UK declares that the EU ‘does not hold the monopoly on data protection’
Secretary of State for Digital, Culture, Media and Sport, Oliver Dowden, states that the UK does not need to copy and paste the EU’s data protection rule book post-Brexit.
There was a collective sigh of relief last month as the EU published its draft data adequacy decision for its relationship with the UK, signalling that data will likely continue to flow freely in a post-Brexit world. However, in a sign of things to come, both the UK and the EU have signalled that this adequacy agreement and the future relationship is likely to be fragile in the years to come.
For the EU's part, the European Commission said that it will seek to ensure that its decision stands the test of time and will be reviewing its ruling every four years, giving it the option to annul if it feels that London has deviated too far from its privacy requirements.
On the UK side, Secretary of State for the Department for Culture, Media and Sport, Oliver Dowden, said that privacy isn't the only requirement for an effective data regime and that the EU doesn't hold a monopoly on data protection.
Data is one of the key areas that the UK has signalled could be an area of divergence post-Brexit, which Dowden has all but confirmed in a piece for the Financial Times, where he notes that COVID-19 has shown that there are huge opportunities available for the UK's use of data.
Dowden states that privacy shouldn't be the only lens through which we view data protection frameworks and has said that the search for a new Information Commissioner will be centred around this idea. Dowden said:
After years of seeing data solely through the lens of risk, Covid-19 has taught us just how much we have to lose when we don't use it.
As I launch the competition to find the next information commissioner, I want to set a bold new approach that capitalises on all we've learnt during the pandemic, which forced us to share data quickly, efficiently and responsibly for the public good. It is one that no longer sees data as a threat, but as the great opportunity of our time.
Dowden states that the next Information Commissioner will not just be asked to focus on privacy, but will be "empowered" to ensure people can use data to achieve economic and social goals.
A new era
The Secretary of State said that the appointment of a new commissioner is just the first step in this process, but will mark the beginning of a new era for the UK, one where we should ask ourselves not just whether we have the right to use data, but whether we have the right not to.
The UK believes that businesses are currently too reluctant to use data, either because they don't understand the rules, or because they are scared of breaking them. The result is that innovation has been stifled, according to Dowden.
However, any changes made to the UK's data regime will be subject to legal challenges at the European Court of Justice. The European Commission vice-president for values and transparency has said that the EU should ensure that its decision "will stand the test of time".
Simply put, the EU clearly recognises the importance of granting an adequacy agreement for the UK, both for UK and EU businesses, but has also been clear that it reserves the right to remove it if it feels the UK is deviating too far from its principles.
The EU will clearly be concerned that the UK could slash data regulations and in the process not only create an unsafe data environment, but also potentially create a seemingly more competitive environment within the UK for businesses to invest.
Dowden has signalled that the UK will not be looking to the EU to guide its approach to data. What will worry observers is that the Secretary of State's words appear to be more ‘fighting talk' than conciliatory in nature. He wrote:
We fully intend to maintain those world-class standards. But to do so, we do not need to copy and paste the EU's rule book, the General Data Protection Regulation, word-for-word. Countries as diverse as Israel and Uruguay have successfully secured adequacy with Brussels despite having their own data regimes. Not all of those were identical to GDPR, but equal doesn't have to mean the same. The EU doesn't hold the monopoly on data protection.
So, having come a long way in learning how to manage data risks, the UK is going to start making more of the opportunities.
He added that the EU has been slow to strike international data partnerships with fast growing economies around the world. The British government estimates that £11 billion of UK service exports currently go unrealised due to barriers to international data transfers.
The UK hopes that it can strike its own agreements and capitalise on this "multi-billion pound opportunity", where distance is no object.
The Secretary of State said he will shortly be announcing his priority countries for adequacy agreements.
Whilst an adequacy agreement is in the works, it looks like this will be a contentious issue over the coming months and years - one of just many between the EU and the UK. And whilst UK businesses will be curious about what the British government has in mind - as there are no doubt data opportunities that aren't being taken advantage of - many will be cautious if privacy is not front and centre of any approach.