cutimage - Fotolia
With the publication of the government’s Statement of Intent for the Data Protection Bill, we now have a clearer idea of what the UK’s data protection framework will look like in the coming years.
The devil may well be in the detail, but what we have seen so far is an indication that the government will honour its commitment to implement the EU General Data Protection Regulation (GDPR) into domestic law.
GDPR, almost five years in the making, represents the most significant reform to data protection rules in 20 years, and will take effect from 25 May 2018.
This means there is only a limited amount of time for the Data Protection Bill to pass through the legislative process.
The new bill should have the clearly defined purpose of implementing GDPR, which the Statement of Intent suggests will be the case. If so, the tech industry hopes the bill will receive support from all sides of the house during the parliamentary process.
This should not be seen as an opportunity to address wider concerns, as doing so may frustrate the aim of updating data protection rules fit for the digital economy we now operate in.
Instead, the bill should focus on developing a culture of data trust and confidence in the UK, so that consumers and citizens understand, and have control over, how their data is used. Data-driven innovation leads to a wide range of benefits to citizens, from the greater personalisation of goods and services to the improved delivery of public services.
Citizens need confidence
The data economy is expected to be worth £241bn to the UK economy by 2020. At the heart of achieving this is ensuring that citizens have confidence in the way their personal information is used and so it is right to update our data protection framework.
The UK is already a world leader in both data-driven innovation and data protection, having been one of the key players during GDPR negotiations. As Elizabeth Denham, the Information Commissioner and digital minister Matt Hancock have rightly pointed out, innovation and data protection go hand in hand.
These new rules will not only affect tech companies. Data has become fundamental to the way organisations of every size and sector, both public and private, operate. As such, these proposals will impact the entire economy. In part, this is due to the expanded definition of personal data in GDPR to include pieces of information such as location data, IP addresses and employment details.
Any organisation that handles personal data will need to be aware of their new responsibilities and the new rights and controls consumers have. Having more clarification on the government’s intentions is therefore an important step forward in guiding organisations about the laws they will have to comply with from next May.
Finally, the Data Protection Bill must also be seen in the context of Brexit. The UK accounts for 3% of global GDP yet 11% of global data flows go through the UK – much of which is personal data. The government’s commitment to implement GDPR is a vital piece in the wider puzzle of ensuring data can continue to flow freely between the UK and EU post-Brexit.
Frictionless data flow
The frictionless free flow of data will be a key element of making a success of Brexit for the UK and the tech sector. Updating the UK’s data protection laws to mirror the EU’s will help in that aim.
The importance of data flows cannot be underestimated in the increasingly digital economy we live in. The economy increasingly relies on the ability to transfer data across borders. Over 70% of trade in services are enabled by data flows. Failure to ensure data flows can continue post-Brexit will cause many businesses, from fintech, professional services and media to automotive and aerospace, to face a stark cliff edge.
If the government wishes to achieve its aim of a post-Brexit global Britain, underpinned by free trade agreements with countries around the world, securing an adequacy agreement with the EU to facilitate the free flow of data will be fundamental.
Updating data protection laws is necessary to achieve consumer trust and confidence, which will in turn allow the UK to remain a world leader in data innovation. Clarity on the government’s intentions is helpful for all organisations that handle personal information, and should help secure frictionless data flows between the UK and EU, through an adequacy agreement.
The Data Protection Bill is a vital element of the UK’s global Britain ambitions. Citizens and businesses will only be able to realise the benefits that a modern open data-driven economy offers if the bill is clearly defined and has a swift passage into law.
Read more about data protection
- Despite the focus on data protection, many organisations are still leaving their data wide open for attack.
- A Computer Weekly buyer’s guide to EU General Data Protection Regulation.
- Information Commissioner’s Office fines TalkTalk for putting up to 21,000 customers’ details at risk of exposure prior to September 2014.