On 18 May 2021, the Department for Digital, Culture, Media and Sport (“DCMS“) released the government’s response (the “Response“) to the consultation on the National Data Strategy (the “Strategy“). The Strategy was released in September 2020 as an attempt to pave the way for ‘unlocking the value’ of data across the economy.

The Strategy has five missions:

  • Unlocking the value of data across the economy;
  • Maintaining a pro-growth and trusted data regime;
  • Transforming the government’s use of data;
  • Ensuring the security and resilience of data infrastructure; and
  • Championing the international flow of data.

The Strategy is centred around improving data use and availability across the economy in order to enhance innovation and growth. Opening up government datasets is also a key priority and encouraging the free flow of data internationally has been identified as an important objective.

The Response takes stock of the stakeholder responses to the consultation and addresses the steps that the government has already taken to achieve the above missions, and the way forward in implementing the Strategy.

Below, we have outlined the key themes and issues arising from the Strategy and the Response.

Data in scope: Implications for personal data

The Strategy limits its application to digital information about people, things, and systems. This includes personal data, biometrics, demographics, systems and infrastructure data, geospatial data and sensor data relating to the Internet of Things. As a result, the Strategy covers both personal and non-personal data, and the government will have to tread a fine line while developing regulation to enable data use and access given that personal data is subject to much higher standards of protection. The challenges of sharing personal data have been recognised by the government in the Response, which has endeavoured to maintain these high standards of data protection while ensuring that ‘unnecessary barriers’ are not created to responsible data use (although it is not entirely clear as yet how this balancing act will be achieved). It is also worth noting that the Information Commissioner’s Office (“ICO“) has recently released a new Data Sharing Code of Practice which provides helpful guidance to organisations sharing personal data. (See HSF blog here.)

Data is the new sunlight: Encouraging widespread data use

The Strategy emphasises the increasingly common understanding that data is a resource to be harnessed as opposed to a threat to be managed. The government is seeking to optimise the opportunities that arise from data use to power innovation and better service delivery, highlighting that smaller organisations do not have the same access to data as larger technology companies, which potentially limits their ability to innovate and participate in the market. This rationale for data sharing can also be found in the European Data Strategy, released in February 2020, which stated that data should be available to all, be it start-ups or giants. India has also been considering regulation on the sharing of non-personal data on the basis that it would improve innovation.

The government’s vision to share data is not limited only to sharing in the private sector, but also emphasises the importance of the public sector having access to data to improve decision-making and services, for example, infrastructure and housing.

In improving data access, the government seeks to take an evidence-based approach while striking a careful balance in terms of the degree of government intervention, recognising that intellectual property rights sometimes vest in data, and these ought to be protected.

In Europe, the issue of data access has been addressed in the report of the European Commission titled ‘Competition policy in the digital era‘ which looks at the question of when data access is indispensable for a business. This often hinges on whether access to that data is essential for the business to compete. The Strategy and the Response do not look at data access through this kind of competition law lens, however, the Response does state that the government is looking into the importance of data access in enabling market competition and delivering public benefit. The Digital Markets Unit may become a key player in this sphere, as the Response indicates that powers to promote competition and address market power will be devolved to it. (See HSF Digital Regulation Timeline entry on the Digital Markets Unit here.)

In response to the Strategy, respondents were in agreement about the benefits of better data availability but had divergent views on the degree of government intervention required to achieve it.  As part of its efforts, the government has been conducting research into the measures to counter the barriers to data availability, such as improving the understanding of data sharing, supporting data foundations (i.e. data that is up to date, recorded in standardised formats, easily accessible and retrievable and protected against unauthorised use), improving incentives for and tackling the risks associated with data sharing, and mandating data sharing in the public interest. The last of these measures may sound alarm bells for organisations concerned about protecting their competitive advantage – data is a valuable resource that organisations invest in maintaining as better data leads to better insights. The DCMS report on Increasing Access to Data Across the Economy (from which the measures to improve data availability are sourced) suggests that mandatory data sharing may however be required where the goal is to increase competition.

It will be interesting to see if and how the government mandates data sharing and how this will be balanced with protecting organisations’ intellectual property rights, which has been a stated objective of the Strategy.

