The United Kingdom (UK) government has launched a consultation to reform the country’s data protection regime to reduce barriers to innovation. It also has plans to reform the Information Commissioner’s Office (ICO). A press release said that unlocking the power of data is one of the government’s 10 tech priorities. Hence, it wants to create an “ambitious, pro-growth and innovation-friendly data protection regime that underpins the trustworthy use of data.”
The Department for Digital, Culture, Media & Sport (DCMS) has issued the consultation.
The UK Data Protection Regime
After leaving the European Union, the UK Parliament amended its Data Protection Act, 2018, and passed the Data Protection, Privacy Electronic Communications (Amendments, etc.) (EU Exit) regulations on 14th October 2020. Basically, these amendments absorbed the GDPR into domestic law (UK GDPR)- into the Data Protection Act, 2018. These laws mirror the GDPR to a great extent but deviate in some areas.
The European Commission has already granted a data adequacy decision favoring the UK. It concluded that the data protection system continues to be based on the same rules that were applicable when the UK was a Member State of the European Union.
Reforms brewing up
Earlier in June, a Special Taskforce advised the UK PM to replace the existing data protection rules with a new framework. The task force, comprising of three senior Conservative MPs, remarked the GDPR to be “prescriptive and inflexible.”
The task force opined that existing compliance obligations are cumbersome, consent mechanisms are impractical, and the rules also limit how companies can develop artificial intelligence systems. In particular, it said that Article 5 [Principles relating to processing of personal data] and Article 22 [Automated individual decision-making] should be scrapped.
“The EU’s General Data Protection Regulation (GDPR) aims to give people protection over their data privacy and confidence to engage in the digital economy, but in practice, it overwhelms people with consent requests and complexity they cannot understand, while unnecessarily restricting the use of data for worthwhile purposes.”
However, the present consultation seems to have retained similar provisions.
The government says the UK needs agile and adaptable data protection laws that enhance its reputation as a hub for data-driven business that respects high standards of data protection.
The Consultation presents proposals that build on the key elements of the current regime, such as the principles of data processing. However, it will examine if the need to identify lawful grounds for processing personal data in scientific research creates barriers to innovation.
It also seeks to reduce barriers to global data flows and help establish trade deals with third countries. Since the UK is data adequate, it will require adequacy agreements to potentially partner with countries like the US, Australia, and South Korea. DCMS proposes that rather than basing such agreements entirely on the letter of the law, they should be based on material risk and the envisaged real-life outcomes to data subjects.
The proposals also aim to restructure the ICO to mirror other UK regulators such as the Financial Conduct Authority or the Competition and Markets Authority. John Edwards, present New Zealand privacy commissioner is expected to replace Elizabeth Dunham. Privacy campaigners have criticised her for failing to take adequate enforcement decisions.