CIPL sends response to UK DCMS nationwide information technique session
On December 2, 2020, the Center for Information Policy Leadership (“CIPL”) in Hunton Andrews Kurth submitted its response to the UK National Data Strategy (“NDS”) of the UK Department for Digital, Culture, Media and Sport (“DCMS”). Consultation.
In June 2018, the UK DCMS Foreign Secretary announced the UK Government’s intention to develop an NDS that would unleash the power of data in government and across the economy while building citizen confidence. The aim of the NDS is to advance the collective vision that will help the UK build a world-leading data economy, and to ensure that people, businesses and organizations trust the data ecosystem and have sufficient skills to work effectively in and gain access to it high quality data when you need it.
In its response, CIPL highlighted several considerations for the DCMS in the further development and implementation of its NDS:
- The role of the British central government This is critical to formulating, promoting or supporting appropriate policy and legal frameworks to improve access to data for all relevant economic actors in all sectors. The UK Government should continually encourage constructive engagement from these actors as well as regulators.
- Interpretation of the UK data protection framework should be compatible with the inherent principle-based, results-based and risk-based approach of the UK Data Protection Act 2018 in order to keep it fit for its purpose in a digital economy and society where only the importance of data matters.
- Coordination between data protection and other legal areas. The UK government also needs to look at how the data protection regime fits in with other areas of digital law and politics, including consumers, competition, AI, online harm, platform / content and cybersecurity.
- Accountability and a risk-based approach should be included in the NDS (e.g. based on existing experience under GDPR and UK Data Protection Act 2018) as this concept is relevant to all areas of digital and data regulation, especially in relation to the development and use of AI and data exchange.
- Promote accountability. Consistent with behavioral economics nudge theory, government must create incentives to encourage and reward those organizations that implement and are able to demonstrate accountability in their data use and management.
- Data transfer between public and private organizations should be made possible through a framework based on demonstrable and enforceable organizational accountability and its essential elements. The UK ICO should work with organizations to develop a responsible data sharing framework that can work with UK Data Protection Act 2018 and 2018, which is in line with the ICO’s recently published Accountability Framework.
- Interoperability. A UK data strategy must be developed with global interoperability and collaboration in mind if the UK is to create a truly attractive political environment for its data economy.
- Innovative supervision. An innovative and forward-looking UK data strategy should include innovative oversight of regulation that includes regulatory sandboxes and data review bodies.
- Codes of Conduct and Certifications should be promoted and implemented, especially programmatic certifications that certify an entire data protection management program, both for domestic compliance and for cross-border transmission purposes.
- International data transfer should be made possible and facilitated, for example by unlocking the potential of binding corporate rules as an international data transfer tool, as well as standard contractual clauses, codes of conduct and certifications that should be interoperable with data protection regulations in other regions. The adequacy results should be prioritized taking into account the greatest impact on the UK economy and the complexity of the analysis.
- Center for data ethics and innovation. This new organization should complement and support the ICO and other regulators, but with a separate and different role that could focus on thought leadership to enable the regulation of AI, data-driven technologies and all modern computing activities.
Download a copy of CIPL’s full answer.