According to the House of Lords Committee, maintaining
unhindered and uninterrupted data flows between the UK and EU after Brexit is
an important aim, as any arrangement that results in greater friction could
present a non-tariff trade barrier that puts the UK at a competitive
disadvantage and hinders police and security cooperation. This will come as no surprise
to SCL members. The Committee notes that, although the Government has stated
that they ‘will seek to maintain the stability of data transfers between the
EU, Member States and the UK’, they ‘were struck by the lack of detail on how
the Government plans to deliver this outcome’.
In its report, by looking at four elements of the EU’s data
protection package the Committee examines the options available to the
Government for securing uninterrupted data flows between the UK and EU after
the UK leaves the EU. These elements are the General Data Protection Regulation
(GDPR), the Police and Criminal Justice Directive (PCJ), the EU-US Privacy
Shield and the EU-US Umbrella Agreement.
Key Findings
- The most effective way to achieve unhindered flows of data
would be to secure adequacy decisions from the European Commission under
Article 45 of the General Data Protection Regulation and Article 36 of the
Police and Criminal Justice Directive, thereby confirming that the UK’s data
protection rules would offer an equivalent standard of protection to that
available within the EU. - EU adequacy decisions can only be taken in respect of third
countries – ie countries that are not EU Member States – and there will
therefore be legal impediments to having such decisions in place at the moment
of exit. If there is no transitional arrangement on data protection
post-Brexit, this could put at risk the Government’s objective of securing
uninterrupted flows of data, thereby creating a cliff-edge. - Without a transitional arrangement, the lack of tried and
tested fall-back options for data-sharing in the area of law enforcement would
raise concerns about the UK’s ability to maintain deep police and security
cooperation with the EU and its Member States in the immediate aftermath of
Brexit. - Even if the UK’s data protection rules were aligned with the
EU regime to the maximum extent possible at the point of Brexit, there remains
the prospect that over time, the EU would amend or update its rules.
Maintaining unhindered data flows with the EU post-Brexit could therefore
require the UK to continue to align domestic data protection rules with EU
rules that it no longer participates in setting. - It is imperative that the Government consider how best to
replace those structures and platforms that have allowed it to influence EU
rules on data protection and retention. It should start by seeking to secure a
continuing role for the Information Commissioner’s Office on the European Data
Protection Board.
Links to full report