/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.
UK to restructure data policy and underpin innovation post-Brexit

UK to restructure data policy and underpin innovation post-Brexit

Oliver Dowden, the UK Secretary of State for Digital, Culture, Media and Sport, has announced that new ‘data adequacy’ partnerships will be struck with the likes of the US, Australia, and the Republic of Korea.

In this post-Brexit shake-up to go beyond GDPR, the new UK Information Commissioner John Edwards will be tasked with leveraging the potential of data for innovation, supporting the global digital economy, applications, and cloud computing systems.

Now that the UK has left the European Union, a consultation is scheduled to be released with the intention of increasing trade through a data regime.

In addition to collaborating with the US, Australia and the Republic of Korea, the UK will look to partner on data adequacy with Singapore, the Dubai International Finance Centre and Colombia. India, Brazil, Kenya, and Indonesia are also being prioritised.

The UK Government announcement also reveals that following data protection standard assessments, the new data adequacy partnerships will “build significantly on the £80 billion of data-enabled service exports to these 10 destinations from the UK every year.”

Referencing UNCTAD research, the announcement also calls out that “as much as £11 billion worth of trade that goes unrealised around the world due to barriers associated with data transfers.”

The intention of this programme is to ultimately ensure seamless data exchange between markets, build on the existing 42 adequacy agreements in place and drive growth while maintaining high protection standards.

Digital Secretary Oliver Dowden said: “Now that we have left the EU I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK.

“That means seeking exciting new international data partnerships with some of the world’s fastest growing economies, for the benefit of British firms and British customers alike.

“It means reforming our own data laws so that they’re based on common sense, not box-ticking. And it means having the leadership in place at the Information Commissioner’s Office to pursue a new era of data-driven growth and innovation. John Edwards’s vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals.”

The Guardian reports that this development would be a step change in the pursuit of improving GDPR and its “strict restrictions on what data controllers can do with individuals’ personal data” and “over-reliance on consent-based permissions.”

Speaking to The Guardian, Eduardo Ustaran, co-head of the global privacy and cybersecurity practice at Hogan Lovells, highlights that: “The UK is starting to show that there is room for diversion from EU data protection law whilst still retaining the GDPR as a framework. What this means in practice is that the way in which international data flows are approached is not identical to the way the same data flows are treated in the EU, but this doesn’t necessarily mean that the protection is going away.

“What the UK government is testing is our ability to recognise that the protection of personal data around the world comes in different shapes and forms, but can still be effective. The appointment of John Edwards as the next information commissioner is a vote for no-nonsense and pragmatism for the future of data protection regulation,” Ustaran continues.

At the start of 2021, the European Commission announced that it was set to continue allowing personal data flow freely between the EU and the UK post Brexit, issuing a draft decision that the UK's data protection standards are "essentially equivalent" to the EU's and should be found to be "adequate".

On this, said Dowden: "Although the EU’s progress in this area has been slower than we would have wished, I am glad we have now reached this significant milestone following months of constructive talks in which we have set out our robust data protection framework."

In June 2020, EDPB chair Andrea Jelinek wrote to the European Parliament, raising concerns over the UK's "adequacy". Specifically, Jelinek questioned whether a deal between the UK and US would ensure "continuity of protection" of EU data being transferred on to the States.

Comments: (0)