View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
  2. Privacy and data protection
August 27, 2021updated 31 Aug 2021 6:28pm

Is the UK steering its data laws away from GDPR?

The UK government has unveiled plans to create "a world-leading data policy" that removes barriers to innovation and growth. Observers are divided on whether this means divergence from GDPR.

By Cristina Lago

The UK government unveiled plans this week to create “a world-leading data policy” that delivers a “Brexit dividend” following the country’s departure from the EU. These include plans to negotiate new data adequacy agreements with the US, Singapore, South Korea and Australia; the appointment of its intended candidate for Information Commissioner; and the launch of a consultation on reforming the UK’s data laws to “break down barriers” to innovation and growth.

Industry bodies have welcomed the initiative to unlock innovation and trade for post-Brexit UK, but other groups are concerned that the new data adequacy agreements and forthcoming reforms could be detrimental to privacy standards – and that the UK’s adherence to GDPR, the EU’s data protection rules, could be dropped altogether.


Culture secretary Oliver Dowden told The Telegraph that GDPR is hindering scientific research. (Photo by KIRSTY O’CONNOR/POOL/AFP via Getty Images)

Is the UK committed to GDPR?

techUK, which represents the technology industry, welcomed DCMS’s “ambitious announcements” and its intended use of data assets to drive innovation. The body warned of the need to build public trust in how data is shared, but is reassured by the government’s commitment to data protection, it says.

“The DCMS announcement puts a commitment to high data protection standards central to its aims and we expect the consultation announced today to be an evolution of the existing UK data protection framework based on the GDPR,” Matthew Evans, techUK’s director of markets told Tech Monitor in a statement.

Other commentators are less convinced of the UK’s commitment to GDPR, however, following an interview with secretary of state for digital, culture, media and sport Oliver Dowden in The Telegraph earlier this week. The minister said that GDPR rules are limiting scientific research and are overwhelming small businesses and charities with red tape. He said that he wants to get rid of “endless” cookie banners and that many consent notices are “pointless”.

Sam Smith, policy lead at medical privacy advocate group medConfidential, believes this week’s announcements confirm public fears that the government plans to sell off NHS data, prompted by the much-criticised General Practice Data for Planning and Research (GPDPR) scheme.

“At a time when the Department of Health is working out how to reassure the public about their plans for GP data, DCMS announces plans which show public concern is well-founded,” Smith told Tech Monitor. “Perhaps they should talk to each other before making promises they will then break.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Can the UK strike new data adequacy deals while upholding GDPR?

Whatever the government’s intentions, the UK’s ability to adhere to GDPR may be jeopardised by its plans to forge new data adequacy agreements, which allow personal data to cross borders without additional compliance measures, with its major trading partners.

The UK has data adequacy agreements with 42 countries, the government says, including the 27 member states of the EU. New agreements with its high-priority trading partners – the US, Australia, South Korea, Singapore, the Dubai International Finance Centre (DIFC) and Colombia – would be worth billions of pounds in additional trade, it says.

These new agreements would help "remove unjustified barriers to international data transfers," wrote Dowden and minister for media and data John Whittingdale in the government's mission statement for data transfers, published yesterday.

US-based data privacy consultant Debbie Reynolds says that while it is possible for the UK to strike these deals without its data laws diverging from GDPR, trading partners may seek business-friendly concessions. "This move could create complications for the UK if countries see [data adequacy agreements] as a way for them to bypass GDPR,” Reynolds says.

“Transparency will be key in how the UK handles its adequacy partnerships and also how it intends to retain its own adequacy relationship with the EU," she adds.

The mission statement lays out the process of assessing a country's data adequacy and the alternative mechanisms that organisations can use to transfer data when such agreements are not in place, such as standard contract clauses and binding corporate rules.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.