The UK will take the lead on holding Big Tech to account in a post-Brexit Britain free of cumbersome European data rules, according to John Edwards, the UK’s newly appointed information watchdog.
Edwards said Europe’s general data protection regulation had introduced “quite a lot of friction and lag” into the system, particularly its ‘one-stop shop’ mechanism which centralises enforcement of the regulations in the EU country in which companies are headquartered.
“Coming out of the EU does present considerable opportunities. [T]he one-stop shop . . . is one area that GDPR has not worked as its designers would have hoped,” he told the Financial Times in his first interview since taking the post earlier this month.
“We, as a single regulator, can be more fleet of foot, and in a fast-moving digital environment, that too is critical for innovation.”
The former New Zealand privacy commissioner and barrister said his office would have a “sharp supervisory focus” on tech companies with business models that are dependent on data, such as Google and Meta.
“For too long, data protection has put the responsibility on individuals,” he said. “We’re suddenly realising . . . we have to make companies open up and be honest about their business models, about the consequences of these data transactions people are entering into, in an increasingly complex and technical world.”
Edwards’ comments come at a time when the Irish data protection authority, which oversees US giants such as Google, Facebook, Microsoft and Twitter, has come under attack both from other European regulators and its own government, for failing to take action against US corporations accused of breaking the law.
Last July, the Irish parliament published a report calling for reform of the regulator, and urged it to start enforcing the GDPR because of “fears that citizens’ fundamental rights are in peril.”
The UK’s new commissioner hopes to use his platform to push large-scale change in how tech companies operate, even outside of the UK’s borders by playing “a leadership role in the digital economy”. He pointed to the Children’s Code, a sweeping set of new regulations proposed by the ICO to protect children’s data online last year. The largest social-media platforms, including YouTube, Instagram and TikTok, announced changes related to children’s privacy in advance of the code’s enforcement in August.
“That’s been absolutely world-leading. That’s a really good example of one targeted intervention that has had and will have a global influence,” he said. “Children accessing digital services will benefit from this regulation, whether in Australia, India, Botswana or Uruguay.”
Edwards’ tenure begins as the UK looks to chart its own course on internet regulation after leaving the EU. The government has announced plans to rewrite its data laws, diverging from the EU’s GDPR. It is also in the process of ratifying a landmark new law on online safety.
“There’s positives in the proposed reforms,” said Edwards, referring to the data regulations. “I think we can provide greater certainty and flexibility [to businesses] without putting at risk fundamental rights that people have in the UK.”
Experts have warned that in diverging from the data protection standards required by the EU in exchange for the free flow of data between the two regions, a concept known as ‘adequacy’, the UK risks hurting businesses and citizens.
However, Edwards said he was not concerned about the UK-EU data relationship being endangered. “I don’t believe that anything in the reform proposal would put adequacy at risk,” he said.
