Article
UK Public Consultation : “Data : A New Direction”
October 21st, 2021
Now that the United Kingdom has left the EU, it has the freedom to create a bold new data regime. The British Government has launched a consultation on its strategy to reshape the UK’s data protection regime, which intends to reform current regulation to aid growth, innovation and competition. If the proposals are adopted in full they would certainly ‘soften’ the law, but there’s to be no great bonfire of data protection law, with most of the basics staying firmly in place.
United Kingdom’s data protection regime
On 10 September, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation on reforms to the United Kingdom’s data protection regime as part of a post-Brexit overhaul. The stated aim is to ‘create an ambitious, pro-growth and innovation-friendly data protection regime that underpins the trustworthy use of data’. With the UK no longer bound to EU’s strict privacy rules, the government hopes revisions to its own privacy framework will unleash ‘the power of data across the economy and society’, Secretary of State for Digital Oliver Dowden said.
The British government is looking to reformat the Information Commissioner’s Office (ICO), which enforces the country’s privacy laws to also be used as a tool to boost the country’s data economy, including by supporting sectors like health care in using personal data.
The reforms outlined in this consultation will particularly:
- Strengthen their position as a science superpower, simplifying data use by researchers and developers of AI and other cutting-edge technologies;
- Secure the UK’s status as a global hub for the free and responsible flow of personal data – complementing its ambitious agenda for new trade deals and data partnerships with some of the world’s fastest growing economies and;
- Ensure that the ICO remains a world-leading regulator, enabling people to use data responsibly to achieve economic and social goals.
With this consultation, which runs until 19 November, the Commissioner and his office would like to encourage responses from a wide range of stakeholders to these issues raised within the DCMS data reform consultation. The DCMS seeks views from businesses, academics, lawyers, and digital rights campaigners on the proposals to “create a pro-growth and trusted data regime” that favours “common sense” over “box-ticking”. In fact, the DCMS is concerned that the current regime inhibits the use of personal data in scientific research.
The key points flowing from the Consultation are proposals to:
- Eliminate the balancing test associated with the “legitimate interests” ground in favor of certain “pre-approved” interests.
- Lower the compliance burden on organisations by introducing a materiality threshold for mandatory reporting of data breaches to the ICO; (re)introducing a fee regime for making Data Subject Access Requests (“DSARs”) and a costs threshold for response; as well as removing the requirement for organisations to obtain consent for the use of analytics cookies and
- Empower organisations by providing them with added flexibility for transfers and transfer mechanisms to countries where no adequacy decision exists.
There are also changes proposed to make the ICO more business-friendly and eliminate some of the operational burdens which, the Consultation argues, will create a “clearer mandate for a risk-based and proactive approach”. These include a new duty on the ICO to have regard for economic growth and innovation in discharging its function.
There is also an operational change proposed in that complainants must attempt to resolve matters with a controller prior to complaining to the ICO, and the ICO should set up criteria as to whether to investigate a given complaint. To sit alongside this, companies should have a simple and transparent complaints-handling process to alleviate some of the complaints that the ICO receives.
Although the government sees UK GDPR as providing an important regulatory framework, according to the consultation, it also believes that there are elements of the law that hinder innovation, largely because this relatively new regime lacks interpretation as well as case law.
There are also changes proposed to make the ICO more business-friendly and eliminate some of the operational burdens which, the Consultation argues, will create a “clearer mandate for a risk-based and proactive approach”. These include a new duty on the ICO to have regard for economic growth and innovation in discharging its function.
”‘Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society. These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic.’
Oliver DowdenDigital secretary
The reforms will examine whether the need to identify lawful grounds for processing personal data in scientific research creates barriers to innovation. The proposed changes come after Britain said it intends to strike data flows deals with the U.S., Australia, the United Arab Emirates, Singapore, South Korea and Colombia,Brazil, India, Indonesia and Kenya at some point in time. To establish data flows between the UK and abroad, adequacy agreements are required. DCMS is also seeking to reduce barriers to global data flows as the government hopes to establish trade deals with other countries now that it has left the EU.
