Brexit: The UK wants an early deal with the EU on data transfer and privacy, latest position paper outlines
The UK will continue to comply with European laws on data after the country leaves in March 2019 and the EU should recognise this early on in negotiations, the government has said.
In a fresh paper outlining Britain’s approach to negotiating the free flow of data across borders, the department for exiting the European Union has called for an early agreement to mutually recognising current rules so that disruption to business is avoided.
“Early certainty around how we can extend current provisions, alongside an agreed negotiating timeline for longer-term arrangements, will assuage business concerns on both sides and should be possible given the current alignment of our data protection frameworks,” the paper outlined.
Read more: The proposed Data Protection Bill could be used to shoehorn draconian rules
Brexit’s potential threat to the free flow of data has been cited as one of the biggest risks to the UK’s digital economy, which is worth £1.18.4bn to the UK’s overall economy.
The UK will adopt the provisions of new EU data laws, known as GDPR and due to come into force next year, into the country’s own domestic law under a new data protection bill. The EU would have to recognise the UK’s rules under an adequacy agreement.
But the UK could fall back on other rules governing data transfer from the EU to a third party country, which the UK would be, such as Binding Corporate Rules, Standard Contractual Clauses and Approved Codes of Conduct. It admitted that “none of these alternatives are as wide ranging as an adequacy decision” however, and that these could also be costly and onerous for business, particularly small and medium sized firms.
The government said it also wants to remain involved in the development of rules governing data with the EU.
“The UK would be open to exploring a model which allows the Information Commissioner’s Office (ICO) to be fully involved in future EU regulatory dialogue. An ongoing role for the ICO would allow the ICO to continue to share its resources and expertise with the network of EU Data Protection Authorities, and provide a practical contribution at EU level which will benefit citizens and organisations in both the UK and the EU,” the paper said.
Read more: Data Protection Bill: Government says it will simplify rules for businesses
The proposals were welcomed by business groups, but they warned it may not be a smooth ride to secure mutual adequacy.
“While the Government’s approach appears to be the right one, securing an adequacy agreement will not be easy,” said TechUK deputy chief executive Antony Walker.
“It will require difficult and sensitive issues around the UK’s surveillance powers to be discussed between the UK and the EU. The experience of the USA in creating the Privacy Shield shows that these issues can be overcome, but doing so will take time and a commitment on both sides to do the hard work necessary to reach an agreement.”