How the UK can lead the way in data security and privacy post-Brexit

Oliver Dowden, the new Culture Secretary, wants the UK to be an “unashamedly pro-tech nation” after Brexit, and vows to champion the open use of data and take a “pro-innovation approach to governing tech”.

This comes at a time when large US tech companies like Google and Facebook are moving the data of UK citizens to the US citing Brexit as the reason. This raises significant questions around privacy and compliance with the EU’s GDPR. The ongoing Brexit negotiations have also caused uncertainty around the UK’s own relationship with, and commitment to, GDPR and other privacy and data security standards and legislation.

There is a danger in being ‘pro-innovation’ that the UK swings towards being laxer with personal data security and closer to the US model rather than the EU’s tighter controls. Indeed, far from running away from increased accountability around data security and privacy, the UK can lead the way post-Brexit.

GDPR actually created an opportunity that the UK can build on. As Owen Geddes, co-founder, Screen Moguls says, “GDPR bought in sorely needed consumer protection at a time when there was a free for all in ad-tech. That regulation scared many data companies out of Europe, but those that remained became fitter and more transparent as a result.”

Has Brexit made UK data protection and the right to privacy more uncertain?

Brexit has complicated the UK’s stance on data protection and consumers’ right to privacy. Where the country goes now will depend on a deal with the EU — will politicians stick with a strong stance on a right to privacy or will they pivot? Read here

But there are other areas where the UK has the opportunity to go further, take ownership of important debates, and lead the world. Privtech Nation, a group of privacy and data security advocates in the UK highlights opportunities including:

• Group privacy — GDPR is focused on individual rights but the UK could lead in helping define what group privacy rights should exist.
• Auditing services — for example, the UK Information Commissioner’s Office (ICO)’s “Accountability Toolkit” could lead to robust auditing services being developed and there is an opportunity to develop standards around auditing SDKs, libraries, services, APIs etc.
• AI and data ethics — the UK is already showing leading thinking in this area via the Royal Society, the Turing Institute, the Open Data Institute (ODI) and the Centre for Data Ethics among others.
Cyber security excellence — again, the UK’s National Cyber Security Centre (NCSC) is already distinguishing itself as a centre of excellence in cybersecurity and the UK can build on this leadership position.
• Anti-money laundering (AML) and financial crime — evolving how encryption techniques known as privacy enhancing technologies (PETs) can facilitate the sharing of information to counter money laundering (which currently only has a 1% success rate for detection) and financial crime but still remain compliant with data security laws. The UK’s Financial Conduct Authority (FCA) is doing progressive work here e.g. its latest TechSprint.

The UK has a reputation for innovation and invention, for smart engineering and considered design. The UK has a reputation for its legal system, for the respect of law, for democracy, for upholding justice and fairness. The UK has a reputation for its professional services, for certain levels of professional discretion and protection.

As the UK seeks to carve out its own identity on the world stage post-Brexit surely the greatest opportunity is to build on the global reputation it already has and, combined with emerging areas of excellence around data and AI, becoming a world leader in privacy and data security.

Written by Ashley Friedlein, CEO and founder, Guild

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at