The UK government confirmed plans to reform the country’s data laws in today’s Queen’s Speech, which sets out its legislative programme for the months ahead. Details of the Data Reform Bill, which will replace the UK’s implementation of the EU’s General Data Protection Regulation (GDPR), have yet to emerge, but data minister John Whittingdale said at Tech Monitor‘s Digital Responsibility Symposium last week that the government plans to remove the “cumbersome aspects” of GDPR that have made people “risk averse” when it comes to sharing data.
Other experts at the event agreed that UK GDPR is ripe for reform, but called on the government to make sure that the benefits of data sharing are enjoyed by the “whole of society”. They added that the UK reforms could influence the evolution of data rules around the world.
In the speech to Parliament this morning, Prince Charles laid out the government’s intentions in a wide range of areas including data. “The United Kingdom’s data protection regime will be reformed,” he told MPs.
Details of the proposed changes have yet to be revealed, but Sky News reported earlier this week that a draft bill could emerge in a matter of weeks. The bill follows a consultation that closed last autumn, which attracted responses from across the tech community and beyond.
Data Reform Bill: Why is the UK moving away from GDPR?
The UK government has made clear its intention to move away from GDPR since leaving the EU, and hopes to establish a more agile regime. Proponents of the change, including chancellor Rishi Sunak, believe the UK can set its own data laws without endangering its data adequacy agreement with the EU, which allows data to flow between companies in the UK and EU.
However, this could be risky as, if the EU feels the UK government plans do not protect the data of its citizens sufficiently, the adequacy agreement could be revoked.
During a panel at Tech Monitor’s Digital Responsibility Summit on Friday, John Whittingdale MP, minister of state for media and data, said the government is not set on “dismantling GDPR”. “We continue to agree with the principles that underlie [GDPR], but we believe there are opportunities to deliver that standard of data protection in a less burdensome and obstructive way, which is why we’ve embarked on a programme of reform,” Whittingdale explained.
Whittingdale added that the government’s view is that GDPR has made people “risk averse”. “One of the things we’re keen to address is that people have become quite risk averse because of the complexities of GDPR and the different provisions and they’ve therefore tended to err on the side of caution and not share data,” he said. “We think there’s a lot of scope to clarify how the rules operate and remove some of the more cumbersome aspects.”
He added that UK GDPR reforms could help the government strike data-sharing agreements with other countries around the world, which would enable more data to flow freely. “The EU has been slow to reach data transfer agreements with third countries. We want to do that quickly and allow data to flow between us and them without impediment,” Whittingdale said. “It’s a big programme. A lot of it will require legislation.”
What should UK GDPR look like?
Other panellists agreed that some changes to GDPR could be beneficial. Bojana Bellamy, president of the Centre for Information Policy Leadership thinktank, said “a growing body of laws is stopping data flowing across borders and this is really impeding everybody from SMEs to large companies to consumers.”
She added that UK GDPR changes “can ensure better, more streamlined, less bureaucratic data flows so that we can all benefit from data. That means taking the next step from where GDPR is at the moment.”
Bellamy said that applying a less prescriptive approach could improve data flows. “That means not putting a burden on organisations that don’t create risks [around data], but doing it for those where there could be risk,” she explained. “GDPR is very prescriptive and I think the effect is bureaucracy and not effective protection or data use.
“Provisions on better use of data for research, both scientific and private R&D, is critical,” Bellamy added. “GDPR hasn’t quite enabled that, and some of the tweaks the UK could make will enable that to work better.”
She said that other countries will be looking to the changes coming to UK law as a guide to how their data regimes should develop. “This is going to have an impact on the rest of the world, including Europe, to evolve these rules.”
The new laws must ensure everyone in society can benefit from free data flows, argued another panellist, Dr Mahlet Zimeta, head of public policy at the Open Data Institute. “It’s really important that the benefits of changes and the digital economy as a whole must be inclusive and sustainable,” she said. “We must make sure economic growth arising from data flows is inclusive and benefits all communities, not just multi-national corporations or social groups that are already benefiting.
Data flows have a role to play in this, Dr Zimeta explained. “We must ensure data is representative and relevant to a wide range of use cases and not just highly commercial, highly lucrative, ones, use cases that are relevant and useful to all communities,” she said. “That’s what I’d like to see, a regime that ensures data works for the whole of society.”