Data underpins innovation and the global digital economy, everyday apps and cloud computing systems. It allows businesses to trade, drives international investment, supports law enforcement agencies tackling crime, the delivery of critical public services and health and scientific research.
The government is outlining the first territories with which it will prioritise striking ‘data adequacy’ partnerships now it has left the EU as the United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre and Colombia.
It is also confirming that future partnerships with India, Brazil, Kenya and Indonesia are being prioritised.
These new data adequacy partnerships, which will be subject to assessments that ensure high data protection standards, will build significantly on the £80 billion of data-enabled service exports to these 10 destinations from the UK every year.
Estimates suggest there is as much as £11 billion worth of trade that goes unrealised around the world due to barriers associated with data transfers*.
The aim is to move quickly and creatively to develop global partnerships which will make it easier for UK organisations to exchange data with important markets and fast-growing economies. These new partnerships will build on the existing 42 adequacy arrangements the UK has in place with countries around the world.
It is part of new plans to use the power of data to drive growth and create jobs while keeping high data protection standards. It will work hand in hand with the UK’s trade agreements and support the country’s ambitious trade agenda to unlock data flows and minimize unjustified barriers or conditions.
The government also today names New Zealand Privacy Commissioner John Edwards as its preferred candidate to be the UK’s next Information Commissioner, following a global search.
As Information Commissioner and head of the UK regulator responsible for enforcing data protection law, he will be empowered to go beyond the regulator’s traditional role of focusing only on protecting data rights, with a clear mandate to take a balanced approach that promotes further innovation and economic growth.
Plans to consult on the future of the country’s data regime are also being confirmed. The aim is to make the country’s data regime even more ambitious, pro-growth and innovation-friendly, while still being underpinned by secure and trustworthy privacy standards.
Digital Secretary Oliver Dowden said:
Now that we have left the EU I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK.
That means seeking exciting new international data partnerships with some of the world’s fastest growing economies, for the benefit of British firms and British customers alike.
It means reforming our own data laws so that they’re based on common sense, not box-ticking. And it means having the leadership in place at the Information Commissioner’s Office to pursue a new era of data-driven growth and innovation. John Edwards’s vast experience makes him the ideal candidate to ensure data is used responsibly to achieve those goals.
John Edwards said:
It is a great honour and responsibility to be considered for appointment to this key role as a watchdog for the information rights of the people of the United Kingdom.
There is a great opportunity to build on the wonderful work already done and I look forward to the challenge of steering the organisation and the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all.
International data partnerships
Having left the EU, the Digital Secretary now holds powers to strike data adequacy partnerships with partners around the world.
The government believes it can unlock more trade and innovation by reducing unnecessary barriers and burdens on international data transfers, thereby opening up global markets to UK businesses. In turn this will help give UK customers faster, cheaper and more reliable products and services from around the world.
International data transfers are vital for everyday activities such as GPS navigation, video calls with family and friends, online banking, powering apps people use on a daily basis, retail, and businesses’ back office delivery.
Data adequacy partnerships, with countries or sectors which have high data protection standards, means organisations do not have to implement costly compliance measures to share personal data internationally.
Securing these arrangements will be a significant step in the UK’s ongoing plans to unlock the power of data to drive UK growth and innovation.
It will build on the adequacy arrangements the UK already has in place with international partners including New Zealand, Japan and Canada, as well the Crown Dependencies of Jersey, the Bailiwick of Guernsey and the Isle of Man.
The move will strengthen existing relationships and make data-enabled trade easier, quicker and safer.
A Mission Statement on the UK’s approach to international data transfers and the ‘UK Adequacy Manual’ are also being published today. These will be used to inform the assessment of a territory’s commitment to high data protection standards.
These are alongside a call for experts to form a new council to inform and consult on the UK’s international data transfers policy. The council will consist of the brightest and best minds from across the globe and be drawn from industry, academia and civil society.
The government is also looking at potential future data sharing partnerships with other fast-growing economies such as Kenya, India, Brazil and Indonesia and will set out more details in the coming months.
New Information Commissioner
The country’s experience of fighting the COVID-19 pandemic demonstrated the power of using personal data responsibly in the public interest and the benefits of collaboration between the public and private sectors.
Data empowered startups to build real-time dashboards with the NHS to pinpoint where ventilators, beds and medics were needed the most. It helped the National Shielding Service to prioritise grocery deliveries to the vulnerable during the height of the pandemic; and major drug treatment and vaccine breakthroughs were driven by big data analytics and artificial intelligence.
The government wants to empower the Information Commissioner to promote the responsible use of data to stimulate innovation and economic growth and for Mr Edwards to bring a new perspective to the role alongside his wealth of data regulatory experience and 20-year career practising and specialising in information law.
His experience overseeing an independent country’s unique data regime also deemed ‘adequate’ to the EU’s General Data Protection Regulation (GDPR) will be vital.
He will be able to help the UK achieve its aims of maintaining equivalence with the EU’s data standards, so personal data can continue to flow freely, while developing a new pro-growth approach to data law.
The UK’s future data protection regime
The UK is already a highly connected hub for data flows and consulting on reforms to UK data law will help build on this strength to ensure the country is the best place in the world to start and grow a digital business.
The government wants to improve the UK’s data protection regime to make it even more ambitious and innovation-friendly while still being underpinned by secure and trustworthy privacy standards. It believes improved data sharing can help deliver more agile, effective and efficient public services and help make the UK a science and technology superpower.
