Data protection: UK to diverge from GDPR in post-Brexit overhaul of privacy rules

Government claims that a new data policy will allow innovation and economic growth, but privacy experts are sceptical and warn it could result in less privacy protections for consumers.

GDPR: A basic introduction to EU’s digital privacy laws

The UK has announced plans to change data protection and privacy laws in what the government describes as a new mandate that promotes innovation and economic growth.

A new series of 'data adequacy partnerships' will allow Britain to drive international trade with countries and bodies including the United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre and Colombia, the Department for Digital, Culture, Media & Sport (DCMS) has said.

According to the government, the data adequacy partnerships will remove the need for costly measures around data compliance when transferring personal data to other countries. In a statement, DCMS said this will happen while also ensuring that "high data protection standards are maintained".

Any changes to data transfer rules will also need to be deemed adequate by the European Union -- if they're not, there's a risk that data transfers between the United Kingdom and the EU will be affected.

The proposed changes form part of the government's plans to "use the power of data to drive growth and create jobs", although some data privacy experts have voiced concerns that the changes could be used to roll back data privacy for consumers brought in as part of General Data Protection Regulation (GDPR). 

GDPR was brought in across the European Union in May 2018, and despite the UK having voted to leave the EU, the data protection laws were applied. But now the government claims that, following Brexit, the country can benefit from diverging its data protection laws from the rest of Europe. 

"Now that we have left the EU I'm determined to seize the opportunity by developing a world-leading data policy," said Secretary of State for Digital, Culture Media and Sport Oliver Dowden.

"It means reforming our own data laws so that they're based on common sense, not box-ticking," he added  

In an interview with The Telegraph, Dowden singled out policies around "pointless" cookie requests as something the UK could now diverge from -- but several data privacy experts have pointed out that cookies come under a completely different directive to GDPR.

Data privacy experts have also voiced concerns that the proposed plans will change the role of the Information Commissioner's Office (ICO) from being a privacy regulator to promoting economic growth.

A DCMS spokesperson told ZDNet "we're not going to compromise our high data standards and people's privacy and data protection".

The government is set to launch a consultation on the role of the ICO in September so that "it can be empowered to encourage the responsible use of data to achieve economic and social goals as well as preventing privacy breaches before they occur".

DCMS has also announced a preferred successor to Elizabeth Denham as Information Commissioner: John Edwards, who is currently New Zealand's Privacy Commissioner

"There is a great opportunity to build on the wonderful work already done and I look forward to the challenge of steering the organisation and the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all," said Edwards. 

According to Oliver Dowden, Edwards brings the experienced required to "pursue a new era of data-driven growth and innovation at the ICO". 

"John Edwards's vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals," Dowden added. 

MORE ON CYBERSECURITY