The UK Government’s consultation, “Data: A New Direction” (“Consultation”), reframes the objectives for data protection in a manner not suggested for twenty yearsandchanges the trajectory for global data protection’s stated objectives.The Consultation’s “ultimate aim is creating a more pro-growth and pro-innovation data regime whilst maintaining the UK’s world-leading data protection standards.” Other jurisdictions have similar goals but are approaching them differently. The EU has put forward an ambitious digital plan but has not indicated it will amend the underlying data protection law that inhibits knowledge creation – the development of insights. Singapore has challenged conventional wisdom by designing a pathway to more exemptions to consent to enable innovation. Canada has proposed a digital agenda that requires freer data use but has not addressed the necessary corresponding data protection adjustments.
When considering the question “risk of what?” the Consultation states the opportunity cost that comes from not framing safe innovative data use as an explicit objective for data protection is a risk that must be managed. The GDPR implies that data protection includes the full range of fundamental rights, but in practice, the GDPR largely has been interpreted in a way that has focused on procedural harms related to transparency and data subject rights. The push for ethical assessments by the IAF and others has focused on the impact on stakeholders related to the full range of rights and interests. But the sweet spot for harmonization between rights to control and benefits of growth and innovation has not led to a balanced discussion.
The last real debate on the balance between growth and privacy took place in Rome nearly twenty years ago. The conference was suggested by the Italian government and was organized by the Garante under the leadership of Stefano Rodota. The purpose was to explore the balance between economics and privacy. The distinguished speakers included Congressman Cliff Stearns and two FTC Commissioners, Orson Swindle and Mozelle Thompson. The last panel of the conference was composed of Rodota, Thompson and the founder of European data protection, Professor Spiros Simitis. Thompson discussed the balancing points between economics and privacy. Simitis, on the other hand, defended privacy and data protection as rights fundamental to freedom and thought it was crass to even suggest economics should be factored into the equation. Rodota declared Simitis the winner of the debate, and economics has not been an element of data protection since then. Consequently, persons in the EU data protection field have been cautious since that conference to suggest that economic growth has fundamental value to people that should be part of the data protection equation.
Pro-growth pro-innovation data protection standards must deter edge riders from using the term innovation to defend obnoxious and intrusive behavior. The ability to use data for innovation should require substantial safeguards. One of the results of the Consultation should be what constitutes appropriate safeguards.
The Consultation has its rough points, and it is a long way from Consultation to enacted legislation. The debate, closed for twenty years, has been reopened explicitly by the UK government. The IAF “Risk of What” Workshop is 22 September, and one of the five questions to be explored explicitly is about the Consultation:
The UK Consultation, Data: A New Direction, brings front and center data innovation by design as a co-objective with data protection by design a risk mitigation process. How does this objective get translated into policy?
The potential outcomes that drive data risk management must be articulated clearly. Too many policy leaders and regulator statements refer to intrusion on privacy when privacy is an undefinable term. Intrusion into seclusion is real. The inability to effectively exercise rights is real. Intentional obscurity of complex processing is real. The cost to society from preempting knowledge creation and research is real as well. The Consultation puts on the table the opportunity cost from ignoring safe innovative data use as a risk that must be managed.