For example, NHSX’s national database of chest X-Rays and images taken from hospital patients is being made available to researchers, clinicians and all those wanting to investigate COVID-19. This is helping professionals better understand the disease and develop technology enabling faster patient assessment and care in A&E, ultimately saving time and lives.
In the coming weeks the government will launch a consultation on changes to break down barriers to innovative and responsible uses of data so it can boost growth, especially for startups and small firms, speed up scientific discoveries and improve public services.
The consultation is expected to include the role of the Information Commissioner’s Office (ICO) so it can be empowered to encourage the responsible use of data to achieve economic and social goals as well as preventing privacy breaches before they occur.
The proposal comes after the UK launched its Innovation Strategy and a plan to make the country a global leader in innovation-focused digital regulation to help cement the UK’s position as a world-leader in science, research and innovation.
Notes to editors:
*Based on the UNCTAD definition of data-enabled services sectors.
Unlocking the power of data is one of the government’s 10 tech priorities.
Last year the government published its National Data Strategy to build a world-leading data economy that works for everyone.
In the strategy the government committed to championing the international flow of data, which fuels global business operations, supply chains and trade. It also plays a wider societal role, as the transfer of personal data ensures people’s salaries are paid and helps them connect with loved ones from afar.
A consultation asked the nation to help shape the core principles of the strategy and the UK’s ambitions for the use of data, including plans for new data adequacy arrangements. Respondents expressed broad support for UK adequacy assessment plans and the government’s international vision to position the UK as a global champion of safe and secure data flows.
The US was identified as a priority country with which to secure an adequacy arrangement, particularly in light of the disruption caused by last year’s ruling by the EU Court of Justice which invalidated the EU-US Privacy Shield adequacy arrangement.
The Republic of Korea and Australia were also cited as priorities and there were calls for the UK to explore potential arrangements with emerging markets in Africa, the Middle East, South America and the Indian Subcontinent.
Earlier this year, the government made clear its intention to expand the list of adequate destinations in line with its global ambitions and commitment to high standards of data protection.
This includes the United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre and Colombia. Future partnerships with India, Brazil, Kenya and Indonesia are also being prioritised.
The UK has significant total trade, services trade, and data dependent trade with Australia, which is in the top 10 of the UK’s largest trading partners without any form of adequacy arrangement in place.
Australia has a rapidly growing digital market and tech sector focused in the main cities and a growing number of successful global tech companies.
Australia has a strong data protection regime, which is designed to foster transparent and robust personal data handling practices and business accountability.
Colombia is the third largest economy in South America and has seen strong economic growth and development over the past decade (among the strongest in Latin America and Caribbean). It was the UK’s third largest trading partner in South America in 2019.
Colombia’s green infrastructure push is attracting UK investment and involves outsourcing for engineering and marketing staff, key data driven industries.
UK and Colombian companies and universities collaborate in pharmaceuticals and intellectual property, for example for Covid-19 clinical trials. Such collaboration requires the cross-border transfer of personal data.
Colombia operates a comprehensive data protection framework that incorporates many principles and rights contained in UK legislation.
Dubai International Finance Centre
Dubai International Finance Centre has strong links with UK financial services, and is one of the most reputable and recognised centres for investment in the region.
The Dubai International Finance Centre has developed a strong data protection law that contains similar principles and protections to UK law.
The United Arab Emirates is the UK’s largest export market in the Middle East and the 18th biggest globally, and the UK’s sixth largest export market outside the EU.
There are 5,000 British companies operating in the UAE, many of which depend on data transfers, including BP, Shell, Rolls Royce, BAE Systems, SERCO, Standard Chartered, HSBC and John Lewis / Waitrose. 107 entities in the DIFC are branches of businesses based in the UK. 16% of DIFC’s financial service companies are originally based in the UK.
DIFC has several Memoranda of Understanding with a number of UK regulators and UK organisations such as the Financial Conduct Authority.
Republic of Korea
The Republic of Korea has a comprehensive data protection framework that has many parallels with the principles and rights contained in UK data protection law.
Both the UK and the Republic of Korea were founding members of the D9 (previously D5 and D7), the world’s leading digital governments network and cooperate bilaterally on a number of digital and tech issues such as creative industries, AI, and 5G.
In the four quarters to Q2 2019, Republic of Korea was the UK’s 24th largest trading partner, accounting for £13.7 billion or 1.0% of total UK trade in goods and services.
Singapore is the UK’s biggest trading partner in South East Asia and is a like-minded, innovative and forward-looking partner with nearly 5,000 UK companies open a base in Singapore or use Singapore as a headquarters for their Asia business.
Between 2016 and 2019, UK services exports increased by £1.3 billion with 70% of these exports delivered remotely.
Singapore has a strong private sector data protection regime which has evolved to suit the increasingly digital world on which the global economy relies.
United States of America
The US is the UK’s most important national trading partner in data-enabled exports. 92% of the UK’s service exports to the US are data-enabled, amounting to £67.03bn, and the government is working to remove barriers with the US to enable easier data-enabled flows and help support this strong trading relationship.
The UK government intervened in the Schrems II ruling last year. The Court of Justice of the European Union invalidated the Privacy Shield, which was a critically important framework for transatlantic data transfer. The UK government made clear it was disappointed in that ruling and it has heard from stakeholders how important it is that there is a solid and seamless mechanism for data transfers to the US.