The General Data Protection Regulation, better known as GDPR, had many repercussions for UK businesses when it came into force a little over three years ago, and is the reason every website you visit asks you to accept cookies. It was a pan-European scheme Britain accepted even as it was preparing to leave the European Union. Culture Secretary Oliver Dowden has made clear the UK will now chart its own territory on internet regulation.
Some businesses were surprised by this announcement, after spending considerable time and money making themselves GDPR compliant. But there was a certain inevitability to this. As we were in the throes of grappling with the new rules in May 2018, one of the most frequent questions I heard was “will this still apply once we’ve left the EU?”
Fastforward to September, 2021: we’ve left the EU. Post-Brexit, the UK wants to be a global leader in data, with a pro-data sharing and pro-data economy. It’s no surprise that ministers are keen to take advantage of the freedom it has to write its own data privacy regulations. The UK digital sector employs around 1.5 million people and is worth £400m a day to the UK economy – almost 8 per cent.
To this end, it is vital to the nation’s economy that we have uninterrupted international data flows. How we share data is an integral part of how our future economy will function. In the same way we strike trade deals, hashing out agreements with countries across the world on how data will flow across borders must be at the forefront of Dowden’s plan.
Being unconditionally bound to GDPR has been an inhibitor to innovative data agreements. However, the data rulebook must not be torn up just to prove that we can. The EU has already threatened to “immediately” revoke data-sharing agreements with the UK if we steer too far from their ship. The whole point of relaxing data regulation is to help businesses grow in a pro-data economy. If we break up with the EU over data, these businesses will be hurt by the uncertainty.
Of course, we must continue to ensure data collected is not shared with third parties without permission. Privacy must be foremost in our thinking. We will need to manage data ethically and store it securely. These are fundamental principles of data privacy rather than strips of bureaucratic red tape.
Managing this balance while creating enough breathing room for innovation will be a delicate dance for officials. The government has announced a National Data Strategy, the success of which will be crucial to the UK’s economic growth. We must find a way to embrace the best of data sharing to make it a public good.
The Data Saves Lives strategy, launched by the NHS’ digital arm, was an excellent example of where data can be used well – to improve healthcare outcomes and the quality of care provided. In the wake of its announcement, however, there was a reluctance to share data, even with the NHS. Failing to create robust protections for people’s data will undermine faith in data sharing and as a result, the good which can be achieved from an abundance of information.
Public sectors such as education, transport and local government can all thrive if there is more access to information. School curriculums can become tailored to fit the needs of kids in different areas and train timetables could be more efficient. Dialling back our reliance on GDPR will accelerate this area of growth.
As somebody who advises public sector organisations on their data strategies every day, it would be remiss not to make the point that we must continue to renew and evolve our approach to regulation in line with the changing needs of our digital economy.
Dowden’s claim that GDPR was a “box-ticking” exercise was a misguided shot at European regulations. The role of data is to give UK citizens more power over how their data is used, and build confidence in sharing information which will help businesses and services grow. This is not a post-Brexit triumph, it is merely sensible evolution.