Britain is aiming for leadership in global data protection, says new watchdog boss

The UK will take the lead in holding big tech accountable in a post-Brexit Britain without cumbersome European data regulations, according to John Edwards, the UK’s newly appointed information watchdog.

Edwards said Europe’s general data protection regulation has introduced “quite a lot of friction and delays” into the system, particularly its “one-stop-shop” mechanism that centralizes enforcement of the rules in the EU country where the company is headquartered to have.

“Leaving the EU offers considerable opportunities. [T]he one-stop shop. . . is an area where the GDPR hasn’t worked the way its designers hoped,” he told the Financial Times in his first interview since taking office earlier this month.

“As the only regulator, we can move faster, and in a fast-paced digital environment, that too is critical to innovation.”

The former New Zealand data protection commissioner and lawyer said his office will have a “keen oversight focus” on tech companies with data-dependent business models like Google and Meta.

“Privacy has placed the responsibility on the individual for too long,” he said. “We suddenly realize . . . We need to get companies to open up and be honest about their business models, about the implications of these data transactions that people are making in an increasingly complex and technical world.”

Edward’s comments come at a time when Ireland’s data protection authority, which oversees US giants like Google, Facebook, Microsoft and Twitter, is under attack from both other European regulators and its own government for failing to take action against US companies accused of breaking the law.

Last July, the Irish Parliament published a report calling for the regulator to be reformed, urging it to start enforcing the GDPR amid “fears that citizens’ fundamental rights are at risk”.

The UK’s new commissioner hopes to use his platform to drive large-scale changes in the way tech companies work, even beyond UK borders, by playing “a leadership role in the digital economy”. He referred to the Children’s Code, a sweeping set of new regulations proposed by the ICO last year to protect children’s privacy online. The biggest social media platforms, including YouTube, Instagram and TikTok, announced changes related to children’s privacy ahead of the code’s enforcement in August.

“It was absolutely world-leading. This is a really good example of a targeted intervention that has had and will have a global impact,” he said. “Children accessing digital services will benefit from this regulation, whether in Australia, India, Botswana or Uruguay.”

Edwards’ tenure begins as the UK seeks to chart its own course on internet regulation after leaving the EU. The government has announced plans to rewrite its data laws that deviate from the EU GDPR. It is also in the process of ratifying a landmark new online safety law.

“There are positive aspects to the proposed reforms,” ​​Edwards said, referring to data regulations. “I think we can offer more security and flexibility [to businesses] without endangering the fundamental rights of people in the UK.”

Experts have warned that by deviating from data protection standards required by the EU in exchange for the free flow of data between the two regions, a concept known as “adequacy”, the UK risks hurting businesses and citizens.

However, Edwards said he was not concerned that the UK-EU data relationship was at risk. “I don’t think anything in the reform proposal would jeopardize the adequacy,” he said.