NEWS10 September 2021

Consultation launched on plans to overhaul UK data regime

Brexit GDPR News Privacy Public Sector UK

UK – The government plans to overhaul the Information Commissioner’s Office (ICO) and diverge from what it calls a “one-size-fits-all” approach to data protection, as part of post-Brexit reforms to data laws.

corner of whitehall and downing street

The Department for Digital, Culture, Media & Sport (DCMS) has launched its consultation on plans to change the UK’s regulatory system for data, first announced in August.

The government said it will “build on” key elements of the current data protection regime (the UK General Data Protection Regulation and data Protection Act 2018 ) but will diverge from what it called a “one-size-fits-all” approach, saying that current regulations “place disproportionate burdens on many organisations”, according to a DCMS statement.

As part of the proposed reforms, which follow the publication of a national data strategy last year, the government wants to broaden the remit of the ICO and introduce a new governance model, including an independent board and chief executive, similar to the approach of other regulators including the Competition and Markets Authority (CMA).

The government is also exploring whether there is a need for a power which explicitly allows the ICO to compel witnesses to be interviewed during investigations. 

John Edwards, currently New Zealand’s privacy commissioner, has already been named as the preferred candidate for the new information commissioner, with Elizabeth Denham’s term set to expire.

According to the consultation document, the UK GDPR’s data processing principles, data rights for citizens and mechanisms for enforcement will continue to underpin the new regime and the ICO’s toolkit remains “fundamentally fit for purpose”.

The government is proposing to consolidate and bring together research-specific provisions, which it says would offer greater clarity to the range of relevant provisions and how they relate to each other.

It also wants to incorporate a clearer definition of scientific research into data protection legislation, which has been a topic of recent focus in the context of GDPR

The consultation is open until 19th November.

Chris Combemale, chief executive, the Data & Marketing Association, said: “The DMA welcomes the consultation on future data protection legislation. We strongly support the proposed approach of maintaining the key principles of GDPR while clarifying areas of confusion and simplifying onerous administrative burdens on businesses. The government proposals appear to be sensible and pragmatic on ways to create greater clarity and certainty for businesses while maintaining a high level of consumer protection.

“By maintaining the core framework of UK GDPR, with improvements, we hope that it will be possible for UK to be the world’s most innovative economy while maintaining an equivalent or higher level of data protection. The DMA has strongly supported the National Data Strategy and will support a data protection regime that creates successful outcomes for people, business, government and society more broadly.”

Jane Frost, chief executive, Market Research Society, said: “It is important that regulation of data management is kept under review as the changes in technology and thus possible applications of data, both positive and negative, are moving ahead so fast.

“Our sector is based on the trust people have in how we use their data and we undermine that trust at our peril. Informed consent is an important principle and a basis of that trust. As with all regulations the interpretation and application of any new legislation will be as important as the legislation itself.”

The government has also appointed several new members to the Centre for Data Ethics and Innovation (CDEI) advisory board:

  • Jack Clark, co-founder of Anthropic and former policy director, OpenAI
  • Eddie Copeland, director, the London Office of Technology and Innovation
  • Rumman Chowdhury, director of machine learning ethics, transparency and accountability, Twitter
  • Martin Hosken, chief technologist for cloud services, VMware
  • Jessica Lennard, senior director of global data and AI Initiatives, Visa
  • Marion Oswald, vice-chancellor’s senior fellow in law at Northumbria University, chair of the West Midlands Police and Crime Commissioner and West Midlands Police Data Ethics Committee
  • James Plunkett, executive director of advice & advocacy, Citizens Advice
  • Mimi Zou, co-founder and chief executive, Deriskly and associate professor, University of Reading School of Law

The CDEI has not yet appointed a chair to replace Roger Taylor. Edwina Dunn, current deputy chair, has been appointed to the position of interim chair while the appointment process continues.

Additionally, Baroness Kate Rock, conservative peer in the House of Lords and senior adviser at Instinctif Partners, Faculty chief commercial officer Richard Sargeant and Adrian Weller, programme director for AI at The Alan Turing Institute, have been reappointed to the advisory board.