Article first appeared on DeHavilland’s blog.
The future of UK data policy has been announced, with an overhaul of how data within the UK will be regulated and protected in order to create an innovation-friendly data protection regime. It’s ambitious, looks to strike a balance between innovation and safety, and could set the UK on a collisional course with the EU.
Here’s the top 3 things you need to know.
1. Innovation driven but safety centred
The Government has gone to lengths to assure businesses that this new direction is “pro-growth and innovation-friendly”, with a focus on reducing barriers and ambiguation that sits within the current GDPR regulation. Regulation will be refocused to focus on the “outcomes that must be achieved, rather than prescribing how they are achieved”, with proposals to amend or remove some compliance regulation that are “disproportionately burdensome” for some businesses. The Government caveated this promise of deregulation, with the statement that data protection will remain “at the heart” of the planned reform suggesting this will be a careful balancing act between both data safety and regulatory unoppressive.
2. The regulator is under new management
Following a bumpy appointment process, New Zealand Privacy Commissioner John Edwards is set to take over the role of Information Commissioner under a new mandate which will see him “go beyond the regulator's traditional role". The Government intends for Edwards to balance both protecting rights and promoting "innovation and economic growth" as Commissioner, with Edwards himself stating that he intends to make privacy easy, both for industry to implement at low cost and consumers to exercise in an accessible way.
3. The world is watching
Whilst the Government has promised a bold new path for data, the UK will have to tread carefully, for if the EU deems the new regime to be inadequate, data transfers between the UK and EU could be frozen. News of the Government plans have already drawn a warning shot from the European Commission, with a spokesperson stating that an adequacy decision could be “suspended, terminated or amended at any time by the Commission” in the event of “problematic developments”.
Beyond that, the Government also recently announced its intention to strike data adequacy partnerships with the US, Australia and the Republic of Korea amongst others, with this new approach to data likely seen as a way of convincing these nations that UK’s data standards are adequate and compatible with their own. The Government will have to walk a careful line between carving its own path and satisfying the requirements of the EU’s GDPR regulation, if its intends to make its plan for data truly global.