Government unveils post-Brexit data flow proposals

The government will pursue data partnerships with countries including Australia, South Korea and the US as part of a post-Brexit data regime that may also see substantial changes to the UK’s data protection law

The government has announced plans to pursue a series of global data adequacy partnerships with Australia, Colombia, Dubai, Singapore, South Korea and the US, and will look to prioritise the addition of India, Brazil, Kenya and Indonesia to that list, as it bids to overcome data protection barriers blocking trade it estimates to be worth £11bn per annum.

The proposed agreements come alongside a number of proposed measures to increase trade and innovation through tweaks to the UK’s data regime, and the appointment of New Zealand’s current privacy commissioner John Edwards as the UK’s next information commissioner.

“Now that we have left the EU, I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK,” said digital secretary Oliver Dowden.

“That means seeking exciting new international data partnerships with some of the world’s fastest growing economies, for the benefit of British firms and British customers alike.

“It means reforming our own data laws so that they’re based on common sense, not box-ticking. And it means having the leadership in place at the Information Commissioner’s Office [ICO] to pursue a new era of data-driven growth and innovation.”

The government hopes the new partnerships will build significantly on a collective £80bn worth of data-enabled service exports from the UK to those countries. It said it wanted to move “quickly and creatively” to develop these partnerships to make it easier for British businesses to exchange data with important, fast-growing markets, supporting trade, investment, crime-fighting, public service delivery and research, while driving more growth and creating more jobs in the UK.

The government will also soon open a consultation on the future of the UK’s data protection and oversight regime, with the intention of making it “more ambitious, pro-growth and innovation-friendly” without undermining current high standards of privacy and information security as contained in the General Data Protection Regulation (GDPR).

The consultation will specifically target barriers to innovative and responsible use of data to enhance scientific research, improve public service delivery, and support new startups and small businesses.

Overseeing this new data regime, the government said it would empower the ICO to go beyond its traditional role of merely protecting data rights, with a new mandate to balance strict data protection with ease of innovation and economic growth.

TechUK director of markets Matthew Evans welcomed the government’s plans. “This set of ambitious announcements is welcome. Data is a foundational asset for modern societies, creating accessible and trusted routes for businesses, civil society and researchers to access data from around the world will help drive innovation and create better digital services. 

“However, these new routes must be trusted and command the confidence of the public. TechUK therefore welcomes the technical assessment criteria and commitment to high privacy standards laid out by the government. Both of these will be vital to maintaining access to existing data flows, such as from the EU as well as opening up global opportunities,” said Evans.

“The announcement of a new preferred candidate for information commissioner as well as the government’s intention to consult on reforms to improve the UK’s data protection regime mark an exciting development in the implementation of the UK’s National Data Strategy. TechUK and our members look forward to working with the government and the regulator as these proposals are developed,” he added.

But Mishcon de Reya data protection partner Adam Rose was more cautious in his assessment. “Squaring the circle of giving citizens and consumers more control over how their data is used, while also giving business and government greater freedoms to use that data, will be the big challenge,” he said. 

“Coming just a couple of months after the EU Commission granted the UK an adequacy decision in relation to its post-Brexit data protection regime – on the basis that the UK law was essentially equivalent to the EU GDPR regime – today’s announcements put the UK on a collision path with the EU, but also more widely with civil society organisations, with the likelihood of serious domestic data litigation in the future.”

Read more about data protection

Read more on Privacy and data protection

Data Center
Data Management