DCMS lifts the lid on UK GDPR reforms, including ICO restructure
The government hopes to clarify ambiguities in the law and give businesses peace of mind when processing personal data
The government is consulting on plans to revamp the UK’s data protection landscape with various measures proposed to reduce barriers to innovation alongside plans to reform the Information Commissioner’s Office (ICO).
The consultation, which runs until 19 November, seeks views from businesses, academics, lawyers and digital rights campaigners on the proposals to “create a pro-growth and trusted data regime” that favours “common sense” over “box-ticking”.
Although the government sees UK GDPR as providing an important regulatory framework, according to the consultation, it also believes there are elements of the law that hinder innovation, largely because this relatively new regime lacks interpretation as well as case law.
The Department for Digital, Culture, Media and Sport (DCMS) is concerned the current regime inhibits the use of personal data in scientific research. The reforms will examine, for instance, whether the need to identify lawful grounds for processing personal data in scientific research creates barriers to innovation.
DCMS is also seeking to reduce barriers to global data flows as the government hopes to establish trade deals with other countries now that it’s left the EU. To establish data flows between the UK and abroad, adequacy agreements are required, with the UK targeting deals with the US, Australia and South Korea in the near future.
Rather than base these adequacy agreements entirely on the letter of the law, DCMS is proposing that agreements are struck based on material risks and the envisaged real-life outcomes to data subjects.
The nature of the proposals, outlined in this consultation, is far less extreme than recent messaging from the government would suggest.
For instance, the prime minister, in June, considered following the proposals in a report that called for GDPR to be gutted. This follows comments from Dowden in March that suggested the UK would seek to diverge from GDPR in order to fuel growth in the UK. Recently, the government also indicated it plans to rewrite domestic data protection laws.
Building a winning data strategy
Get serious about data and data scienceFree download
The thinking behind the proposals in the consultation, however, runs more along the lines that the way the existing laws are interpreted hinder innovation and experimentation with data, largely because businesses are fearful of committing violations.
One theme uniting various measures is that businesses need assurances, whether that’s through a lighter-touch enforcement regime, better interpretation or sufficient buildup of case law, to give them the confidence to use data.
The proposals also centre around restructuring the ICO to mirror other UK regulators such as the Competition and Markets Authority (CMA), Financial Conduct Authority (FCA) and Ofcom. This includes hiring a chief executive as well as appointing an independent board, and follows the selection of John Edwards as the government’s preferred candidate to replace Elizabeth Denham as the information commissioner.
“Data is one of the most important resources in the world and we want our laws to be based on common sense, not box-ticking,” said the digital secretary, Oliver Dowden, who has long spoken about reforming the role of the information commissioner to fit this vision.
“Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society. These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic.”
Who is John Edwards?
Currently serving as New Zealand’s privacy commissioner, a post he has held since 2014, John Edwards is an experienced figure in the data protection landscape. He had previously practised law in Wellington for more than 20 years, specialising in information law while representing both private and public sector clients.
Edwards, who has just been confirmed for the role by the DCMS select committee in parliament, has carved a reputation in recent years for his animosity towards Facebook, having once described the company as “morally bankrupt pathological liars who enable genocide (Myanmar), facilitate foreign undermining of democratic institutions”.
In the next information commissioner, the government has long sought somebody who could champion innovation and err on the side of businesses, rather than erring on the side of enforcement and regulation. That said, Denham has been criticised by privacy campaigners for failing to take adequate enforcement action on issues such as adtech, with critics hoping her successor would take a harder line on violations of data protection law.
Join the 90% of enterprises accelerating to the cloud
Business transformation through digital modernisationFree Download
Delivering on demand: Momentum builds toward flexible IT
A modern digital workplace strategyFree download
Modernise the workforce experience
Actionable insights and an optimised experience for both IT and end usersFree Download
The digital workplace roadmap
A leader's guide to strategy and successFree Download