UK promises big data law shake-up... while also keeping the EU happy, of course. What could go wrong?
New Information Commissioner to be given licence to promote 'innovation and growth'
The UK has named a new Information Commissioner and announced a bullish approach to reforming data laws post-Brexit. That is, if it's all OK with the European Union.
Digital Secretary Oliver Dowden promised the UK would "seize the opportunity" offered by the UK's departure from the EU "by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK."
The target of the new data shake-up will be cookie consent pop-ups, designed to help websites comply with EU law while allowing the traffic-tracking nuggets of code.
Speaking to The Telegraph newspaper, Dowden said he planned to do away with "endless" cookie banners and only apply them when cookies pose a high risk to individuals' privacy.
But any changes to UK law would have to maintain the EU adequacy ruling which allows data to be shared with non-member states. Otherwise, data transfers between the UK and EU would be hit with red tape.
Dowden said the UK would continue to align with the EU's General Data Protection Regulations (GDPR) and that Britain would set a "gold standard" in data regulation, "but do so in a way that is as light touch as possible."
- UK gains 'adequacy' status on data sharing with EU, but making that stick all depends on how much post-Brexit law diverges
- UK data watchdog sees its approach to government health tech during COVID-19 outbreak as 'pragmatic'
- Zoom incompatible with GDPR, claims data protection watchdog for the German city of Hamburg
- England's controversial extraction of personal medical histories from GP systems is delayed for a second time
In June, the EU formally voted for proposals to give the UK "adequate" status in its data protection laws, allowing data sharing to continue post-Brexit. But at the time lawyers warned that there would be ongoing review of the UK's status and the European Commission reserved the right to revoke the adequacy decision if the UK went too far in liberalising its regime, particularly with respect to international transfers of data.
The UK is prioritising its own "data adequacy" partnerships with the United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre, and Colombia, with India, Brazil, Kenya, and Indonesia also on the list.
Dowden told The Telegraph there was "absolutely no reason why the EU needs to change that determination" and there are "no grounds whatsoever to say we've somehow watered down our privacy protections."
The UK is an "independent country and we will determine the way forward based on what is in our national interest," he added.
The government also said New Zealand Privacy Commissioner John Edwards was its preferred candidate to become the UK's next Information Commissioner, succeeding Elizabeth Denham.
As well as heading up the regulator responsible for enforcing data protection law, he would be empowered to "to take a balanced approach that promotes further innovation and economic growth."
In a pre-canned release, Dowden said the Information Commissioner would be able to "pursue a new era of data-driven growth and innovation." Exactly how far he can go will depend on the European Commission's view of the UK's new data protection plans, which are due to be published in detail in September.
Prospect trade union's research director Andrew Pakes commented on the news: “The UK has some of the highest data privacy standards in the world. Today’s announcements on the data strategy must build on these foundations rather than start a bonfire of the regulations.
“The public will rightly want reassurance that the UK will continue to strengthen data safeguards, in particular over the growth of remote work surveillance tools triggered by the pandemic.” ®