DCMS announces global data plan for the UK after Brexit

0


How is the UK becoming a “business friendly” country for international data transfers?

The key to take away

The British government has announced that it will promote “data-driven” economic growth. As part of the new post-Brexit data plans, data adequacy partnerships with the US, Korea, Singapore, Dubai and Colombia will be prioritized and an international data transfer expert council will be set up to discuss future guidelines.

The background

The government had previously stated in its National Data Strategy (NDS) that it would reform the UK’s data protection regime after the UK left the EU. After a consultation, the Department for Culture, Media and Sport (DCMS) released a report earlier this year confirming that their new strategy will continue to maintain high data protection standards while removing barriers to data transfer in the interests of business promotion. The aim of the reforms is to increase trade and improve public services through data sharing.

As part of its announcement, the DCMS has appointed New Zealand Data Protection Officer John Edwards as the UK’s next Information Commissioner. In interviews, Mr. Edwards said that the reform of data protection regulationsone of the big prices when leaving the EU” and the “There is a lot of unnecessary red tape and ticking of boxes and really we should think about how we can focus on protecting people’s privacy, but in the easiest possible way”.

The development

The reform package has now been announced, including:

  • a new set of partnerships on data adequacy
  • an international council of experts in data transfers and
  • a renewed consultation on how the future data protection regime should work.

With the UK no longer a member of the EU, the government can now choose which countries to list with adequate data protection laws. To determine the adequacy of the land, the government will consider the rule of law, the existence of a regulator, and international agreements that that land has entered into.

If a country is deemed appropriate, organizations are free to transfer personal data between that country and the United Kingdom provided they comply with the relevant adequacy decisions. The government announced that it would prioritize adequacy partnerships with the US, Australia, South Korea, Singapore, Dubai and Colombia. In its accompanying mission statement, the government also set out its intention to use these partnerships as an engine for international trade.

With regard to adequacy assessments, the government has published a UK template manual which contains questions to ensure that the relevant information is gathered regarding a country’s privacy landscape and its adequacy.

The Data Transfer Expert Council will be composed of 15 people from science, industry and society and will work on ways to remove obstacles to the flow of cross-border data. The aim is for the council to provide a wide range of expert opinions to inform future government policy.

Finally, the government will reform the UK’s data protection regime and has announced a consultation on changes that can make it easier to move data responsibly and with less burden for smaller businesses and startups. The ICO announced its plans for this in the form of a consultation at the end of August.

Why is that important?

The UK appears to be taking a very commercial, business-friendly approach to data protection which many organizations can welcome. This represents a significant deviation from the EU framework and requires it. The current proposals aim to protect personal data protection and equivalence with the EU while removing certain barriers to transfer. However, the government press release highlights that maintaining high data protection standards will be a priority.

The EU will certainly keep a close eye on these developments, and in particular UK data adequacy, if UK law deviates too far from the EU approach.

Any practical tips?

The UK’s privacy landscape is likely to change significantly over the next 18 months. It is therefore important that all stakeholders in organizations dealing with personal data stay informed of any announcement and contribute to consultations when the opportunity arises.


Share.

Comments are closed.