Data, which direction? How can the Government best reform its data protection regime?
On 9 February, techUK hosted a virtual panel discussion focussed on the Government’s plans to reform its data protection regime, outlined in the DCMS consultation, Data: a new direction. The panel explored why reform to the UK data protection framework was needed, the opportunities and risks that reform could give to the UK’s economy, businesses, and citizens, and how to strike the right balance between the two.
The panel included:
- John Whittingdale, MP
- Imogen Parker, Associate Director for Policy, Ada Lovelace Institute
- Matthew Peake, Global Director of Public Policy, Onfido
- Dr Mahlet (Milly) Zimeta, Head of Public Policy, Open Data Institute (ODI)
- Neil Ross, Head of Policy, techUK (Chair)
You can watch the full webinar here, or read our summary of the key insights below:
The panellists offered their perspectives on the Government’s consultation, Data: a new direction, and discussed some of the opportunities and risks of the proposed reforms. A summary of the main points raised by the panellists can be found below. You can also find a summary of techUK’s response to the data reform consultation here, as well as case studies on how members are using personal data to develop innovative products and services, here.
Please note that the below is a summary of the event, and readers are encouraged to watch the webinar to understand the full details of the discussion.
Seizing the right moment
John Whittingdale, MP opened the discussion by setting out the Government’s ambitions in reforming the data protection regime and several reasons why this extensive exercise is being carried out now. These included the opportunity to revisit legislation inherited from the European Union (EU), now that the UK has withdrawn from the EU, to take stock of learnings from data-driven responses to the pandemic, and position the UK as a global leader in digital, such as by leveraging its G7 Presidency.
These points were echoed by Matthew Peake, Onfido who emphasised that the pandemic has accelerated the adoption of online digital products and services. Additionally, the GDPR has been implemented long enough to reveal its downsides, as well as its ability to shape the development of nascent technologies such as AI and Digital Identity products and services. Reform to the data protection regime is one part of the equation in helping to level the playing field for smaller companies to innovate.
Enabling responsible, data-driven innovation
John Whittingdale, MP explored how reform to the data protection regime could support businesses to innovate. Proposals set out in Data: a new direction, aim to simplify and clarify aspects of the GDPR which have historically caused uncertainty for organisations storing and processing personal data. By addressing this, data can be more easily used for purposes which are in the interest of the public and economy, such as scientific research and the development of nascent technologies such as AI. However, for these reforms to be effective, the trust of the public must be maintained.
Imogen Parker, Ada Lovelace Institute underscored the importance of public trust by highlighting research which showed that public awareness of data use is growing, and people want specific, granular, and accessible information on how their personal data is being used. Milly Zimeta, ODI added to this by making the point that public comfort or discomfort on data is not static and will be an ongoing process that decision-makers must consider when implementing short-term interventions, such as reform to the data protection regime.
Matthew Peake, Onfido offered the industry perspective by sharing how (re)using personal data responsibly has been essential for businesses like Onfido to innovate, particularly in advancing the ethical development and deployment of AI systems. Reform to the GDPR is exciting as it opens opportunities for businesses by clarifying aspects of the regulation and delivering provisions that could support innovation. However, there is a need to balance the UK’s ambitions to become a global data hub, with the need to preserve frictionless flows of data across borders, including adequacy with the EU and securing new adequacy agreements with key territories around the world.
Milly Zimeta, ODI made the point that if more data is being made available, the value it delivers must be distributed equally across society. That means assessing whether the right conditions are in place to ensure that all players, including smaller companies, can make the best use of available data.
Striking the right balance between risk and opportunity
Imogen Parker, Ada Lovelace Institute weighed up the opportunities reform to the data protection regime could open for innovation with the risks of the public feeling out of control of how their data is being used. Reforms in the consultation which could expose these risks include provisions that allow the processing of personal data for broad areas of scientific research not yet identified and the development of an exhaustive list of legitimate interests which may not be able to effectively ensure that appropriate safeguards are in place to protect personal data.
Equally, Imogen Parker, Ada Lovelace Institute pointed to some of the promising proposals in the consultation, such as recommendations around algorithmic accountability and transparency.
Milly Zimeta, ODI brought a new perspective, by suggesting that Government should consider the approach taken in the GDPR which heavily focuses on individual rights, and how it could be adapted to better consider collective rights and the inequitable nature of privacy harms. For example, she highlighted different communities which may be more vulnerable to data breaches, or how the availability of personal data may disproportionately impact particular ethnic and social groups. The ODI sees the data reform consultation as providing an opportunity to recognise and address these questions around collective rights, harms, and benefits.
On opportunities, Milly Zimeta, ODI raised the point that there is a real opportunity to rethink data governance. If we reframe data protection as a subset of data governance, it opens obligations to not only protect data, but to also share it for the public good
Closing remarks
Neil Ross, techUK closed the panel by asking John Whittingdale, MP how his colleagues may approach responding to the consultation, which received almost 3,000 submissions.
John Whittingdale said the ambition should be to publish a response to the consultation soon, to allow for enough time for legislation to be passed in the next parliamentary session.
Please see here for techUK’s full response to Data: a new direction.
This blog is part of a series exploring the UK's upcoming reform to its data protection regime. Learn more here.
Dani Dhiman
Dani worked as Policy Manager for Artificial Intelligence & Digital Regulation at techUK betweeen October 2021 to June 2024.
Neil Ross
As Associate Director for Policy Neil leads on techUK's public policy work in the UK. In this role he regularly engages with UK and Devolved Government Ministers, senior civil servants and members of the UK’s Parliaments aiming to make the UK the best place to start, scale and develop a tech business.