UK Parliament / Open data

Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020

It is a thrill to be speaking here this evening. This is my first speech in Grand Committee; I feel as if the set has been designed by Stanley Kubrick, but I will try to give my comments as reasonably as I can. I feel as if I am giving my second maiden speech, so I hope that all subsequent speakers will lavish me and my speech with extraordinary praise.

I begin by saying how enjoyable it is to follow the noble Lord, Lord McNally, who may or may not still be watching the proceedings. He and I indeed worked closely together in the coalition Government on data protection, and in fact it was he who first turned me on to the subject. One of my last acts as a Minister was to grab it and take it over to DCMS to try to realise my vision of DCMS becoming the leading department on digital.

As may have been gathered, data is an extraordinarily dull subject, particularly when it comes to regulations and legislation, but it is true, as the noble Lord, Lord McNally, said, that it is often called the new oil. The reason is that data flows ever more generously around our world; in fact, I am told that the size of the digital universe is now 44 zettabytes, which is 44 times bigger than our physical universe. There are 500 million tweets a day—mostly from President Trump; 294 billion emails a day; 5 billion searches; and 65 billion WhatsApp messages—mostly, no doubt, from Dominic Cummings. It is therefore quite clear that data dominates everything, and there need to be clear rules on how it is used and how it is harmonised across jurisdictions. Data is the new trade route. In fact, the UK, as in so many areas in technology, leads the EU; about 4% of our gross domestic product is now dependent on data companies and industries.

The noble Lord, Lord McNally, rightly spent some time talking about the GDPR. The GDPR is of course a bureaucratic and onerous regulation, but the new version of it came into being just at the time when the “techlash” was gathering momentum, when concern about one’s data, the way that it was used and the privacy surrounding it was very much at the forefront, and the GDPR is now seen as a bit of a gold standard. In any event, one of its unassailable merits is that it is now valid across 27 different jurisdictions in the EU, which means that any company using data within the EU knows that it can transfer across different countries. It has been copied in other states, even in countries such as South Korea, which is seen as a technology leader, while California’s recent passing of its own privacy law is very much dependent on the GDPR. Bureaucratic it may be, but it has become a model.

One of my concerns, though, about the GDPR is that it is not being used effectively by privacy regulators. I gather that only 3% of the 680 staff at our own Information Commissioner’s Office are tech specialists,

and there is so far a failure to use the powers of the GDPR, for example, to take on big tech in the way it transfers the data of citizens between its applications. Think about the way that Facebook and Instagram share data. If the Minister wishes to comment on the ICO and its use of the GDPR, that would be welcome.

Of course, what the noble Lord, Lord McNally, also referred to is probably the most important thing and relevant to these regulations: equivalence across different countries and trade blocs. I notice that Japan recently agreed equivalence with the EU, thus surrendering, perhaps, some of its sovereignty to the EU without throwing a temper tantrum. We have not yet agreed equivalence with the EU, and I am told that if we do not reach a deal then the EU will start to consider data adequacy with us only when we become a third country. That will lead to chaos—chaos, I have to say, compounded by the decision of the European Court to reject the Privacy Shield between the United States and the EU. You have a three-way pile-up, with the UK caught somewhere in the middle.

However, there is some cause for optimism in the very dull subject of data. I unequivocally welcome the Government’s recently published National Data Strategy. Launched in September, it addresses some of the real opportunities that the data economy presents. The idea of standardising data across the public sector is extremely welcome, and being able to share data across silos to realise real gains is also very welcome indeed. The focus on data skills and training people in data and in the responsible use of data is a good thing. Some think perhaps that the national data strategy is not ambitious enough. I do not share that view. I think it is a welcome first step and, if implemented properly, will maintain our leadership in this very important area.

However, horizon-scanning ideas are beginning to emerge—for example, the need for companies to value their data. It is astonishing if you look at the accounts of big tech that nowhere will they put a price on the enormous amount of data they harvest from their users. If you put a value on data, you might see companies work harder to make it more secure and—dare I say it or whisper it—it might even be possible for national Governments to tax that data. The wealthiest people in the world really are data billionaires, rather than anything else.

The other emerging idea is that of data trusts. They are a bit like a pension trust where you can put data into, as it were, a separate part of a company and have it governed separately. This could help small companies manage their data more effectively and create whole new industries. For me, all this is very exciting and brings me back to the point to thank the noble Lord, Lord McNally, for first turning me on to data.

6.35 pm

About this proceeding contribution

Reference

807 cc610-1GC 

Session

2019-21

Chamber / Committee

House of Lords Grand Committee
Back to top