UK to veer away from GDPR in hope of global data-based opportunities
The UK plans to move away from the EU’s General Data Protection Regulation (GDPR) which it adopted before Brexit, with the hope of becoming more competitive internationally for services involving data. It is forming a new committee to oversee the changes and appointing a new Information Commissioner. The country will have to ensure that it does not stray so far from GDPR that it is no longer compatible with the bloc, and must establish data adequacy agreements with countries worldwide.
GDPR provides the legal criteria that has been used by regulators to set rules around biometrics deployments in Europe.
The announcement by Oliver Dowden, Secretary of State for Digital, Culture, Media and Sport, positions the move as seizing opportunities: “It is part of new plans to use the power of data to drive growth and create jobs while keeping high data protection standards. It will work hand in hand with the UK’s trade agreements and support the country’s ambitious trade agenda to unlock data flows and minimize unjustified barriers or conditions.”
His government transferred the 2018 GDPR into UK law ahead of Brexit to minimize any disruption. Since its introduction across the EU, the regulation has become something of a gold standard internationally and forms a template for countries devising their own data protection laws.
Dowden lists the UK’s new ‘data adequacy’ partnership priorities as the U.S., Australia, South Korea, Singapore, the Dubai International Finance Centre and Colombia. Its next set of priorities will then be India, Indonesia, Brazil and Kenya, whose own new Data Protection Act is modelled on the GDPR.
According to the statement, the UK already exports £80 billion (U.S.$110 billion) of “data-enabled” services to these ten destinations.
Data adequacy partnerships are where one country assesses that another country has good enough data protections in order for it to be deemed safe to send data there. The UK already has 42 such agreements in place including EU members (for now), Japan, Canada, Uruguay, Crown Dependencies and Israel.
“It means reforming our own data laws so that they’re based on common sense, not box-ticking,” Oliver Dowden is quoted as saying, “And it means having the leadership in place at the Information Commissioner’s Office to pursue a new era of data-driven growth and innovation. John Edwards’s vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals.”
John Edwards, the New Zealand Privacy Commissioner, is named as the preferred candidate to be the UK’s next Information Commissioner. The announcement’s description of his role delivers perhaps the most concerning hint at what may be to come: “As Information Commissioner and head of the UK regulator responsible for enforcing data protection law, he will be empowered to go beyond the regulator’s traditional role of focusing only on protecting data rights, with a clear mandate to take a balanced approach that promotes further innovation and economic growth.”
Despite GDPR becoming the global reference for data protection interoperability, the statement makes no reference to it, except in noting John Edward’s experience in making New Zealand’s data protection compatible with it.
“He will be able to help the UK achieve its aims of maintaining equivalence with the EU’s data standards, so personal data can continue to flow freely, while developing a new pro-growth approach to data law,” says the statement.
British media has honed in on Digital Secretary Dowden’s message of “It means reforming our own data laws so that they’re based on common sense, not box-ticking” as a potential end to data and cookie consent pop-ups on websites. But privacy campaigners have been more forthright on what the government’s interpretation of “common sense” might mean:
The Government wants to take away data rights in the UK – laws we use to push back against live facial recognition, digital strip searches, biometric data theft + more.
We’re fighting a data heist whilst on the brink of an AI revolution. This isn’t a time for ‘light touch’ laws. https://t.co/0Yvgdx20hZ
— Big Brother Watch (@BigBrotherWatch) August 26, 2021
Big Brother Watch warns of “biometric data theft” and a “data heist whilst on the brink of an AI revolution.”
The EU has said it is monitoring the UK’s decision “very closely,” reports the Financial Times, which quotes an EU spokesperson as saying “in [a] case of justified urgency” that threatened its citizens, it would “immediately” revoke its data-sharing arrangement with the UK.
“There is a great opportunity to build on the wonderful work already done and I look forward to the challenge of steering the organisation and the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all,” John Edwards is quoted as saying.
The British government’s most recent attempt at data usage for the benefit for all – to share anonymized doctors’ records for medical research purposes – has had to be postponed after facing severe public backlash and millions of people pre-emptively opting out.
The plans will eventually go even further according to the statement: “[The government] believes improved data sharing can help deliver more agile, effective and efficient public services and help make the UK a science and technology superpower
“The aim is to make the country’s data regime even more ambitious, pro-growth and innovation-friendly, while still being underpinned by secure and trustworthy privacy standards.”