The UK authorities has named the particular person it desires to take over as its chief knowledge safety watchdog, with sitting commissioner Elizabeth Denham overdue to vacate the publish: The Division of Digital, Tradition, Media and Sport (DCMS) right this moment stated its most well-liked alternative is New Zealand’s privateness commissioner, John Edwards.
Edwards, who has a authorized background, has spent greater than seven years heading up the Workplace of the Privateness Commissioner In New Zealand — along with different roles with public our bodies in his house nation.
He’s maybe finest identified to the broader world for his verbose Twitter presence and for taking a public dislike to Fb: Within the wake of the 2018 Cambridge Analytica knowledge misuse scandal Edwards publicly introduced that he was deleting his account with the social media — accusing Fb of not complying with the nation’s privateness legal guidelines.
An anti-‘Massive Tech’ stance aligns with the UK authorities’s agenda to tame the tech giants as it really works to herald safety-focused laws for digital platforms and reforms of competitors guidelines that take account of platform energy.
If confirmed within the position — the DCMS committee has to approve Edwards’ appointment; plus there’s a ceremonial nod wanted from the Queen — he might be becoming a member of the regulatory physique at an important second as digital minister Oliver Dowden has signalled the beginnings of a deliberate divergence from the European Union’s knowledge safety regime, post-Brexit, by Boris Johnson’s authorities.
Dial again the clock 5 years and prior digital minister, Matt Hancock, was defending the EU’s Common Information Safety Regulation (GDPR) as a “respectable piece of laws” — and suggesting to parliament that there can be little room for the UK to diverge in knowledge safety post-Brexit.
However Hancock is now out of presidency (aptly sufficient after a knowledge leak confirmed him breaching social distancing guidelines by kissing his aide inside a authorities constructing), and the federal government temper music round knowledge has modified key to one thing much more brash — with sitting digital minister Dowden framing unfettered (i.e. deregulated) data-mining as “an excellent alternative” for the post-Brexit UK.
For months, now, ministers have been eyeing how one can rework the UK’s present (legacy) EU-based knowledge safety framework — to, primarily, scale back consumer rights in favor of soundbites heavy on claims of slashing ‘pink tape’ and turbocharging data-driven ‘innovation’. After all the federal government isn’t saying the quiet half out loud; its press releases speak about utilizing “the ability of information to drive development and create jobs whereas holding excessive knowledge safety requirements”. However these requirements are being reframed as a fig leaf to allow a brand new period of information seize and sharing by default.
Dowden has stated that the emergency data-sharing which was waived via through the pandemic — when the federal government used the urgent public well being emergency to justify handing NHS knowledge to a raft of tech giants — must be the ‘new regular’ for a post-Brexit UK. So, tl;dr, get used to dwelling in a regulatory disaster.
A particular taskforce, which was commissioned by the prime minister to analyze how the UK might reshape its knowledge insurance policies outdoors the EU, additionally issued a report this summer season — through which it beneficial scrapping some components of the UK’s GDPR altogether — branding the regime “prescriptive and rigid”; and advocating for adjustments to “release knowledge for innovation and within the public curiosity”, because it put it, together with pushing for revisions associated to AI and “development sectors”.
The federal government is now making ready to disclose the way it intends to behave on its urge for food to ‘reform’ (learn: scale back) home privateness requirements — with proposals for overhauling the info safety regime incoming subsequent month.
Talking to the Telegraph for a paywalled article revealed yesterday, Dowden trailed one change that he stated he desires to make which seems to focus on consent necessities — with the minister suggesting the federal government will take away the authorized requirement to achieve consent to, for instance, monitor and profile web site guests — all of the whereas framing it as a pro-consumer transfer; a technique to dispose of “infinite” cookie banners.
Solely cookies that pose a ‘excessive threat’ to privateness would nonetheless require consent notices, per the report — no matter which means.
“There’s an terrible lot of useless forms and field ticking and truly we must be how we are able to deal with defending folks’s privateness however in as gentle a contact method as potential,” the digital minister additionally informed the Telegraph.
The draft of this Nice British ‘gentle contact’ knowledge safety framework will emerge subsequent month, so all of the element remains to be to be set out. However the overarching level is that the federal government intends to redefine UK residents’ privateness rights, utilizing meaningless soundbites — with Dowden touting a plan for “widespread sense” privateness guidelines — to cowl up the truth that it intends to scale back the UK’s at present world class privateness requirements and change them with worse protections for knowledge.
Should you reside within the UK, how a lot privateness and knowledge safety you get will rely upon how a lot ‘innovation’ ministers wish to ‘turbocharge’ right this moment — so, sure, be afraid.
It’ll then fall to Edwards — as soon as/if authorised in publish as head of the ICO — to nod any deregulation via in his capability because the post-Brexit data commissioner.
We are able to speculate that the federal government hopes to slide via the devilish element of the way it will torch residents’ privateness rights behind flashy, distraction rhetoric about ‘taking motion towards Massive Tech’. However time will inform.
