UK's proposed data and ICO reforms are surprisingly pro-regulation

There were concerns that reforms could damage privacy and undo the GDPR. Instead, it appears that the government wants to rebuild problem areas while maintaining personal protections

The UK has expanded on its promise to institute a new data regime based on 'common sense' rather than 'box ticking', and given more detail on its plans to overhaul the Information Commisioner's Office (ICO).

While the talk of 'common sense' follows the Conservative party line, it appears that the plans don't (entirely) stem from pro-Brexit thought: there is a commitment to maintain public security and privacy, as well as a proposal to mitigate algorithmic bias in AI systems.

The new consultation runs to 19th November. As well as data reforms, it covers a new governance model for the ICO, including an independent board and chief executive to mirror the governance structures of other UK regulators, like the the Competition and Markets Authority (CMA), Financial Conduct Authority (FCA) and Ofcom.

This sounds good, but the ICO is a respected data regulator and the government must take care to ensure its independence is not compromised by the desire to drive growth.

On the subject of growth, there have been fears that the UK's proposed approach to scrapping 'red tape' around data could lower personal privacy. However, a stated aim of the plan is to put protection 'at the heart of the planned data reform'. The proposal states, 'Far from being a barrier to innovation or trade, regulatory certainty and high data protection standards allow businesses and consumers to thrive.'

One of the goals is to 'reinforce the responsibility of businesses to keep personal information safe, while empowering them to grow and innovate'. Whether that plan survives contact with the real world, of course, remains to be seen.

The statement continues, adding that the new proposals will 'maintain the UK's world-leading data protection standards', and be built on 'key elements' of the UK GDPR and Data Protection Act. These include principles around data processing, citizens' data rights and mechanisms for supervision and enforcement.

The reforms would change certain elements of the current approach, such as the same rules applying to a sole trader as an international giant. The government says the reforms would 'allow organisations to demonstrate compliance in ways more appropriate to their circumstances'.

Bojana Bellamy, president of the Centre for Information Policy Leadership, a global information policy think tank, said:

"There is no doubt that some aspects of the GDPR do not work well, and some areas are unhelpfully obscure. For example, the rules for data use in scientific and industrial research and innovation are cumbersome to locate and analyse, hindering use and sharing of data for these beneficial purposes; it is difficult to use personal data for training AI algorithms to avoid bias; individuals' consent to data processing has been rendered meaningless through over-use; and international data flows have become mired in red tape."

Digital Secretary Oliver Dowden said, "These reforms will keep people's data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic."