The House reports: Brexit & EU Data Protection Reform - so what for the UK?

18 July 2017

The House of Lords EU Home Affairs Sub-Committee has published their report today on the EU Data Protection reform package and the implications of Brexit. 

The Committee is concerned that after Brexit, UK trade with Europe and the rest of the world could be disrupted by the absence of an "adequacy decision", which is a process whereby the EU endorses the data protection legal frameworks of third countries. The Committee is also worried that law enforcement could be impacted. Therefore, the Committee recommends that the UK should seek an adequacy decision and make necessary arrangements for the transitional period during the current Brexit negotiations.

Once an adequacy decision is in place, personal data can flow from Europe to the third country without restriction. An adequacy decision should be a significant advantage for international trade, however only 11 countries have gone down this route: most of the world trades with Europe without having an adequacy decision in place. This is because there are other mechanisms that can be used to legitimise the flows of personal data from Europe, including the consent of the individuals concerned, the need to fulfil contracts, and a couple of official administrative mechanisms approved by Europe, namely "model contractual clauses" and "binding corporate rules". 

However, these other routes carry administrative and financial overheads for business and they are also under attack in the courts by privacy activists, so there is a sense that they might reside in a legal grey area. An adequacy decision would remove these problems, providing certainty for trade.

In the sphere of law enforcement, it is considered that the UK's position is complicated by the spectre of "mass surveillance". Some of the evidence before the Lords suggested that the UK's recent history in this area could have knock-on effects for trade. This was part of the problem that the US had to deal with when the challenge was made to the Safe Harbour framework for transferring personal data from Europe to the US. 

No doubt, the report will trigger a debate about what to do next. While we cannot predict how this will be resolved, it's certainly the case that the report has shone an intense spotlight on the data protection issue and the complications that the UK faces.

The report can be found here and you can watch my oral evidence to the Committee here

Stewart Room |  Solicitor (Partner) |  Global Head of Cyber Security and Data Protection Legal Services; UK Data Protection National Lead | PwC - UK  
Profile | Email | +44 (0)20 7213 4306

 

More articles by Stewart Room

Twitter
LinkedIn
Facebook
Google+

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.