UK Data Minister explains the plans to reform data protection law

Julia Lopez, Minister of State for Media, Data, and Digital Infrastructure, explained the government’s drive to reform the data protection law in a TechUK online conversation today. She explained that this reform was part of the government’s National Data Strategy to unlock the power of data.

This represents evolution not revolution. “We are not ripping up the data protection regime and starting with a clean sheet.”

Would risks to the independence of the ICO endanger the UK’s adequacy status of the ICO? I will use my powers “sparingly. We are going to be a high standard data protection country.” The ICO would have more powers to deal with nuisance calling.

There is a risk of “policy silos” so “regulatory coherence” is important when combatting, for example, online harms. Lopez said that she supports the collaboration represented by the Digital Regulation Cooperation Forum bringing together the ICO with the Competition and Markets Authority, the Office of Communications and the Financial Conduct Authority.

“Trust of citizens in the new framework is vital,” she said.

She summed up her policy as “trying to achieve agility without upsetting the cart.”

Her policy team responded to areas of concern:

  1. The UK’s reform is retaining the EU’s GDPR’s principles.
  2. There is a proposal to introduce a formal duty for the ICO and the DCMS to cooperate.
  3. The DCMS is engaging with the European Commission in regular discussions including on the new policy paper. One of the team said we think that the UK’s reform programme “will not tip us over the adequacy edge.”
  4. Is there is any point in organisations spending time and money making changes for new requirements in the UK if they also do business across the European Economic Area? The welcome answer was “if an organisation is complying with the EU GDPR, then there is nothing in its policy which will need to be changed. So organisations can continue to do what they are doing.”
  5. PL&B asked for the UK’s priority countries for negotiating International Data Agreements? The answer was the US, Australia, Korea, Singapore, the Dubai International Finance Centre, Colombia, India, Brazil, Kenya and Indonesia.
  6. The right to challenge automated decision-making is not being removed but revised to remove ambiguities, for example, the meaning of “significant effects” and “solely automated”.

In short, the reform programme is “a huge opportunity to make improvements…mindful of rights of individuals. If we get it right, that should take care of EU adequacy. Critical comments are helpful.”

To help understanding of the government’s reform, PL&B has organised two events at which you can put questions to the DCMS data protection reform policy team and give your feedback and recommendations:

  • There is a session at Winds of Change, PL&B’s 35th Anniversary International Conference on Tuesday 5 July: UK privacy post-Brexit: What’s changed and what’s to come?
  • We will set a new date in July for the postponed event: Memo to the DCMS Minister. A Roundtable to enable companies and their advisors, to provide feedback and constructive comments to Julia Lopez, DCMS Minister, on the government’s proposals on reforming UK data protection legislation.