techUK sets out six bold principles for future UK data policy
Read techUK's full paper, Six Principles for Future UK Data Governance here.
Data is a foundational part of the UK’s economic growth and competitiveness; its use is projected to have added at least £241 billion in value to the UK economy between 2015 and 2020.
As the world becomes even more connected, and the deployment of new technologies such as artificial intelligence rapidly accelerates, the importance and need for good, high-quality data, and trust from all actors involved in data processing increases.
Setting the right data governance framework for the UK will be vital in facilitating this and in realising our ambition to be a world leading innovative economy and society. The UK’s data governance framework must support good data availability, promote good data quality, trusted pathways, and transparency for the sharing, use and re-use of data and be underpinned by strong data protection rights. This will be key for supporting innovation, accelerating the digitalisation of the UK economy, and improving policy making at all levels of Government.
The UK’s withdrawal from the European Union (EU) has created a unique opportunity to take a new approach tailored for the UK and its envisaged place in the world. The Government’s National Data Strategy (NDS) and DCMS consultation, Data: a new direction outlines ambitious proposals which we believe will enable the UK to set principles for data governance at home and lead debates on global data governance.
However, to make the most of this opportunity, the UK needs to be bold and seize the initiative for reform. techUK and our members have identified six principles which should be embedded into the implementation of the NDS and the UK’s future data protection regime to help achieve this aim.
The six principles are:
- Securing strong safeguards for personal data protection and a pro-innovation regulatory environment,
- Setting the UK on the right track to unlock the value of data across the economy and society (non-personal and personal data),
- Improving data access for cutting-edge research and development (R&D),
- Strengthening the UK’s cyber resilience to protect UK data infrastructure,
- Enabling the global free flow of data with safeguards,
- Taking a firm line against data localisation at home and abroad.
Securing strong safeguards for personal data protection and a pro-innovation regulatory environment
It is crucial that any reform to the data protection regime seeks to maintain high levels of public confidence in the system, by protecting effective mechanisms for redress in the GDPR. This includes making sure subject access requests remain free, ensuring human reviews of automated decisions remain where those decisions have significant or legal effects, as well as maintaining the independence of the ICO as the regulator.
Setting the UK on the right track to unlock the value of data across the economy and society
The use of personal and non-personal data is growing rapidly, enabling a pace of innovation that is allowing businesses to offer individuals access to new and improved products and services.
The Government needs to step up work in the National Data Strategy to appropriately equip individuals with the right data skills to participate in the digital economy. There is also a need for increased collaboration between Government, and the public and private sector by seeking to improve data availability to different sectors of the economy and creating trusted avenues for voluntary data sharing. This includes accelerating reforms to smart and open data.
Improving data access for cutting-edge research and development (R&D)
The current GDPR is an example of regulation that has caused legal uncertainty for businesses seeking to innovate, with some being unable or choosing not to use data to the fullest extent due to a lack of clarity in the law. The Government has proposed several reforms that, if upheld by proper safeguards and regulatory guidance, would offer organisations effective and trusted mechanisms to re-use personal data for research purposes.
techUK is calling for the introduction of an exhaustive list of common processing activities under legitimate interests to support UK based innovators. This proposal would offer businesses greater legal certainty, reduce administrative and legal burdens, and mitigate re-use limitations associated with consent, which businesses often rely on as a lawful base.
This opportunity must be seized to ensure the benefits are captured as widely as possible. Product development should be kept within scope of the GDPR’s statutory definition of “scientific research,” to reflect the contribution of UK businesses to R&D, which amounted to £25 billion or over two-thirds of all R&D funding in 2018.
Strengthening the UK’s cyber resilience to protect UK data infrastructure
Government must ensure that data remains protected in transit and when stored or processed at home or abroad. Robust data infrastructure is crucial for this. techUK says Government must seek to understand the scale and nature of potential cybersecurity risks, as well as develop appropriate escalation paths to address them, including keeping track of new and emerging trends. Collaboration with industry will be essential in this process.
Enabling the global free flow of data with safeguards
The Government’s proposal to shift to a more proportionate and risk-based approach to its own adequacy agreements with likeminded third countries and regional blocs is a positive step-forward in setting a new international model for international data flows. However, Government should take steps to ensure the confidence of partners in the UK system is upheld. Achieving this will be vital to maintaining the UK’s adequacy decision with the EU.
Taking a firm line against data localisation at home and abroad
As countries develop their thinking on data protection, there has been a concerning shift towards data localisation policies which pose a serious threat to the future of international trade and innovation. To be an effective advocate for increased international digital trade cooperation, the UK Government must address its own disconnect between its global commitment to push back against this trend, and its policy interventions at home, which have contained provisions that promote data localisation.
“Developing a clearer, more trusted and innovation-enabling data governance system is one of the most obvious opportunities of Brexit. In doing so, the UK must find the right balance between upholding citizens’ rights, allowing data to be reused for research and innovation, while also supporting global data flows. By putting forward these principles for reform, techUK believes the UK can strike this balance and unlock the next wave of data driven innovation. However, the Government will need to be bold and embrace these opportunities, otherwise risks only achieving half-hearted changes, and creating extra compliance for UK businesses without seizing any of the benefits for increasing UK R&D and innovation.”
This blog is part of a series exploring the UK's upcoming reform to its data protection regime. Learn more here.