UK seeks divergence from GDPR to 'fuel growth'

Experts warn that deviating too much from the EU's regime would jeopardise the UK’s fragile data adequacy status

The UK in red and the EU in blue as seen in a digitised map

Digital secretary Oliver Dowden has signalled the UK will explore ways to diverge from the General Data Protection Regulation (GDPR) to find a “sweet spot” that will encourage growth in the post-COVID economic recovery.

Although he said the UK won’t be seeking to water down data protection standards, the government will explore ways to tweak the rules where there might be opportunities to encourage economic growth, according to Reuters.

However, legal experts have warned that the recently-secured draft data adequacy decision could be jeopardised if the EU sees any signs that the UK is attempting to break away from core GDPR principles.

“There is a sweet spot for the UK whereby we hold onto many of the strengths of GDPR in terms of giving people security about their data,” Dowden told reporters. “But there are obviously areas where I think we can make more progress.”

“In our rule-making, we can take a slightly less European approach as set out in GDPR by focusing more on the outcomes that we want to have and less on the burdens of the rules imposed on individual businesses.”

The digital secretary added Britain could deviate from GDPR while maintaining adequacy, arguing it wasn’t a binary choice between driving growth and sacrificing adequacy, or retaining adequacy and stifling growth. His views echo recent government assertions that the next Information Commissioner will seek to correct an apparent “imbalance” favouring privacy rights.

However, a lecturer in digital rights and regulation with UCL’s Faculty of Law, Dr Michael Veale, argued that the draft decision is highly fragile and that there’s a serious risk it won’t be translated into a formal agreement.

“It barely mentions this very large elephant in the room, which is the UK’s surveillance regime,” he said, listing an example during a policy event on Tuesday. “Another data flow that we’ve seen many times is the data flow between the UK and the US, and in practice, the Court of Justice of the European Union (CJEU) has been very clear in other cases about factors which seem to directly contradict what we see in the UK regime.

“Potentially the largest risk to data flows is that the UK will become an onward transfer hub for information to the United States in particular. The CJEU has held many times that the US surveillance regime provides negligible protection to foreigners, negligible standing of any type in court or judicial remedy, and in these cases, when data is flowing to the UK, data can flow to data intelligence regimes effectively based on a political decision by the secretary of state.”

Although the government has signalled its intent to deviate from GDPR, it is yet to detail exactly how that will happen or why such a deviation is necessary.

Phil Earl, deputy director for data strategy implementation within Dowden's own department and also present at Tuesday's policy event, admitted that the government's anxieties were largely based around the perception that GDPR has created, adding that any evidence of GDPR serving as a barrier to growth was largely anecdotal, with the wider discourse around GDPR fostering a culture of fear in which businesses hadn't been given the confidence to innovate.

Dowden's comments come just weeks after the EU granted the UK two draft decisions on data adequacy, meaning that it considers the UK’s data protection laws and standards to be compatible with its own.

While a positive outcome wasn’t in doubt - given how closely the UK's Data Protection Act 2018 reflects GDPR - of greater concern was the time it would take to reach a decision following Brexit. Delays in reaching an agreement would have disrupted data flows between the EU and the UK, and potentially harmed the economy.

Now, EU lawmakers are likely to be on alert following Dowden’s comments, given the fragile nature of the draft decision and ongoing concerns about the UK’s commitment to GDPR. Last year, for example, the European Data Protection Board (EDPB) called into question the UK’s prospective adequacy status in light of a preliminary data sharing-agreement struck between the UK and the US.

While not commenting on any data-sharing relationship with the US specifically, Dowden echoed the government’s previous sentiments that Britain could move faster than the EU to strike data-sharing deals with non-EU countries.

The government has also said it won't move at speed to change the UK’s data protection regime, and would only draft proposals after consulting with UK organisations. These will be fed into a wider set of policies based on using technology to boost economic growth, once the effects of the pandemic have waned.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021