If it’s all about the data, then the Data Protection and Digital Information Bill must matter, and it does. Having completed its initial Commons stages it will receive second reading in the House of Lords
today (19th December 2023). I will be exploring the vast opportunities afforded by the bill – as well as questioning the government on some of the detail. You can tune in to watch
here from approximately 11.45.
Aims of the Bill
The government stresses that this new law will maintain high data protection standards whilst cutting red tape and reducing the administrative burden on organisations. Currently the processing of people’s personal data is covered by a myriad of legal frameworks
in the UK, depending on the type of processing taking place and who is doing it. The UK GDPR and the Data Protection Act 2018 are currently key, they will be amended by this new law which puts data firmly at the heart of economic growth. The bill has three
main pillars: data protection, digital identity, and smart data.
Data protection
Some concerns have been expressed about 'Data Adequacy’, that is whether the new rules will be deemed by the EU to provide an ‘essentially equivalent’ level of data protection. The government has said that the Bill will:
- introduce a clear, business-friendly framework that incorporates the key elements and objectives of GDPR but provides more flexibility about how to comply.
- provide organisations with greater confidence about when they can process personal data without consent (and therefore when they can’t).
- clarify when safeguards apply to automated decision-making through AI technologies.
If we get it right the new regime should provide UK firms operating in the EU – and the wider international community – with confidence in the robustness of the UK’s data protection standards, save compliance costs and provide a welcome boost to international
trade.
Digital Identity
The new law paves the way for a cross-sector re-usable Digital Identity framework, providing; equivalence between digital and paper forms of identity, access to government data attributes for certified identity providers, and the certification regime itself.
Once a citizen has created a re-usable digital identity, they will, potentially, be able to re-use it to assert their identity or provide verification for something about themselves such as their age or address. This would give individuals more control over
the data points they share, rather than sharing a whole document that doesn’t allow an adjustable level of control.
I have long argued for the significant social and economic benefits of a distributed digital ID. Digital ID will be a significant driver to the greater adoption of Open Finance. A trusted and effective
citizen created digital ID could enable and empower individuals currently (or potentially) excluded from exercising their rights and accessing basic financial services. In 2011, at our last census, 17% of us had no passport, digital ID could effortlessly get
past this problem. Digital ID: no passport, no problem.
Smart Data
Data-sharing proposals in part 3 of the bill are intended to spur innovation and improve consumer outcomes by facilitating private sector data sharing across the UK economy. The potential is considerable and could include (for example) data about energy
or telecoms usage. Imagine if you could give permission to an authorised third-party provider (ATPs) about your energy usage that they then used to provide a personalised service such as automatic switching to best priced energy provider. Considering those
at the sharp end of the energy crisis, the possibility of not only shifting tariffs but, potentially, helping people avoid getting stuck with the higher costs of prepayment meters. Enabling consumers and expunging the pernicious poverty premium, where all
too often we find those with the least being forced to pay the most.
Open banking – born in Britain - is the best current example of open data. This bill gives the government powers to create a much wider open data economy. These powers go beyond that of what is currently being explored in Europe. The European Banking
Federation (EBF) recently acknowledged that PSD2 does not serve as a model for data sharing and is now looking at an incentive-based voluntary Framework. Australia has also recently consulted on how to extend its ‘Consumer Data Right’ to non‑bank lending.
There are, inevitably, questions still to be explored. For example, which markets will Smart Data regimes be applied to? What opportunities could an open data economy create for financial services companies? I would be keen to hear from anyone with further
questions or thoughts about the bill.
The opportunity
This is an important milestone in the development of the digital economy. Expanding Open Data to other sectors could build a bridge between sectors through Digital Identity and therefore new opportunities for the UK financial services sector. Secure and
authorised data sharing leading to enhanced personal control, innovation in services, ultimately greater financial inclusion and citizen engagement: a prize worth fighting for.
Imagine a world where consumers were able to share their utilities data, creating opportunities for new personalised products with a level of sophistication far beyond that of the current tools that merely look at standing charges and unit pricing. If these
tools could link to your Smart Meter, the consumer could be empowered to look at their energy usage and balances alongside other products such as their credit cards and mortgage. Facilitating this more holistic view of an individual’s personal finances could
be a real opportunity for FS, facilitating what Emmanuel Daniel describes as ‘the great transition’ as an increasingly interconnected and online world shapes the infrastructure of finance, creating efficiencies and empowering individuals.
The mission is identical in so much of this digital transition, optimising our talent and technologies to deliver economic, social, and psychological growth across the country, connected, interoperable, across our world.