“Barrier to trade and security if data transfers are hindered post-Brexit” warns EU Home Affairs Sub-Committee

The Government should pursue full regulatory equivalence with the European Union (EU) with respect to data protection in order to ensure unhindered data flows between the UK and the EU post-Brexit, offer stability and certainty for businesses and maintain police and security co-operation. That’s the considered view of the EU Home Affairs Sub-Committee as outlined in its latest report.

Maintaining unhindered and uninterrupted data flows between the UK and the EU following Brexit is an important aim, as any arrangement that results in greater friction could present a non-tariff trade barrier that places the UK at something of a competitive disadvantage and hinders police and security co-operation.

Although the Government has stated that it “will seek to maintain the stability of data transfers between the EU, Member States and the UK”, little detail has so far been offered by the Conservative Party in terms of how the Government plans to deliver this outcome.

By looking at four elements of the EU’s data protection package in its report, the EU Home Affairs Sub-Committee examines the options available to the Government for securing uninterrupted data flows between the UK and the EU after the UK leaves the EU. These elements are the General Data Protection Regulation, the Police and Criminal Justice Directive, the EU-US Privacy Shield and the EU-US Umbrella Agreement.

Lord Jay of Ewelme, chairman of the EU Home Affairs Sub-Committee, stated: “The volume of data stored electronically and moving across borders has grown hugely over the last 20 years. Between 2005 and 2012 alone, Internet traffic across borders increased eighteen-fold. The maintenance of unhindered data flows is therefore crucial, both for business and for effective police co-operation.”

Lord Jay continued: “The Committee was concerned by the lack of detail on how the Government plans to maintain unhindered data flows post-Brexit. It was concerned, too, by the risk that EU and UK data protection rules could diverge over time when the UK has left the EU. To avoid this, the Committee urges the Government to secure a continuing role for the Information Commissioner’s Office on the European Data Protection Board.”

Key findings of the report

There’s consensus among witnesses that the most effective way to achieve unhindered flows of data would be to secure adequacy decisions from the European Commission under Article 45 of the General Data Protection Regulation and Article 36 of the Police and Criminal Justice Directive, thereby confirming that the UK’s data protection rules would offer an equivalent standard of protection to that available within the EU.

EU adequacy decisions can only be taken in respect of third countries – ie countries that are not EU Member States – and there will therefore be legal impediments to having such decisions in place at the moment of exit. If there’s no transitional arrangement on data protection post-Brexit, this could put at risk the Government’s objective of securing uninterrupted flows of data, thereby creating a ‘cliff edge’ scenario.

Without a transitional arrangement, the lack of ‘tried and tested’ fall-back options for data sharing in the area of law enforcement would raise concerns about the UK’s ability to maintain deep police and security co-operation with the EU and its Member States in the immediate aftermath of Brexit.

Even if the UK’s data protection rules were aligned with the EU regime to the maximum extent possible at the point of Brexit, there remains the prospect that, over time, the EU would amend or update its rules. Maintaining unhindered data flows with the EU post-Brexit could therefore require the UK to continue to align domestic data protection rules with EU rules that it no longer participates in setting.

It’s imperative that the Government considers how best to replace those structures and platforms that have allowed it to influence EU rules on data protection and retention. According to the Committee, and as stated, the Government should kick-start this process by seeking to secure a continuing role for the Information Commissioner’s Office on the European Data Protection Board.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts