show image

New national data strategy ‘threatens’ UK data adequacy resolution

The government’s new national data strategy could jeopardise Britain’s chances of securing an adequacy decision after Brexit, policy and legal experts have told NS Tech.

The strategy, which sets out to create a “world-leading data economy”, states that the UK will “seek EU ‘data adequacy’ to maintain the free flow of personal data from the [European Economic Area]” after Brexit.

The EU grants data adequacy deals to countries with equivalent data protection standards, but lawyers have previously warned that, while the UK has adopted EU data regulations, its far-reaching surveillance laws may be deemed incompatible with European legislation after Brexit.

Now, legal and policy experts have warned that the framing of the new data strategy could further undermine the UK’s case for a deal. In the foreword for the strategy, the digital secretary Oliver Dowden clarifies that “under this strategy, data and data use are seen as opportunities to be embraced, rather than threats against which to be guarded”.

The strategy’s authors acknowledge that “regulatory certainty and high data protection standards allow businesses and consumers to thrive”, but later state that “the government needs to create the conditions to support vibrant competition and innovation, which will in turn drive future growth”.

“To build a world-leading data economy, we must maintain and bolster a data regime that is not too burdensome for the average company – one that helps innovators and entrepreneurs to use data legitimately to build and expand their businesses, without undue regulatory uncertainty or risk in the UK and globally,” the document states.

One high-profile data policy expert, who spoke to NS Tech on the condition of anonymity, said the plans could threaten adequacy negotiations. “What message does the strategy send to the EU about data adequacy and our data adequacy resolution? If someone from the EU reads this, it’s going to feel like we’re planning to loosen up [our data protection laws].”

In 2018, Dominic Cummings, the Downing Street adviser who is driving much of the government’s work around technology, described GDPR as “horrific” legislation. “One of the many advantages of Brexit is we will soon be able to bin such idiotic laws,” he wrote. “We will be able to navigate between America’s poor protection of privacy and the EU’s hostility to technology and entrepreneurs.”

Commenting on the new strategy, Ross McKenzie – a partner at the law firm Addleshaw Goddard – told NS Tech the government “is walking a data tightrope”.

“It wants to be seen as a go-to centre for digital innovation – and adopt its own nuances to data protection laws making the UK an attractive home for digital tech – and this should be applauded. However, it is paramount that these efforts do not jeopardize an adequacy finding from the EU.”

McKenzie added: “Forging our own path could be cut very short if the EU thinks we are playing fast and loose with data laws and therefore refuse to grant us an adequacy finding. This would inherently undermine our attractiveness as a place to do business and would mean we have to implement cumbersome protections for the use of personal data with EU partners.”

Mark Taylor, a partner at Osborne Clarke, rejected the idea that GDPR is “an inhibitor” to creative uses of data. “The ICO in the UK has previously commented on the importance of innovation, and runs its own regulatory sandbox to support that. The key under GDPR is to be transparent about proposed uses, and consequently the challenge for personal data is to be both transformative and transparent.”

A consultation on the strategy closes on 2 December.