Information safety consultants are already warning of a regulatory stooge.
Whereas the Telegraph suggests Edwards is seen by authorities as a perfect candidate to make sure the ICO takes a “extra open and clear and collaborative strategy” in its future dealings with enterprise.
In a very eyebrow elevating element, the newspaper goes on to report that authorities is exploring the thought of requiring the ICO to hold out “financial affect assessments” — to, within the phrases of Dowden, be certain that “it understands what the fee is on enterprise” earlier than introducing new steering or codes of observe.
All too quickly, UK residents could discover that — within the ‘sunny post-Brexit uplands’ — they’re afforded precisely as a lot privateness because the market deems acceptable to offer them. And that Brexit really means watching your basic rights being traded away.
In a press release responding to Edwards’ nomination, Denham, the outgoing data commissioner, appeared to supply some flippantly coded phrases of warning for presidency, writing [emphasis ours]: “Information pushed innovation stands to convey huge advantages to the UK financial system and to our society, however the digital alternative earlier than us right this moment will solely be realised the place folks proceed to belief their knowledge might be used pretty and transparently, each right here within the UK and when shared abroad.”
The lurking iceberg for presidency is in fact that if wades in and rips up a fastidiously balanced, gold commonplace privateness regime on a soundbite-centric whim — changing a pan-European commonplace with ‘something goes’ guidelines of its/the market’s selecting — it’s setting the UK up for a post-Brexit way forward for home knowledge misuse scandals.
You solely have to take a look at the dire parade of information breaches over within the US to glimpse what’s coming down the pipe if knowledge safety requirements are allowed to slide. The federal government publicly bashing the personal sector for adhering to lax requirements it deregulated might quickly be the brand new ‘get popcorn’ second for UK coverage watchers…
UK residents will certainly quickly be taught of unfair and unethical makes use of of their knowledge underneath the ‘gentle contact’ knowledge safety regime — i.e. after they examine it within the newspaper.
Such an strategy will certainly be setting the nation on a path the place distrust of digital providers turns into the brand new regular. And that in fact might be horrible for digital enterprise over the longer run. However Dowden seems to lack even a floor understanding of Web fundamentals.
The UK can also be in fact setting itself on a direct collision course with the EU if it goes forward and lowers knowledge safety requirements.
It is because its present knowledge adequacy take care of the bloc — which permits for EU residents’ knowledge to proceed flowing freely to the UK — was granted solely on the idea that the UK was, on the time it was inked, nonetheless aligned with the GDPR. So Dowden’s rush to tear up protections for folks’s knowledge presents a transparent threat to the “vital safeguards” wanted to keep up EU adequacy. That means the deal might topple.
Again in June, when the Fee signed off on the UK’s adequacy deal, it clearly warned that “if something adjustments on the UK facet, we are going to intervene”.
Add to that, the adequacy deal can also be the primary with a baked in sundown clause — that means it’s going to mechanically expire in 4 years. So even when the Fee avoids taking proactive motion over slipping privateness requirements within the UK there’s a onerous deadline — in 2025 — when the EU’s govt might be sure to look once more intimately at precisely what Dowden & Co. have wrought. And it in all probability gained’t be fairly.
The long run UK ‘plan’ (if we are able to put it that method) seems to be to interchange home financial reliance on EU knowledge flows — by looking for out different jurisdictions that could be pleasant to a privacy-light regime governing what will be accomplished with folks’s data.
Therefore — additionally right this moment — DCMS trumpeted an intention to safe what it billed as “new multi-billion pound international knowledge partnerships” — saying it’s going to prioritize hanging ‘knowledge adequacy’ “partnerships” with the US, Australia, the Republic of Korea, Singapore, and the Dubai Worldwide Finance Centre and Colombia.
Future partnerships with India, Brazil, Kenya and Indonesia will even be prioritized, it added — with the federal government division cheerfully glossing over the very fact it’s UK residents’ personal privateness that’s being deprioritized right here.
“Estimates recommend there may be as a lot as £11 billion price of commerce that goes unrealised around the globe attributable to obstacles related to knowledge transfers,” DCMS writes in an ebullient press launch.
Because it stands, the EU is in fact the UK’s largest buying and selling associate. And statistics from the Home of Commons library on the UK’s commerce with the EU — which you gained’t discover cited within the DCMS launch — underline fairly how tiny this potential Brexit ‘knowledge bonanza’ is, provided that UK exports to the EU stood at £294 billion in 2019 (43% of all UK exports).
So even the federal government’s ‘financial’ case to water down residents’ privateness rights appears to be overvalued with the identical form of misleadingly vacuous nonsense as ministers’ reframing of a post-Brexit UK as ‘International Britain’.
Everybody hates cookies banners, certain, however that’s a case for strengthening not weakening folks’s privateness — for making non-tracking the default setting on-line and outlawing manipulative darkish patterns in order that Web customers don’t continually need to affirm they need their data protected. As an alternative the UK could also be poised to do away with annoying cookie consent ‘friction’ by permitting a free for all on residents’ knowledge.