The UK Government has published a new wishlist regarding how it hopes data transfers will continue with the European Union after Brexit.
Called The Exchange and Protection of Personal Data it looks at the short term future of data processing between the EU and the UK.
The UK wishlist hopes that once we leave Europe then cross border processing to the EU will be maintained by ensuring the country meets adequacy tests set by the EU. The alternative would be that every company would need strict processing agreements – similar to the US privacy shield. These are listed under Appendix A in the document.
Whilst not explicit, the document seems to express the hope that the ICO can continue to work alongside the EU Data Authorities in the future.
Whilst it is apparent looking at the new Data Protection Act outlined by the government last month the UK will meet the test, the problem is when. Currently the EU say that adequacy testing cannot take place until after Brexit. This means that potentially there will be a period of several months whilst these tests take place.
The document outlines how the UK is considering an ambitious model for the protection and exchange of personal data with the EU that reflects the unprecedented alignment between British and European law and recognises the high data protection standards that will be in place at the point of exit.
This would allow the UK to work more closely with the EU, providing continuity and certainty for business, allowing public authorities, including law enforcement authorities, to continue their close co-operation, protecting people’s data and privacy and providing for ongoing regulatory co-operation between the UK and EU data protection authorities.
The ministers says…
Minister for Digital Matt Hancock, said:
“In the modern world, data flows increasingly underpin trade, business and all relationships. We want the secure flow of data to be unhindered in the future as we leave the EU.”
“So a strong future data relationship between the UK and EU, based on aligned data protection rules, is in our mutual interest.”
“The UK is leading the way on modern data protection laws and we have worked closely with our EU partners to develop world leading data protection standards.”
“The paper published today sets out how we think our data relationship should continue. Our goal is to combine strong privacy rules with a relationship that allows flexibility, to give consumers and businesses certainty in their use of data.”
In conclusion the document points out that the UK looks forward to working together closely with the EU to adopt a solution that
- allows data to continue to be exchanged in a safe and properly regulated way
- offers sufficient stability and confidence for businesses, public authorities and individuals
- provides for ongoing regulatory cooperation between the EU and the UK on current and future data protection issues, building on the positive opportunity of a partnership between global leaders on data protection
- continues to protect the privacy of individuals
- respects UK sovereignty, including the UK’s ability to protect the security of its citizens and its ability to maintain and develop its position as a leader in data protection
- does not impose unnecessary additional costs to business
- is based on objective consideration of evidence.