International flows of data: A post-EU outlook

Emphasising the UK’s intention to be a world leader in data flows, the Strategy announced the UK’s ambitions to encourage greater flows of data internationally, and ensure that there are no unnecessary constraints caused due to fragmented national regimes. To this end, the Strategy had the following objectives:

  • Securing positive adequacy decisions from the EU to maintain free flows of personal data from the European Economic Area. In February 2021, the European Commission published draft adequacy decisions for transfer of personal data to the UK. This is an important step forward in the UK’s mission to improving international data flows and the UK has now urged the EU to complete the process for adopting and formalising these decisions (although this process could possibly be delayed after the EU Parliament voted in May 2021 to ask the European Commission to modify its draft decisions on whether or not UK data protection is adequate).
  • Developing the UK government’s capability to conduct its own data adequacy decisions. In its Response, the government has stated that it will announce its priority countries for data adequacy shortly. Respondents suggested that the US and EU should be prioritised for UK adequacy assessments, and highlighted opportunities for the UK in the Middle East, Africa, the Indian subcontinent and Brazil. The government will also explore alternative transfer mechanisms to provide some flexibility and we could see UK standard contractual clauses being developed and new binding corporate rules being approved. New guidance on international transfers may also be published by the ICO. This would all be in stark contrast to the EU approach, pursuant to which only 12 adequacy decisions have been issued since the Data Protection Directive (the predecessor to the General Data Protection Regulation) in 1995.
  • Agreeing ambitious data provisions in trade agreements. The UK intends to use its new independent seat in the World Trade Organisation to influence trade rules on data, and also agree provisions in trade agreements which prevent unjustified data localisation measures and maintain high data protection standards. In the Response, the government announced that it had agreed data flow provisions in trade agreements with the EU and Japan to this end. The government has also secured reciprocal free flows of personal data with the non-EU countries that are recognised by the UK as adequate, such as Japan, Canada, Israel and the Crown Dependencies.
  • Driving UK values globally. The Response sets out the government’s intention to “champion the secure, trusted and interoperable exchange of data across borders” and using diplomacy to influence the global position on rules and standards relating to data.

The UK’s opposition to data localisation measures is consistent with the EU position captured in the Regulation on a framework for the free flow of non-personal data in the European Union, which prohibits data localisation measures and enables processing of data in multiple locations throughout the EU. However, some of the countries (such as India and the United Arab Emirates) suggested by respondents as possible priority countries for data adequacy do still incorporate data localisation requirements for certain categories of data. The government’s approach towards the priority countries will be one to watch and data localisation provisions (or the lack thereof) in trade agreements could possibly be hotly contested between parties.

Security and Resilience of Infrastructure: The key to data availability?

In the Strategy, the government sets out the importance of secure and resilient data infrastructure (i.e. systems and services that store, transfer and process data, for example, data centres and cloud computing) characterising it as a “vital national asset” and crystallising its intention to ensure data in transit and data stored in external data centres is sufficiently protected.

As part of its bid to improve security, the Response discussed the National Security and Investment Act (the “NSI Act“) which creates a mandatory notification regime for acquisitions in certain sectors, one of which is data infrastructure. (See HSF blog here).The NSI Act recently received Royal Assent. The operation of the NSI Act is likely to give the government greater oversight over the players in the data infrastructure space and whether acquisitions in the sector are likely to give rise to national security concerns. However, it remains to be seen whether it will create any barriers for investment and innovation in the sector.

In any event, the government’s focus on security of data infrastructure is likely to give its trade partners (as discussed above) some comfort while agreeing to the free flow of data.

Importantly, the government has also flagged the environmental impact of data use, stating in the Response that it will embed sustainability as a key decision point while designing and approving government-owned digital systems and services and use its COP26 presidency to begin an international conversation on the role of data and digital in countering climate change.

Improving the government’s use of data

The experience of managing the pandemic has been a helpful indicator of the usefulness of data sharing between different parts of government in developing a crisis response. Accordingly, another key priority of the Strategy is to improve the way the government uses data across the board. To this end, the government seeks to improve the quality, access and interoperability of data by prioritising the use of the Digital Economy Act (which contains provisions for data sharing between government departments) and the work of the Data Standards Authority on standards for data access. For the latter objective, the government will assess how the FAIR Principles (findable, accessible, interoperable and reusable) can support data management and stewardship, and the TRUST Principles (transparency, responsibility, user focus, sustainability and technology) can be applied to digital repositories.

In the Response, the government has also pledged to increase transparency in algorithmic decision making in government and embed the Data Ethics Framework across government processes.


The government has identified several key priorities in the Strategy and the subsequent Response. Some of these are likely to have a positive impact on the data economy, such as the emphasis on free flows of data internationally, countering the environmental impact of increased data use and improving government use of data. However, it remains to be seen how the government will maintain high data protection standards in the face of widespread data use. Organisations should also keep an eye out for new policy frameworks from the government on mandatory data sharing.

Miriam Everett
Miriam Everett
Partner, Head of Data Protection and Privacy, London
+44 20 7466 2378
Ananya Bajpai
Ananya Bajpai
Trainee Solicitor
+44 20 7466 2952