Currently, the UK’s data protection laws draw from the EU’s General Data Protection Regulation (GDPR). However, it has expressed disappointment with the overall complexity of the regulation in the past. Following Brexit, lawmakers are seizing the opportunity to create what they call a more result-oriented and flexible data protection regime. It is currently unclear what exactly these reforms will entail, and concerns remain regarding the impact they would have on data flows between the EU and UK, and data protection for British citizens.
UK Wants Data Reforms Focused on “Outcomes”
The press briefing notes of the Queen’s Speech provide key information on the aims and goals behind the data protection reforms, but no details on actual legislation as of yet. While a draft of the bill likely won’t appear for months, the UK government has eyed Brexit as an opportunity to move away from a stringent and burdensome GDPR regime. The country has previously expressed its dissatisfaction with the EU’s data regulation while also showing an intent to create a better framework. In particular, prime minister Boris Johnson’s legislative goals are to provide a “pro-growth and trusted” framework, which does not encourage unnecessary paperwork, or place excessive “burdens on businesses” as the current law does. Officials also said the reforms will benefit the country’s economy, allow for greater scientific innovation, and improve the lives of its citizens. To round it off, government officials said the data reforms should be focused on outcomes and results, rather than simply checking off boxes and meeting requirements. This falls in line with what the UK has said previously, and was one of its main criticisms of the GDPR.
Reforms to Empower Data Watchdog
Another stated purpose of the reforms bill is to “modernize” the Information Commissioner’s Office (ICO). The ICO is the country’s data protection authority, and its main task is to ensure that companies comply with the UK’s data protection rules. Without revealing much information, the Government said that the bill will give the ICO the powers and capabilities to take stronger action against violators. Furthermore, the ICO will also be more accountable to parliament and the public. The third stated purpose is to increase industry participation in “smart data schemes.” This is an initiative that the UK government has actively worked on over the last year. It seeks to give individuals and small businesses more control over their data, such as assigning a trusted third party to make the best use of their data. The government said this will have great benefits in the healthcare treatments as it will improve health and social care data sharing. The UK government also said it supports improving data sharing between public bodies. Officials stated that data must be protected to a “gold standard,” while also enabling efficient sharing to improve public service delivery.
Possible Conflict with GDPR
Currently, the free flow of data is based on an agreement that the EU and UK signed last year. Any changes to the status quo will lead to a review of that agreement. The GDPR places a very high threshold of data protection on companies within the EU. Furthermore, it places a burden on other countries to maintain similar levels of data protection. Without such protections, data cannot flow freely between the EU and the other country in question. The EU’s rationale is that this ensures the safety of EU citizens’ data. The UK estimates that more efficient data flows could lead to a £27.8 billion increase in the country’s GDP. The government has said it will maintain a high level of data protection even with the reforms. However, it remains to be seen if these reforms can co-exist with the GDPR. The UK would still need to maintain the free flow of data and have access to the EU market.