intent, a regulation that the UK has apparently, according to Donelan’s view of the world, “inherited” from the EU, rather than signed up for willingly with its eyes wide-open.

My take

It is truly time that we seize this post-Brexit opportunity - that we unleash the future growth potential of our British business!

Or smash it onto the rocks?

What’s disappointing here is that on a number of other fronts, Donelan’s DCMS almost looks to be doing the right thing, even if accidentally. The privatization of Channel 4, which the public has overwhelming said in survey after survey they don’t want to see happen, has been put on hold while the new regime examines the business case. (Clue- there isn't one , beyond political ideology and a yearning for revenge over broadcasting's 'turbulent priest'!). The BBC licence review also seems to have won something of a stay of execution (for now), while the wretched Online Safety Act is also becalmed.

How significant is all that? Well, it’s enough to send Nadine Dorries, Donelan’s hapless predecessor and Boris Johnson political groupie extraordinaire - into a Twitter tailspin. Having pushed for Truss to win the party leadership and thus the Premiership, clearly the last thing 'Mad Nad' was expecting was all her carefully-laid plans to be cast aside like a discarded Prime Ministerial mistress in a matter of weeks:

Of course while attention is focused primarily on how any axing of GDPR would impact on relations with the Eurozone, turn around and cast an eye across the Atlantic and you run into a whole other set of questions. In her speech to Conservative activists, Donelan talked up aspirations to be “the bridge across the Atlantic” between Europe and the US and to act as “the world’s data hub”, whatever the hell that means. (There was, needless to say, no explanation.)

But whatever this ‘hub’ would be supposed to look like in reality rather than rhetoric, it ignores a couple of things. Firstly, we’re at a point, finally, where there’s positive action taking place around creating some form of Federal data protection and data privacy regime in the US after years of resistance - and this will borrow a fair bit from GDPR best practice.  Nice timing to be stepping away from GDPR, UK.

Secondly, a lot of US businesses are rather keen on the lead that Europe has taken on this front. Talking a couple of weeks ago to Salesforce co-CEOs Marc Benioff and Bret Taylor, for example, it was striking just how much credit both men gave to the example that GDPR has laid down (and indeed Europe as a whole on the wider topic of tech regulation). They are not alone in this in US circles.

Then again, as Truss has now abandoned all pretense that a UK/US trade deal is likely in the short to medium term - no more, front of the queue, it seems - perhaps breaking away and creating a new national data regime isn’t going to be regarded as problematic. But the optics don’t look good regardless when you desperately need US tech firms to be investing in the UK. Data sovereignty issues are challenging enough as it is without adding in more complications.

At home, the Information Commissioner’s Office issued the blandest of comments once Donelan sat down:

The debate around what happens next is likely to be couched in far more colorful and inevitably simplistic terms. The right-wing Daily Mail is already positioning the argument as being about getting rid of “constant pop-ups asking web users about their data”.

The best hope right now is that time runs out on this nonsense. With two years to go until a General Election (assuming that events don’t conspire to force a vote earlier), it’s just possible that the UK will head to the ballot box with the data protection version of 'sunlit uplands' still just an empty promise. Given the current state of the opinion polls, Donelan’s grand design might never be put into action. But then again, if a week is a long time in politics…

Dangerous games are being played.