UK Government sets out its preferred post-Brexit landscape for data protection

Gail Crawford, Calum Docherty
Latham & Watkins LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Her Majesty’s Government last week published a position paper outlining its preferred post-Brexit landscape for data protection. The high-level takeaways are hardly surprising: the government stresses that it intends to “remain a global leader on data protection” and, as we already know, the UK’s Data Protection Bill, announced in the Queen’s Speech, will implement the EU’s General Data Protection Regulation (GDPR).

The paper’s top priority is the frictionless movement of personal data between the UK and the EU. The government sets out the Schrems test – i.e., that standards in a non-EU country must be “essentially equivalent” to those applied in the EU – and emphasises that the UK will be in an “unprecedented position” at Brexit, as the UK will have fully implemented the GDPR and so have the same data protection standards as the remaining EU member states. The government priority, then, is for the UK and the EU “to agree early in the process to mutually recognise each other’s data protection frameworks” to allow the free flow of personal data to continue at the time of Brexit. This bespoke interim solution would be followed up with agreed timelines about longer-term arrangements, with the paper suggesting that the UK will ultimately seek an adequacy decision.

Interestingly, the paper outlines international ambitions for the Information Commissioner’s Office (ICO), the UK’s data protection authority. The paper proposes “an ongoing role for the UK’s ICO in EU regulatory fora” (essentially, the European Data Protection Board) and suggests that the ICO can be “fully involved in the EU regulatory dialogue”. However, it is unclear just how “fully” the ICO could participate – currently, EEA members have a seat at the table in shaping policy at the Article 29 Working Party but not a vote on the final decisions, and it is altogether unclear whether the remaining EU data protection authorities would be open to this model for the ICO. At the same time, the paper notes in no uncertain terms that the UK government will continue to be responsible for the content and direction of data protection policy and legislation within the UK.

Crucially, the government tries to tie data protection to trade. The paper cites a 2013 report which suggests that “if cross-border data flows between the EU and the US were seriously disrupted, the EU’s GDP could reduce by between 0.8 and 1.3 per cent”. It also notes that “[The EU] recently announced plans to conclude its adequacy decision with Japan by early 2018. This stems from a desire to achieve progress in the ongoing EU-Japan trade deal negotiations”.

The UK is taking steps to try to assuage business concerns but, as with all things in these negotiations, the talks take time. Ultimately, this is as much about politics as it is about personal data.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Latham & Watkins LLP | Attorney Advertising

Written by:

Latham & Watkins LLP
Latham & Watkins LLP
Contact
more
less

Latham & Watkins LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide