21 Jan 2022

The right approach to data now will drive economic growth

Guest blog: Hugh Milward, Microsoft UK's General Manager, Corporate, External and Legal Affairs talks about the upcoming reform to the UK data protection regime.

Read the original post by Hugh Milward here

We're at a moment in time to design a pro-growth, trusted and innovation-friendly data protection regime that can help deliver UK science and technology superpower status by 2030.

Screenshot 2022-01-21 122100.png 2


The power of data has never been so clear as during the COVID-19 pandemic. It has enabled governments to make era-defining decisions at critical moments; it has given researchers the information they need to develop the medicines of the future at an unprecedented pace; and it has helped stretched organisations become more efficient – and thrive – during a turbulent time.  

As Microsoft’s Chief Privacy Officer and Corporate Vice President, Julie Brill, set out in a recent blog, “one of the lessons we should take away from the pandemic is that we need to reframe how we talk about data and regulation. The question civil society, business, academics and governments should be asking is not if we can use data but rather how we can enable responsible data use to create a better world and protect fundamental human rights.” 

As we look to the future role of emerging technologies such as artificial intelligence (AI) and machine learning, it is clear that data will become an even more critical component of our daily lives than it already is. As part of our mission to empower every person and organisation on the planet to achieve more, Microsoft believes that data should be used responsibly to help address the most pressing, urgent problems and issues impacting our society and the environment – all while ensuring that individual privacy remains appropriately safeguarded. 

To do this, it is first important to recognise the power of data in responsible innovation. As our response to the UK government’s consultation on reform to the UK data protection regime sets out, advancements and innovations in computing technologies enable scientific discoveries which, in turn, can fuel progress and catalyse new innovations. The people driving such innovation, particularly in the health space, often rely on being able to responsibly use data – including personal data coupled with appropriate safeguards. Currently, there is a degree of confusion from researchers about how they can treat personal data, often creating an unnecessary barrier to innovation, and doing little to build trust in wider society. 

Microsoft therefore welcomes the proposals that would enable organisations to more confidently rely on the legitimate interests basis for certain types of data processing activities and help build trust and confidence for citizens in how their data is, and is not, being used. In line with Microsoft’s strong commitment to the responsible use of data, we also believe that greater clarity in the UK General Data Protection Regulation (GDPR) on what constitutes ‘scientific research’ would prevent researchers and research organisations from shying away from projects that could benefit the public. Equally, we believe legislation should reflect the fact that not just universities may pursue research in the public interest, even if they are not traditional academic institutions.  

Better access to data is vital in other contexts, too. As we set out in our consultation response, the development of AI technology will benefit from legal certainty for data access and processing, and enhanced access to non-sensitive public sector data. These steps, implemented within appropriate regulatory safeguards that ensure privacy is rigorously protected, will boost the UK’s efforts to ensure AI remains a force for public good. For example, our response notes that UK AI-powered research on water resource management will be more effective if it can draw on data from countries with similar contexts. You can learn more about our approach to AI’s role in advancing public good here.  

Data is not just an important focus for those developing emerging technologies such as AI. Today, businesses across the UK rely on cookie technology to offer a more personalised experience for their consumers. By reducing consent obligations for the use of certain types of cookies that pose limited privacy risk, the Government is taking a positive step – and one that will reduce the impact of “consent fatigue” by focusing consumers’ attention on consent interfaces that do have the potential to meaningfully impact their privacy. As we commented in our response, different types of cookies are associated with differing levels of potential privacy harms, so we believe that removing the requirement for prior consent for all cookies could have a negative impact on consumer privacy. 

The trusted flow of data across borders is also a priority for businesses of all sizes looking to provide better services to customers, operate more efficiently, and enable their employees to work more productively. We warmly welcome the government’s recognition of this principle, and our response recommends routes to entrench and further develop these responsible cross-border data flows, while instilling confidence that data will be protected regardless of location. Open flows will help the UK become the world’s eco-system for the nurturing of the smartest technology solutions.  

Equally, a UK data framework which prioritises secure, open data flows across borders – coupled with continued data adequacy alignment with the European Union – will enable the UK to boost digital trade and accelerate its drive to becoming a science and technology superpower by 2030. This will in turn allow the UK to better harness the benefits of technology across a range of applications, in both the private and public sector. 

Risks and challenges come with game-changing innovation. At Microsoft, we recognise these risks while also celebrating the role that a proactive, open and applied approach to the responsible use of data will play as the UK continues its journey to becoming a science and technology superpower. The next step on this journey will be to ensure that the UK's data protection reforms create clarity that empower organisations and individuals, while helping to build trust and confidence in society about how data can be effectively used for the public good.  

If we get the answer right to these challenges then we will, as Julie sets out, be able to “embrace an appreciation for data as a strategic part of our infrastructure that needs to be used, maintained and protected, and create regulatory support that will unlock insights to help us build a healthier and safer planet.” 

This blog is part of a series exploring the UK's upcoming reform to its data protection regime. Learn more here.



Hugh Milward

Hugh Milward

General Manager, Corporate External and Legal Affairs, Microsoft UK

Hugh Milward leads Corporate, External and Legal for Microsoft in the UK, sitting on the UK management board.  His focus includes work to help organisations overcome legal and regulatory hurdles to their technology adoption and transformation, managing some of the complex geo-political issues relating to tech, and working to ensure no one is left behind from the onward march of technology. Hugh’s background is in politics, corporate affairs, and reputation management, working for some of the world’s highest-profile brands. Hugh is a Board Director of the New West End Company, Chairing its Public Affairs committee, and a member of the Board of Directors of BritishAmerican Business.  Hugh sits on the SE Council of the CBI and on the Advisory Board of the Institute of Coding.


Related topics