UK reveals post-Brexit data reforms alongside flurry of international agreements

The US, Australia, and South Korea are among the countries the government is prioritising for multi-billion-pound adequacy agreements

The UK appears to be distancing itself from the EU’s GDPR with the announcement of plans to rewrite domestic data protection laws while pursuing lucrative data adequacy agreements with countries around the world.

The government has revealed a package of measures that will see it “move quickly and creatively” to strike adequacy agreements with a range of nations worth more than £11 billion in untapped trade. These will be subject to assessments to ensure high data protection standards, according to the Department for Digital, Culture, Media and Sport (DCMS).

The first territories the government will negotiate with are the US, Australia, South Korea, Singapore, the Dubai International Finance Centre, and Columbia. These agreements will be followed by negotiations with India, Brazil, Indonesia, and Kenya. The UK currently recognises the data regimes of 42 countries as being adequate with its own.

The government has also identified New Zealand’s privacy commissioner John Edwards as its preferred candidate to replace Elizabeth Denham as the UK’s Information Commissioner, with a revised remit prioritising innovation over enforcing privacy rights.

“Now that we have left the EU I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK,” said DCMS secretary Oliver Dowden.

“That means seeking exciting new international data partnerships with some of the world's fastest growing economies, for the benefit of British firms and British customers alike.”

At the heart of this package of measures are plans to reform domestic data laws so they’re “based on common sense, not box-ticking”, Dowden added. This is the most explicit signal yet that the UK will distance itself from GDPR, with the government suggesting the current regime is antagonistic towards innovation.

The government has previously signalled that it’s keen on scrapping GDPR rules, with prime minister Boris Johnson commissioning a task force earlier this year to examine the UK’s data protection regime.

This panel, comprising three right-wing Conservative MPs, blasted GDPR as being “prescriptive and inflexible” and recommended replacing the current regime with a new framework for data protection.

Government officials have also suggested that the Information Commissioner’s Office (ICO) focuses too heavily on privacy rights and data protection, and not enough on innovation. This is considered an ‘imbalance’ that needs addressing, with the government looking to John Edwards’ appointment as a chance to reform the role of the data protection watchdog.

In the coming weeks, the government will launch a consultation on how to change domestic data protection laws so it can “break down barriers” and speed up innovation, give businesses greater license to use data, and improve public services.

How exactly this data protection regime will be structured, and how vastly it might differ from GDPR, isn't clear. However, briefing national newspapers in advance of this announcement, officials said it would lead to the end of web cookie requests.

Related Resource

Building a winning data strategy

How to build analytics agility, become a data-driven enterprise, and more

Squares with people working connecting to a city center - whitepaper from AWSFree download

“This set of ambitious announcements is welcome," said director of markets with techUK, Matthew Evans. "Data is a foundational asset for modern societies, creating accessible and trusted routes for businesses, civil society and researchers to access data from around the world will help drive innovation and create better digital services.

“However, these new routes must be trusted and command the confidence of the public. TechUK, therefore, welcomes the technical assessment criteria and commitment to high privacy standards laid out by the Government. Both of these will be vital to maintaining access to existing data flows, such as from the EU as well as opening up global opportunities."

European officials are expected to follow these developments closely given the UK was only awarded a data adequacy agreement with the EU in June. This indicates that the EU considers the UK’s data protection laws are harmonised with its own, which paved the way for data flows to continue post-Brexit without the need for businesses to pursue individual alternative mechanisms, such as standard contractual clauses (SCCs).

Any changes to UK data protection laws, however, might threaten the status of this agreement in future, with the agreement subject to being reviewed every four years while also being susceptible to legal challenge at any time.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021