The writer is secretary of state for Digital, Culture, Media and Sport
As you read this, thousands of people are receiving a message that will change their lives: a simple email or text, inviting them to book their Covid jab. But what has powered the UK’s remarkable vaccine rollout isn’t just our NHS, but the data that sits underneath it — from the genetic data used to develop the vaccine right through to the personal health data enabling that “ping” on their smartphone.
After years of seeing data solely through the lens of risk, Covid-19 has taught us just how much we have to lose when we don’t use it.
As I launch the competition to find the next Information Commissioner, I want to set a bold new approach that capitalises on all we’ve learnt during the pandemic, which forced us to share data quickly, efficiently and responsibly for the public good. It is one that no longer sees data as a threat, but as the great opportunity of our time.
Until now, the conversation about data has revolved around privacy — and with good reason. A person’s digital footprint can tell you not just vital statistics like age and gender, but their personal habits.
Our first priority is securing this valuable personal information. The UK has a long and proud tradition of defending privacy, and a commitment to maintaining world-class data protection standards now that we’re outside the EU. That was recognised last week in the bloc’s draft decisions on the ‘adequacy’ of our data protection rules — the agreement that data can keep flowing freely between the EU and UK.
We fully intend to maintain those world-class standards. But to do so, we do not need to copy and paste the EU’s rule book, the General Data Protection Regulation (GDPR), word-for-word. Countries as diverse as Israel and Uruguay have successfully secured adequacy with Brussels despite having their own data regimes. Not all of those were identical to GDPR, but equal doesn’t have to mean the same. The EU doesn’t hold the monopoly on data protection.
So, having come a long way in learning how to manage data’s risks, the UK is going to start making more of its opportunities.
Right now, too many businesses and organisations are reluctant to use data — either because they don’t understand the rules, or are afraid of inadvertently breaking them. That has hampered innovation and the improvement of public services, and prevented scientists from making new discoveries. Clearly, not using data has real-life costs.
The next Information Commissioner will not just be asked to focus on privacy, but also empowered to ensure people can use data to achieve economic and social goals. The pandemic was full of such examples, like hospital trusts sharing lung scans to improve coronavirus treatment methods. Data has many such wider societal benefits, and as we emerge from the pandemic, the UK has an opportunity to be at the forefront of global, data-driven growth.
Now we’ve left the EU, we have the freedom to strike our own international data partnerships with some of the world’s fastest growing economies. There is a huge prize to be won here: according to initial government estimates, £11bn of UK service exports currently go unrealised due to barriers to international data transfers. The EU has been slow to act on this, declaring only 12 countries “adequate” in the past few decades. By being more agile, the UK can capitalise on a multibillion-pound opportunity to boost trade in sectors where physical distance is no object. I will shortly announce our priority countries for data adequacy agreements.
Appointing a new Information Commissioner is just the first stage in this process. But it will mark the beginning of a new era in the UK — one where we start asking ourselves not just whether we have the right to use data, but whether, given its potential for good, we have the right not to.