UK seeks divergence from GDPR to 'fuel growth'

Experts warn that deviating too much from the EU's regime would jeopardise the UK’s fragile data adequacy status

The UK in red and the EU in blue as seen in a digitised map

Digital secretary Oliver Dowden has signalled the UK will explore ways to diverge from the General Data Protection Regulation (GDPR) to find a “sweet spot” that will encourage growth in the post-COVID economic recovery.

Although he said the UK won’t be seeking to water down data protection standards, the government will explore ways to tweak the rules where there might be opportunities to encourage economic growth, according to Reuters.

However, legal experts have warned that the recently-secured draft data adequacy decision could be jeopardised if the EU sees any signs that the UK is attempting to break away from core GDPR principles.

“There is a sweet spot for the UK whereby we hold onto many of the strengths of GDPR in terms of giving people security about their data,” Dowden told reporters. “But there are obviously areas where I think we can make more progress.”

“In our rule-making, we can take a slightly less European approach as set out in GDPR by focusing more on the outcomes that we want to have and less on the burdens of the rules imposed on individual businesses.”

The digital secretary added Britain could deviate from GDPR while maintaining adequacy, arguing it wasn’t a binary choice between driving growth and sacrificing adequacy, or retaining adequacy and stifling growth. His views echo recent government assertions that the next Information Commissioner will seek to correct an apparent “imbalance” favouring privacy rights.

However, a lecturer in digital rights and regulation with UCL’s Faculty of Law, Dr Michael Veale, argued that the draft decision is highly fragile and that there’s a serious risk it won’t be translated into a formal agreement.

“It barely mentions this very large elephant in the room, which is the UK’s surveillance regime,” he said, listing an example during a policy event on Tuesday. “Another data flow that we’ve seen many times is the data flow between the UK and the US, and in practice, the Court of Justice of the European Union (CJEU) has been very clear in other cases about factors which seem to directly contradict what we see in the UK regime.

“Potentially the largest risk to data flows is that the UK will become an onward transfer hub for information to the United States in particular. The CJEU has held many times that the US surveillance regime provides negligible protection to foreigners, negligible standing of any type in court or judicial remedy, and in these cases, when data is flowing to the UK, data can flow to data intelligence regimes effectively based on a political decision by the secretary of state.”

Although the government has signalled its intent to deviate from GDPR, it is yet to detail exactly how that will happen or why such a deviation is necessary.

Phil Earl, deputy director for data strategy implementation within Dowden's own department and also present at Tuesday's policy event, admitted that the government's anxieties were largely based around the perception that GDPR has created, adding that any evidence of GDPR serving as a barrier to growth was largely anecdotal, with the wider discourse around GDPR fostering a culture of fear in which businesses hadn't been given the confidence to innovate.

Dowden's comments come just weeks after the EU granted the UK two draft decisions on data adequacy, meaning that it considers the UK’s data protection laws and standards to be compatible with its own.

While a positive outcome wasn’t in doubt - given how closely the UK's Data Protection Act 2018 reflects GDPR - of greater concern was the time it would take to reach a decision following Brexit. Delays in reaching an agreement would have disrupted data flows between the EU and the UK, and potentially harmed the economy.

Now, EU lawmakers are likely to be on alert following Dowden’s comments, given the fragile nature of the draft decision and ongoing concerns about the UK’s commitment to GDPR. Last year, for example, the European Data Protection Board (EDPB) called into question the UK’s prospective adequacy status in light of a preliminary data sharing-agreement struck between the UK and the US.

While not commenting on any data-sharing relationship with the US specifically, Dowden echoed the government’s previous sentiments that Britain could move faster than the EU to strike data-sharing deals with non-EU countries.

The government has also said it won't move at speed to change the UK’s data protection regime, and would only draft proposals after consulting with UK organisations. These will be fed into a wider set of policies based on using technology to boost economic growth, once the effects of the pandemic have waned.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021