IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

DCMS lifts the lid on UK GDPR reforms, including ICO restructure

The government hopes to clarify ambiguities in the law and give businesses peace of mind when processing personal data

The government is consulting on plans to revamp the UK’s data protection landscape with various measures proposed to reduce barriers to innovation alongside plans to reform the Information Commissioner’s Office (ICO).

The consultation, which runs until 19 November, seeks views from businesses, academics, lawyers and digital rights campaigners on the proposals to “create a pro-growth and trusted data regime” that favours “common sense” over “box-ticking”.

Although the government sees UK GDPR as providing an important regulatory framework, according to the consultation, it also believes there are elements of the law that hinder innovation, largely because this relatively new regime lacks interpretation as well as case law.

The Department for Digital, Culture, Media and Sport (DCMS) is concerned the current regime inhibits the use of personal data in scientific research. The reforms will examine, for instance, whether the need to identify lawful grounds for processing personal data in scientific research creates barriers to innovation.

DCMS is also seeking to reduce barriers to global data flows as the government hopes to establish trade deals with other countries now that it’s left the EU. To establish data flows between the UK and abroad, adequacy agreements are required, with the UK targeting deals with the US, Australia and South Korea in the near future.

Rather than base these adequacy agreements entirely on the letter of the law, DCMS is proposing that agreements are struck based on material risks and the envisaged real-life outcomes to data subjects.

The nature of the proposals, outlined in this consultation, is far less extreme than recent messaging from the government would suggest.

For instance, the prime minister, in June, considered following the proposals in a report that called for GDPR to be gutted. This follows comments from Dowden in March that suggested the UK would seek to diverge from GDPR in order to fuel growth in the UK. Recently, the government also indicated it plans to rewrite domestic data protection laws.

Related Resource

Building a winning data strategy

Get serious about data and data science

Squares with people working connecting to a city center - whitepaper from AWSFree download

The thinking behind the proposals in the consultation, however, runs more along the lines that the way the existing laws are interpreted hinder innovation and experimentation with data, largely because businesses are fearful of committing violations.

One theme uniting various measures is that businesses need assurances, whether that’s through a lighter-touch enforcement regime, better interpretation or sufficient buildup of case law, to give them the confidence to use data.

The proposals also centre around restructuring the ICO to mirror other UK regulators such as the Competition and Markets Authority (CMA), Financial Conduct Authority (FCA) and Ofcom. This includes hiring a chief executive as well as appointing an independent board, and follows the selection of John Edwards as the government’s preferred candidate to replace Elizabeth Denham as the information commissioner.

“Data is one of the most important resources in the world and we want our laws to be based on common sense, not box-ticking,” said the digital secretary, Oliver Dowden, who has long spoken about reforming the role of the information commissioner to fit this vision.

“Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society. These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic.”

Who is John Edwards?

Currently serving as New Zealand’s privacy commissioner, a post he has held since 2014, John Edwards is an experienced figure in the data protection landscape. He had previously practised law in Wellington for more than 20 years, specialising in information law while representing both private and public sector clients.

Edwards, who has just been confirmed for the role by the DCMS select committee in parliament, has carved a reputation in recent years for his animosity towards Facebook, having once described the company as “morally bankrupt pathological liars who enable genocide (Myanmar), facilitate foreign undermining of democratic institutions”.

In the next information commissioner, the government has long sought somebody who could champion innovation and err on the side of businesses, rather than erring on the side of enforcement and regulation. That said, Denham has been criticised by privacy campaigners for failing to take adequate enforcement action on issues such as adtech, with critics hoping her successor would take a harder line on violations of data protection law.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Most Popular

Raspberry Pi launches next-gen Pico W microcontroller with networking support

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022
Xerox CEO John Visentin dies unexpectedly aged 59
Careers & training

Xerox CEO John Visentin dies unexpectedly aged 59

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022