Oliver Dowden: creating our own data laws is one of the biggest prizes of Brexit

Harry Yorke
·6 min read
Oliver Dowden - Stefan Rousseau/PA
Oliver Dowden - Stefan Rousseau/PA

Just hours after formalising Britain’s divorce from the European Union last December, Boris Johnson told The Telegraph that Brexit would allow Britain to do things differently.

But almost nine months on, many Brexiteers are beginning to ask if and when the Prime Minister intends to exercise these newfound freedoms.

It perhaps explains why Oliver Dowden is so upbeat about proposals, due to be published next month, which will overhaul EU data rules and replace them with a new “light touch” British framework.

The plans are seen by the Culture Secretary as the “data dividend” of Brexit - one which will spur growth in the increasingly important sphere known as the digital economy.

While the true meaning and value of data is difficult for many people to comprehend, it is becoming fundamental to the economy and the services we depend on.

Its use therefore poses significant questions about the privacy of individuals, which is why countries around the world have introduced stringent regulations in recent years.

But when harnessed properly, Mr Dowden says data is the “oil” that will power 21st century Britain, where digital industries are now contributing £149 billion annually and growing rapidly.

It is why he sees reform as “one of the big prizes of leaving”.

UK set to diverge from GDPR laws

Sitting in his Whitehall office, Mr Dowden outlines a three-pronged strategy to achieve this, the first of which will see the UK diverge in key areas from the General Data Protection Regulation (GDPR).

The key principles of GDPR are that businesses must have appropriate legal grounds for processing personal data and can only collect it for a specific purpose without seeking fresh consent.

But critics argue that much of the red tape imposed on businesses is having a stifling impact, while providing little benefit in terms of data protection.

“There’s an awful lot of needless bureaucracy and box ticking and actually we should be looking at how we can focus on protecting people’s privacy but in as light a touch way as possible,” Mr Dowden says.

Oliver Dowden - Paul Grover for the Telegraph
Oliver Dowden - Paul Grover for the Telegraph

Reeling off examples of where GDPR is not working, Mr Dowden says that in June the Church of England warned that churches were being prevented from sending parish newsletters to advertise upcoming jumble sales because it risks being classed as marketing and therefore needs prior consent from recipients.

As a constituency MP, he adds that he was unable to take on casework from his predecessor because he lacked the necessary consent.

And in the field of scientific research, he says current rules are limiting scientists' ability to pursue slightly different avenues to their original plans without seeking fresh permission.

Whether people should have to repeatedly provide consent for similar functions will therefore be a central part of the consultation.

Mr Dowden is also concerned that many small businesses and charities are being overwhelmed by the sheer number of checks they must undertake and is determined to move away “from a one-size-fits-all model”.

“We should not expect exactly the same from a small family run business as we do from a massive social media company,” he adds.

Lastly, he plans to do away with “endless” cookie banners, the pop-up notices that appear when entering a website to acquire your permission to store personal information about you.

While cookies which pose a high risk to individuals’ privacy will still require consent notices, the Culture Secretary says that many of them are “pointless” and should go.

Some critics will claim that this risks opening the floodgates to greater online profiling and the amassing of personal data by faceless corporations.

But Mr Dowden argues this is not a slash and burn exercise and that “we can still ensure that high standards of privacy are protected”.

Clash brewing with Brussels

The UK incorporated GDPR during the Brexit negotiations, leading to the EU agreeing to four-year data adequacy agreements earlier this year, covering lucrative commercial transfers and law enforcement cooperation.

But Brussels, which believes its regulation has been instrumental in driving up global privacy standards, has made clear it can terminate the agreements at any time.

Doing so could lead to many UK firms facing costly additional bureaucracy in order to continue transferring data across the Channel.

Asked whether he is prepared for this, Mr Dowden argues there is “absolutely no reason why the EU needs to change that determination” and there are “no grounds whatsoever to say we’ve somehow watered down our privacy protections”.

However, when pressed, he adds: “We’re an independent country and we will determine the way forward based on what is in our national interest. Japan is data adequate, New Zealand is data adequate, they have their own rules.”

Shakeup of data watchdog

The fact that New Zealand’s data regime has been approved by the EU is not lost on Mr Dowden, which is why he has appointed John Edwards, the country’s current privacy commissioner, to head up the UK’s own Information Commissioner’s Office.

Mr Edwards will replace the outgoing commissioner Elizabeth Denham, who has faced accusations of chasing headlines instead of focusing on core issues.

Mr Dowden quickly skips over the subject of Ms Denham’s tenure, stating that watchdog is moving onto a “new chapter”, although he admits he has been frustrated with how it has operated in the past.

Elizabeth Denham - JULIAN SIMMONDS
Elizabeth Denham - JULIAN SIMMONDS

“One of the big complaints we get, and I’ve seen it myself in Government, is the ICO kind of hovers and you don’t know if you have done something wrong until after you’ve done it,” he says.

The New Zealander, who has talked about making privacy “easy” to comply with, is seen as the ideal man to ensure it takes a “more open and transparent and collaborative approach” in future dealings with business.

To this end, ministers are exploring whether the watchdog should have to carry out economic impact assessments, which Mr Dowden says will ensure “it understands what the cost is on business” before introducing new guidance or codes of practice.

UK to strike new international data partnerships

The final strand will see the Government set out to strike a series of data partnerships with non-EU countries to better facilitate cross-border data flows.

These transfers are crucial to everything from GPS navigation, online banking and retail, through to law enforcement cooperation and the sharing of life-saving scientific research.

The Government is prioritising six agreements with the US, Australia, Colombia, Singapore, South Korea and Dubai. But in the future it also intends to target the world's fastest growing economies, among them India, Brazil, Kenya and Indonesia.

“The EU have had this power for 20 years, but they’ve dragged their feet,” Mr Dowden says. “They’ve only agreed with 13 countries in that time. I think we can go much further and faster.”

While the true extent of the Government’s plans will only become clear when they are published in September, it is inevitable that they will spark intense debate in Brussels, as well as among privacy campaigners and those who believe they do not go far enough.

However, Mr Dowden argues that combined, they will enable Britain to set the “gold standard” in data regulation, “but do so in a way that is as light touch as possible”.

What is beyond dispute is that, finally, after nine months of waiting, Brexiteers finally have something to talk about.