The government will ask the successor to the UK’s chief data regulator to redress an imbalance that has created a perception that our data protection regime errs too far in favour of privacy rights and against innovation.
Ministers within the Department for Digital, Culture, Media and Sport (DCMS) feel the overall regulatory approach must be ‘rebalanced’ in order to give businesses more freedom to innovate. The perfect opportunity to do so will be when the incumbent Information Commissioner, Elizabeth Denham, steps down in October 2021 after five years in the post, according to DCMS' deputy director for data strategy implementation and evidence, Phil Earl.
The secretary of state for DCMS, Oliver Dowden, will ask the next Information Commissioner to focus not just on enforcing privacy rights, but to determine how data can be better utilised in the UK. The aim will be to give businesses the confidence to innovate with data without fear of falling foul of the rules - which Earl describes as a culture of fear.
“People may have seen we’re recruiting for a new Information Commissioner,” Earl said, addressing a Westminster eForum virtual event. “And that person will be asked by the secretary of state to not just focus on privacy but to be really thinking about how they are helping to unlock the value of data again.
“I think the secretary of state would like the new Information Commissioner to not necessarily rewrite the privacy rules,” he continued. “It’s not about throwing everything out now we've left the EU; it’s about maintaining those high standards but trying to rebalance the overall approach.”
He added that much of the challenge has centred on businesses struggling to understand the rules that exist, with the current data protection regime lacking in clarity and consistent guidance. This has created uncertainty which can suppress innovation.
“We’ve seen a lot through the consultation that it’s people’s fear of doing it wrong, people’s uncertainty about what the right thing is to do, and that tends to create a risk-averse culture where you don’t do anything," he continued. “That’s the thing that we’ve got to get around.
"We’ve got to have a space where people feel more confident that they’re doing the right thing in sharing and using data, but also making sure that the right safeguards are in place and that it’s done in the right way.”
Whether there was a trade-off between creating the conditions for innovation, and sufficient enforcement, was also the subject of much discussion, with speakers offering a variety of perspectives. One characterisation offered by various commentators including Earl was that the trade-off was more of a myth and that adequate protections and the conditions for greater innovation must come hand-in-hand.
The National Audit Office’s (NAO) digital director Yvonne Gallagher, however, suggested that the true barriers to the better use of data aren’t so much related to “risk aversion” as they are to infrastructure and hardware limitations, among other material reasons.
She highlighted that one of the key issues is the presence of legacy systems across various parts of the public sector, many of which are up to 30 years old. There are also no centralised protocols in place that relates to how to handle data that’s handled by multiple government departments, including how to keep it secure as well as up-to-date.
Also disagreeing with Earl's opinion was a lecturer in digital rights and regulation with UCL, Dr Michael Veale. While those within the government may feel there’s an imbalance against innovation, Dr Veale suggested the opposite is true and this imbalance is already too far against enforcement.
“The ICO has very rarely used any of its powers, indeed in cases such as Ad-Tech where it’s found illegality on multiple fronts,” he said. “This really does question - and has been questioned now in many parliaments now around the world - as to whether the British data regulator is effective and fit for purpose in light of actually regulating.
“The advert for the recent Commissioner will not assuage these concerns, given its focus on a role for the Commissioner in promoting innovation and a role for actually enforcing data rights is very, very low on the list of qualities sought in such a Commissioner.”
