The U.K.'s biggest political parties have, in the last couple of weeks, set out a range of data-protection promises as part of their manifestos ahead of the general election that will take place June 8. But a look at the manifestos reveals conflicting plans and agendas, with the Conservative Party drawing much of its plan from the General Data Protection Regulation, the Tories gunning for a new data protection law with some similarities to the GDPR but some marked differences, and the Liberal Democrats promising to fight the Conservatives' plans to do away with encryption, claiming it helps terrorists communicate.
If it retains power — as it is almost certain to do — the Conservative Party has promised to censor illegal content from the internet, force social media and online communications firms to pay a new levy "to support awareness and preventive activity to counter internet harms," and lead the formulation of rules that it hopes will govern the internet around the world.
"Some people say that it is not for government to regulate when it comes to technology and the internet. We disagree," the manifesto reads. "While we cannot create this framework alone, it is for government, not private companies, to protect the security of people and ensure the fairness of the rules by which people and businesses abide. Nor do we agree that the risks of such an approach outweigh the potential benefits."
Much of what the Conservatives say about data protection is drawn directly from the European Union's General Data Protection Regulation, which will come into effect in a year's time before the U.K. leaves the EU in March 2019. Even after Brexit, these elements will remain part of U.K. law for a time, while the government decides which parts of the EU-derived law it wants to keep and which it wants to bin.
The Tory manifesto says the U.K. will get a new data protection law, but it suggests that many GDPR-derived elements will persist in the country. The Conservatives say they would "require major social media platforms to delete information held about them at the age of 18," (the GDPR, of course, mentions no such age limit). The manifesto maintains that people will be able to "access and export personal data" and expect that "personal data held should be stored in a secure way."
There are a couple of interesting details in the manifesto about the public sector. The Conservatives intend to "rationalise the use of personal data within government" by adopting an Estonia-esque "once-only principle" that gets rid of duplication across disparate government systems. They are also promising to introduce a new statutory footing for the National Data Guardian for Health and Social Care — this is the body that last week said there was no legal basis for the National Health Service giving Alphabet's DeepMind subsidiary access to the identifiable personal data of 1.6 million patients to develop an app for predicting kidney disease.
There will be a new "Data Use and Ethics Commission to advise regulators and Parliament on the nature of data use and how best to prevent its abuse." A new U.K. digital charter will be accompanied by moves toward an "international settlement" on the "global rules of the digital economy" — here, the Conservatives claim international banking and trade rules provide a precedent.
The Tories may want international rules, but certain elements of their domestic proposals would prove highly controversial if any attempt was made to transpose them to the global stage — particularly, rules regarding censorship and control.
"We will establish a regulatory framework in law to underpin our digital charter and to ensure that digital companies, social media platforms and content providers abide by these principles," the manifesto states. "We will introduce a sanctions regime to ensure compliance, giving regulators the ability to fine or prosecute those companies that fail in their legal duties, and to order the removal of content where it clearly breaches U.K. law."
The manifesto also talks about putting "a responsibility on industry not to direct users — even unintentionally — to hate speech, pornography or other sources of harm." As Paul Bernal, an IT lecturer at the University of East Anglia Law School, noted, intermediaries operating in the U.K. may end up losing the "mere conduit" protection that they currently enjoy under the EU's e-Commerce Directive.
"They're probably looking at bringing in much more general monitoring and surveillance, and that puts the intermediaries into a dilemma," Bernal told The Privacy Advisor. "They'd like to do more surveillance, but in another way, they don't want to because they don't want to be seen as the bad guys.
"The impression I got from the manifesto is that quite a lot of it is longer term — are setting out their stall for their long-term vision of the internet," Bernal added. "They can't do it, in one way, but what they can do toward trying to do it will have significant consequences. It will mess up our internet in a lot of ways, creating a lot of pain for a lot of people. I don’t think they really can control the internet, though."
The Conservatives are also keeping up their anti-encryption rhetoric, with their manifesto warning that "we do not believe that there should be a safe space for terrorists to be able to communicate online and will work to prevent them from having this capability."
This is where the Tories' promises diverge most significantly from those of the Liberal Democrats, their former coalition partners (from 2010 to 2015), who are now polling in third place. They say they will "oppose Conservative attempts to undermine encryption."
The Lib Dems have also staked out their opposition to the enhanced surveillance powers that the Tories introduced in last year's Investigatory Powers Act, claiming they would "roll back state surveillance powers by ending the indiscriminate bulk collection of communications data, bulk hacking and the collection of internet connection records." Indeed, while they were part of the ruling coalition, the Lib Dems held the Tories back from introducing their "Snooper's Charter" — the bill only went through once the Conservatives were governing independently.
On the subject of online power, the Lib Dems say they would "introduce a Digital Bill of Rights that protects people’s powers over their own information, supports individuals over large corporations and preserves the neutrality of the web." They also say they would consider giving the U.K.'s communications and competition regulators "appropriate powers to deal with concentrations of power in the digital economy."
The Labour Party, which is currently polling in second place with a predicted 34 percent of the national vote to the Tories' 46 percent and the Lib Dems' 8 percent, says barely anything in its very lengthy manifesto about data matters: "Labour is committed to growing the digital economy and ensuring that trade agreements do not impede cross-border data flows, whilst maintaining strong data protection rules to protect personal privacy."
If you want to comment on this post, you need to login.