The writer is vice-president and chief strategy adviser at the Open Data Institute
The UK is at a fork in the road when it comes to the business of data processing. Post-Brexit, there is an opportunity for the UK to become a centre of excellence in digital security, data governance and trust. Or there is another path, one in which we discard regulatory measures such as the general data protection regulation and, possibly, our reputation.
Much has been made of the UK becoming a “Singapore upon Thames” with laissez faire business regulation. But if standards in data processing are undermined, the country would be more like a digital Cayman Islands — an unregulated place where huge amounts of data can be collected and processed without scrutiny.
The government’s task force on innovation, growth and regulatory reform, led by Iain Duncan Smith, has called for the replacement of EU data protection law GDPR, as it “overwhelms people with consent requests and complexity”. But why would we seek to remove what is already seen as the gold standard of data protection? GDPR isn’t perfect but we should use the opportunity given by leaving the EU to build on it, accelerate innovation in data governance and enhance the UK’s reputation as a place to do digital business ethically.
Reducing data regulation might make the UK attractive in simple economic terms. Compliance costs for businesses and governments could be slashed. But trust in the UK would be similarly diminished and, for individuals, it would mean our lives would become further surveilled through data collection we have little control over.
Over time, this could lead to big names and blue-chip companies abandoning the UK for fear of reputational damage. The Apples and Microsofts of the world recognise the competitive advantage of protecting people’s privacy. They would be hesitant to process data in an environment where customers may see personal data as being at risk.
It’s not just the reaction of businesses that we should be thinking about. A recent declaration from the G7’s digital and technology arm includes a commitment to “data free flow with trust”. These multinational agreements seek to stop countries from forcing businesses to operate data centres locally: a nightmare for a digital business trying to operate internationally. But countries put these restrictions in place because of a lack of trust over what might happen to data exports, especially about their citizens. If the UK were to slash its own standards, then we would over time risk losing access to international digital markets.
The UK’s data protection regime instead requires reinforcing. Innovating in new types of data services that build trust, particularly around audit and assurance, is the way forward. The existing service economy will need to adapt to a world in which data has a new importance. Accountancy needs to work out how to properly value data on the balance sheet.
Property services need to describe the ownership of data sets generated by sensors that are becoming embedded in our physical infrastructure, such as smart thermostats. Auditors need to be able to examine the acquisition, use and sharing of data, as well as the algorithms and artificial intelligence that it fuels. Services like these will be necessary the world over. The UK has an opportunity to build on its existing strengths to provide them.
Put simply, the competitive advantage for the UK is rooted in high standards, trustworthiness and an ethical environment where laws are enforced and data and algorithms audited. That is where we can and should be competing. A race to the bottom is just that, with the subsequent reputational damage it brings, along with the loss of responsible tech firms, emerging digital industries and international influence. Let’s aim for the gold standard, not a tarnished bronze.