IRSG Response – DCMS consultation “Data: a new direction”

Published 29 Nov 2021

The IRSG welcomes the opportunity to respond to this consultation on the UK's future legislative and regulatory data regime. The government has proposed a range of reforms, which are wide-ranging and complex. The points set out in this response represent the consensus among our members.  

We wish to make the following general observations: 

  1. The IRSG recognises and supports the government's intention to create a "pro-growth and pro-innovation data regime whilst maintaining the UK’s world-leading data protection standards." Whilst we agree that there are targeted opportunities to streamline and optimise the current regime, it is important to acknowledge that implementation of the existing regime has been largely successful and that removing its features ‘in bulk’ might cause uncertainty for both data subjects and businesses. 
  2. IRSG members do not wish to see increased compliance costs, especially since the government takes the view that organisations currently complying with the UK GDPR and the Data Protection Act 2018 ("DPA") regime are likely to be compliant with the proposed new framework. 
  3. We welcome the stated policy objective of increasing digital trade with other countries and agree that expanding the number of adequacy decisions will support this objective. At the same time, our members would like to emphasise the importance of ensuring such expansion takes into consideration both: (i) the ongoing robust protection of personal data; and (ii) the importance of maintaining the current EU adequacy decision.  Many of our members have emphasised the risks associated with the introduction of obstacles to the free flow of data between the UK and EU.
  4. IRSG members consider that the continued independence of the ICO is paramount. Regardless of how the government structures the statutory framework for the ICO, as a matter of good regulation and good principle (and to avoid endangering the EU adequacy decision), it should maintain the independence of the ICO.  
  5. While we have answered each question individually, our answers should be read as a whole setting out the totality of protection standards that we consider appropriate.