The UK’s data protection laws face being reformed to be more business-friendly as the government aims to spur economic growth following the downturn caused by the COVID-19 pandemic.
The digital secretary Oliver Dowden said that Britain should take a “slightly less European approach” to privacy, referencing the EU’s General Data Protection Regulations (GDPR), “by focusing more on the outcomes that we want to have and less on the burdens”.
He spoke as the Department for Digital, Culture, Media and Sport celebrated the country’s technology industry, which it said was advertising 116,000 jobs in March “representing a recovery to pre-pandemic levels” and up from 85,000 vacancies in January.
“As we move from sustaining the economy [during the pandemic], to the real drive for growth – and goodness knows, we’re going to need a huge amount of growth – digital and tech are absolutely at the forefront of that,” said Mr Dowden.
“I’m seeking to set out where we are going to go with data now that we have left the European Union and are not subject to EU jurisdiction.”
Although the UK is not directly subject to the EU’s jurisdiction, it is still dependent on the European Commission assessing that its data protection laws are adequate enough to ensure EU citizens’ data is not put at greater risk when in the UK.
The European Commission published a draft data adequacy decision in February which found the UK’s data protection regime was largely identical to its own, but some experts warn that reforms and trade deals could challenge that assessment.
There are no plans to immediately introduce new legislation, but the secretary of state cited the “can-do attitude” of the Information Commissioner’s Office during the pandemic as an opportunity to begin developing the British model of data protection.
“I think there’s a chance in appointing the new Information Commissioner – I’m looking for somebody that is not just focusing on data through a negative prism of how we stop harms, but also driving growth opportunities, both through public policy, but also through creating opportunities for business.
“I’m very keen that we ensure that we continue to have strong data protections and indeed that’s why the EU has provisionally recognised us as data adequate, but I think there’s real opportunities for driving growth in respect of data,” he added.
One of the strategic questions the UK faces following Brexit is how it navigates the differing models regarding data protection used between the world’s major powers.
Mr Dowden said: “Clearly countries like China have a very strong state role, if you look to the US they have the interests of very large tech companies predominate them, and I think the EU increasingly looks to a slightly more protectionist view of data.
“I think there’s a sweet spot for the UK whereby we hold on to many of the strengths of GDPR in terms of giving people security about their data – and I’d be very worried if, in reforming our data laws, people’s confidence in sharing data was undermined. GDPR provides a baseline for that.
“But there are obvious areas where I think we can make more progress,” Mr Dowden added.
Among those is quickly concluding data adequacy agreements with third countries outside of the EU, something which the secretary of state said the bloc has been “very slow” at.
“Clearly I’ll be looking to consult and engage with industry about how we achieve that, and with wider civic society. We’re not going to move precipitately but I do think there’s an opportunity to have a more pro-growth, more pro-public policy approach,” he added.