Greetings from London!
In the public policy arena, August tends to be a quiet month across Europe. National parliaments are in recess while ministers and officials use the downtime to rest and recuperate. It, therefore, came as a surprise to see a raft of data protection policy announcements from the U.K. government on 26 Aug.
Was there anything to be inferred by the timing? Perhaps it was an attempt to set an ambitious policy agenda ahead of the busy autumn season when the machinery of government cranks up again, and policymakers jostle to get their ideas into the spotlight.
Five years on from the EU General Data Protection Regulation coming into force and three years on from GDPR going live, is there room for an ambitious new approach to data protection? The U.K. government certainly thinks so. As a precursor to the official announcements, Oliver Dowden, the government’s digital secretary, detailed his plan in an interview with The Telegraph.
In relation to the GDPR, the article reports that Dowden said, “There’s an awful lot of needless bureaucracy and box-ticking and actually we should be looking at how we can focus on protecting people’s privacy but in as light a touch way as possible.” He added, “We should not expect exactly the same from a small family-run business as we do from a massive social media company.”
The government’s official announcements provide more details of the U.K.’s post-Brexit plans for data protection, which it claims will “boost growth, increase trade and improve healthcare.” It includes an ambitious plan to form global data adequacy partnerships with countries such as Australia, Colombia, Singapore, South Korea, and the U.S., as well as the Dubai International Finance Centre.
Additionally, the government has named New Zealand’s current privacy commissioner, John Edwards, as the preferred candidate to succeed Elizabeth Denham as U.K. Information Commissioner.
Edwards said, “There is a great opportunity to build on the wonderful work already done and I look forward to the challenge of steering the organisation (the Information Commissioner’s Office) and the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all.”
This statement appears to align with the government’s intention to empower the new commissioner “to go beyond the regulator’s traditional role of focusing only on protecting data rights, with a clear mandate to take a balanced approach that promotes further innovation and economic growth.”
Edwards will appear before Parliament’s Department for Digital, Culture, Media and Sport committee in a pre-appointment hearing 9 Sept. No doubt, the evidence that Edwards provides to the MPs will be pored over in detail by commentators who have taken a somewhat critical interest in the performance of the ICO in recent years.
Lastly, the government said it will consider reforms to U.K. data protection law to boost growth in the digital economy, assist small enterprises and encourage startups to grow their digital businesses in the U.K.
In effect, the U.K. appears to be positioning itself to become a dynamic data hub able to leapfrog over the EU’s adequacy plans, while gaining first-mover advantage in reforming laws that could potentially establish an alternative data protection standard for the wider world.
Skeptics may argue the trade-off for such an approach will be diluted data protection standards in the U.K. and greater risks to individuals’ privacy rights. This could put the U.K.’s hard-won European Commission adequacy decision at risk. However, data protection continues to evolve rapidly, and we think the U.K.’s plans should be monitored closely by industry, government and other experts in the field.