New Information Commissioner, new era?

August is normally a quiet month for news but not in 2021. We received both the announcement of the priority countries for adequacy assessments by the Department of Digital, Culture, Media and Sport, and announcement of the ICO’s consultation on the UK’s new standard contractual clauses for international personal data transfers. This was followed in September by news of the appointment of John Edwards, New Zealand’s Privacy Commissioner, as the next UK Information Commissioner, and the launch of a DCMS consultation on the UK’s future data protection regime.

What will the future bring for UK data protection? In an interview for The Telegraph, Digital Secretary, Oliver Dowden, said reform of data protection rules is “one of the big prizes of leaving” the EU. We now have a chance to react to the proposed changes by responding to the consultation. Some will no doubt applaud the attempts to simplify data protection for companies and individuals alike. How will the UK government strike a balance for progressing its agenda on a more light-touch data protection regime to promote growth and innovation, and on the other hand, retain its valuable EU adequacy status? The risk is that this status can be suspended if the EU considers that the UK’s level of data protection is no longer at the same level as the EU’s. There is also the question of onward transfers, which may arise if the UK deems adequate a country, region or sector that the EU does not.

Some reforms may benefit consumers. The ICO is working with the G7 countries to alleviate the pain of cookie pop-ups.

The UK’s National Data Strategy and digital regulation in general also encompass areas other than data protection. Are we witnessing a revolution or are we changing everything for everything to remain much the same, our correspondent asks on.

Laura Linkomies
Editor, Privacy Laws & Business

September 2021