The Government’s Department for Exiting the European Union (EU) has set out its bold plans for arrangements that could ensure personal data would continue to move back and forth between the UK and the EU in the future in a safe and properly regulated manner. In the latest of a series of papers examining the UK’s future partnership with the EU post-Brexit, the Government has considered the case for a “unique” approach that could allow data to continue to be exchanged in order to ensure ongoing competitiveness, innovation and job creation.
The document outlines in detail how the UK is considering an ambitious model for the protection and exchange of personal data with the EU that reflects the unprecedented alignment between British and European law and recognises the high data protection standards that will be in place at the point of exit.
This would allow the UK to work more closely with the EU, providing continuity and certainty for the business community, allowing public authorities – including law enforcement authorities – to continue their close co-operation, protecting people’s data and privacy and providing for ongoing regulatory co-operation between UK and EU data protection authorities.
These proposals are said to “provide a stable base” for the Government to deliver on its commitment to turn Britain into the “best and safest place” to be online.
Matthew Hancock, the Minister for Digital, explained: “In the modern world, data flows increasingly underpin trade, business and all relationships. We want the secure flow of data to be unhindered in the future as we leave the EU. A strong future data relationship between the UK and the EU, based on aligned data protection rules, is in our mutual interest. The UK is leading the way on modern data protection laws and we’ve worked closely with our EU partners to develop world-leading data protection standards. This new position paper sets out how we think our data relationship should continue. Our goal is to combine strong privacy rules with a relationship that allows flexibility in order to give consumers and businesses certainty in their use of data.”
Stewart Room (PwC’s global data protection legal services leader) responded: “The Government’s position paper makes it crystal clear that data protection is now a priority issue for the UK and its economy and in the ongoing fight against serious crime and terrorism. Successful delivery of the General Data Protection Regulation (GDPR) will be a critical part of the UK’s success after Brexit. With this in mind, the paper sends a clear message to all data controllers and data processors in the UK that they must embrace the requirements of the GDPR.”
As the position paper has pointed out, it’s vital that the UK’s data regulator, namely the Information Commissioner’s Office (ICO), maintains an influential role post-Brexit. To this end, the ICO will require proper levels of investment if it’s going to be able to fulfil its vital resource-sharing requirements.
One area that the position paper doesn’t tackle is the concern in parts of the EU that the UK’s domestic surveillance laws are challenging to EU data protection principles. The possibility of partial adequacy decisions could help overcome such concerns.