IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK reveals post-Brexit data reforms alongside flurry of international agreements

The US, Australia, and South Korea are among the countries the government is prioritising for multi-billion-pound adequacy agreements

The UK appears to be distancing itself from the EU’s GDPR with the announcement of plans to rewrite domestic data protection laws while pursuing lucrative data adequacy agreements with countries around the world.

The government has revealed a package of measures that will see it “move quickly and creatively” to strike adequacy agreements with a range of nations worth more than £11 billion in untapped trade. These will be subject to assessments to ensure high data protection standards, according to the Department for Digital, Culture, Media and Sport (DCMS).

The first territories the government will negotiate with are the US, Australia, South Korea, Singapore, the Dubai International Finance Centre, and Columbia. These agreements will be followed by negotiations with India, Brazil, Indonesia, and Kenya. The UK currently recognises the data regimes of 42 countries as being adequate with its own.

The government has also identified New Zealand’s privacy commissioner John Edwards as its preferred candidate to replace Elizabeth Denham as the UK’s Information Commissioner, with a revised remit prioritising innovation over enforcing privacy rights.

“Now that we have left the EU I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK,” said DCMS secretary Oliver Dowden.

“That means seeking exciting new international data partnerships with some of the world's fastest growing economies, for the benefit of British firms and British customers alike.”

At the heart of this package of measures are plans to reform domestic data laws so they’re “based on common sense, not box-ticking”, Dowden added. This is the most explicit signal yet that the UK will distance itself from GDPR, with the government suggesting the current regime is antagonistic towards innovation.

The government has previously signalled that it’s keen on scrapping GDPR rules, with prime minister Boris Johnson commissioning a task force earlier this year to examine the UK’s data protection regime.

This panel, comprising three right-wing Conservative MPs, blasted GDPR as being “prescriptive and inflexible” and recommended replacing the current regime with a new framework for data protection.

Government officials have also suggested that the Information Commissioner’s Office (ICO) focuses too heavily on privacy rights and data protection, and not enough on innovation. This is considered an ‘imbalance’ that needs addressing, with the government looking to John Edwards’ appointment as a chance to reform the role of the data protection watchdog.

In the coming weeks, the government will launch a consultation on how to change domestic data protection laws so it can “break down barriers” and speed up innovation, give businesses greater license to use data, and improve public services.

How exactly this data protection regime will be structured, and how vastly it might differ from GDPR, isn't clear. However, briefing national newspapers in advance of this announcement, officials said it would lead to the end of web cookie requests.

Related Resource

Building a winning data strategy

Get serious about data and data science

Squares with people working connecting to a city center - whitepaper from AWSFree download

“This set of ambitious announcements is welcome," said director of markets with techUK, Matthew Evans. "Data is a foundational asset for modern societies, creating accessible and trusted routes for businesses, civil society and researchers to access data from around the world will help drive innovation and create better digital services.

“However, these new routes must be trusted and command the confidence of the public. TechUK, therefore, welcomes the technical assessment criteria and commitment to high privacy standards laid out by the Government. Both of these will be vital to maintaining access to existing data flows, such as from the EU as well as opening up global opportunities."

European officials are expected to follow these developments closely given the UK was only awarded a data adequacy agreement with the EU in June. This indicates that the EU considers the UK’s data protection laws are harmonised with its own, which paved the way for data flows to continue post-Brexit without the need for businesses to pursue individual alternative mechanisms, such as standard contractual clauses (SCCs).

Any changes to UK data protection laws, however, might threaten the status of this agreement in future, with the agreement subject to being reviewed every four years while also being susceptible to legal challenge at any time.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022