The Government data protection paper published today is a welcome step in the right direction, setting out the vital need for the UK to remain a global leader on data protection by promoting both the flow of data internationally and high levels of data protection rules.
These issues may not dominate headlines or stir public debate relative to immigration or sovereignty, but are nonetheless key to a prosperous future outside the EU. However, they have remained out-of-sight and out-of-mind for too long when the stakes couldn’t be higher. Not only for our future competitiveness outside the EU, but for our national security.
As the paper highlights, the UK is a leading player in global data flows, accounting for 11.5 per cent of global cross-border data flows, and the fast-growing digital economy – worth £118 billion in 2015.
Staggering, really – to think it was just over four decades ago when Queen Elizabeth II was one of the first heads of state to transmit real-time electronic data over national borders, sending an email under the username “HME2.”
Or that global cross-border data flows were nascent just 15 years ago and now account for $2.8 trillion of the $7.8 trillion total flows of goods, services, finance, people and data.
But at present, 75 per cent of current data flows are with EU countries. Therefore, it must be a red-line early on in negotiations that we recognise each other’s data protection frameworks from the point of exit. This must be before negotiating a new agreement that allows us the freedom to trade freely with new and fast-growing economies around the world.
The second, and less-explored, issue raised in this paper is the potential for the UK to be a global pioneer of digital innovation, just as Queen Elizabeth II was a pioneer of the internet back in 1976.
There can be no doubt; the exponential growth witnessed affects us all – circulating ideas, content and new innovations to all corners of the globe, with scant regard for traditional rules or markets. At the same time, it has stoked the threat of cyber-attacks, data breaches and risks to national security.
If we get the next few years right, the UK could set the gold-standard for both allowing digital innovation to thrive, while appropriately balancing online responsibility and security.
This is no easy task, but it is vital if we are to move away from the protectionist mindset of the EU and attract new global opportunities.
The first test for the Government will be the upcoming Data Protection Bill this September, which needs to set out how the UK will handle the derogations under the new EU General Data Protection Regime (GDPR), which will apply to all EU Member States from May 2018 and updates the 1995 Data Directive (from the days of dial-up internet connections). It will also set out how the UK will implement the PCJ Directive on data processing for law enforcement, which governs how data should be processed for law enforcement purposes covering both controllers (e.g. the police) and processors (e.g. a startup doing smart data analytics on behalf of the police). A new framework for data processing for national security purposes will also be set out.
No easy task, especially as the GDPR could have a significant impact on our most innovative fast-growth startups, who face the highest resource implications as they lack the in-house capabilities to adapt. Especially as the last Data Protection Act was passed way back in 1998, before the days of even Google and Facebook.
At this time of intense upheaval, the Government must avoid any moves towards digital protectionism in the name of “robust safeguards.” Now is not the time to create self-imposed digital barriers, but to do all that is possible to create a regulatory landscape that encourages growth, innovation and scale. We led the way before. We can do it again today.