How the UK plans to change its data privacy rules post-Brexit

27 Aug 2021

Image: © ZinetroN/Stock.adobe.com

The UK plans to move away from EU data rules by removing ‘unnecessary barriers and burdens’ with overhauls ‘based on common sense, not box-ticking’.

The UK is looking to move away from EU data protection regulations with a new post-Brexit strategy for data.

Announced this week by UK digital secretary Oliver Dowden, the proposed package of measures is intended to “seize the opportunities of data” to boost growth, trade and improve public services, but could mean significant changes in how the UK treats data.

The government said there was potential to unlock more trade and innovation by reducing “unnecessary barriers and burdens” on international data transfers, which it hopes will result in faster, cheaper and more reliable products for UK consumers.

It plans to prioritise establishing data deals with certain countries now that it has left the EU, including the US, Australia, Singapore and South Korea.

But the proposals would mark a departure from the stringent data laws set out by GDPR in the EU. These controversial regulations, which came into effect three years ago, are still currently part of UK law as they were introduced in the country’s 2018 Data Protection Act.

Dowden suggested that the freedom to now make reforms could lead to changes such as an end to website cookie pop-ups.

Who is the new information commissioner?

The UK government said that a new information commissioner would be appointed to oversee the overhaul in data rules. John Edwards, the current New Zealand privacy commissioner, was named as the preferred candidate for the role.

It emphasised that this role would go beyond focusing only on data rights and would have a clear mandate to “take a balanced approach that promotes further innovation and economic growth”.

‘I look forward to the challenge of steering the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all’
– JOHN EDWARDS

“It is a great honour and responsibility to be considered for appointment to this key role as a watchdog for the information rights of the people of the United Kingdom,” Edwards said.

“There is a great opportunity to build on the wonderful work already done and I look forward to the challenge of steering the organisation and the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all.”

What is data adequacy?

The term ‘data adequacy’ is central to the UK’s plans. Data adequacy agreements for international transfers of data can be made when two countries have similar levels of data protection in place.

When a country meets the adequacy requirements, it means that personal data can be transferred to that country freely under the terms of the relevant agreement.

The UK government said that new adequacy partnerships would make it easier for UK organisations to exchange data with other markets.

‘It means reforming our own data laws so that they’re based on common sense, not box-ticking’
– OLIVER DOWDEN

“Now that we have left the EU, I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK,” said Dowden.

“That means seeking exciting new international data partnerships with some of the world’s fastest-growing economies, for the benefit of British firms and British customers alike.

“It means reforming our own data laws so that they’re based on common sense, not box-ticking. And it means having the leadership in place at the Information Commissioner’s Office to pursue a new era of data-driven growth and innovation. John Edwards’s vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals.”

What does this mean for the EU?

The EU will be watching what this announcement means for its citizens. The UK currently has a data adequacy agreement with the EU, after a deal was reached in June, but that could be impacted if UK changes diverge too far from EU data and privacy standards.

There are already issues when it comes to data transfers between the EU and the US.

At a press briefing on Thursday (26 August), the European Commission was asked if it had been consulted on the matter and if it would be flexible in that area.

“We have seen the announcement. We do not comment on announcements, as you know,” said EU spokesperson Christian Wigand.

“We do, however, monitor very closely any developments related to the UK’s data protection rules. When adopting the UK adequacy decisions, the commission was fully aware of the risk of possible further divergence of the UK system from the EU system.

“This is why in the case of problematic developments that negatively affect the level of protection found adequate, the adequacy decision can be suspended, terminated or amended at any time. This can be done immediately in the case of justified urgency, so we will continue to ensure that Europeans’ data will be protected by strong safeguards when crossing the channel.”

Sam Cox was a journalist at Silicon Republic covering sci-tech news

editorial@siliconrepublic.com