Government wants fast resolution to Brexit's EU data-sharing problem

New paper insists that cutting cross-border data flows would harm the EU as much as the UK

Earlier this month, the UK government proposed a new Data Protection Bill, which will bring the country's laws in line with the upcoming GDPR: enshrining the right to be forgotten, and giving end users more control over their online data.

The new bill, however, does not deal with the sharing of information - and, with the region's data economy expected to be worth €643 billion by 2020, the UK government doesn't want to lose access to the EU's resources. With that in mind, the government has put forth a new position paper, detailing its plans for rules on protecting and exchanging citizens' private information.

After leaving the EU, the UK ‘will continue to play a leading global role in the development and promotion of appropriate data protection standards and cross-border data flows' (translation: the government doesn't really want anything to change after Brexit).

Data is not only important for security, but for business. More than 40 per cent of the EU's large digital companies were founded in the UK, and 75 per cent of cross-border data flows are with the European Union. The UK economy is dominated by service sectors, where data is vital (although as recently as June, the House of Lords criticised the government for its lack of understanding in this area).

Because of the importance of data sharing, to both regions (the EU economy would also be hurt if these data flows were disrupted), the government will look for a deal that is different to those the EU already has in place with non-member states.

Although the UK and EU start from ‘an unprecedented point of alignment', new arrangements will be necessary to govern the continued free flow of personal data. The paper states that these arrangements ‘could build on the existing adequacy model'.

The new ‘special partnership' (special relationship, anyone?) must:

• maintain the free flow of personal data between the UK and the EU;
• offer sufficient stability and confidence for businesses, public authorities and individuals;
• provide for ongoing regulatory cooperation between the EU and the UK on current and future data protection issues, building on the positive opportunity of a partnership between global leaders on data protection;
• continue to protect the privacy of individuals;
• respect UK sovereignty, including the UK's ability to protect the security of its citizens and its ability to maintain and develop its position as a leader in data protection;
• not impose unnecessary additional costs to business; and
• be based on objective consideration of evidence.

But…

When the EU considers data-sharing with the UK, it will make its decision partly based on the UK's adequacy: how closely the country's own laws align with the European Union's on data protection. However, the Data Protection Bill, which is equivalent to the GDPR, will not be considered in a vacuum. Surveillance measures, like the controversial Investigatory Powers Act (or Snooper's Charter) will also be weighed. The new paper makes no mentioned of the IP Act.

Critics have already spoken out against the paper, criticising it for lacking detail and for simply restating the same points throughout. It has its supporters as well, though: Anthony Walker, deputy CEO of industry body TechUK, said, "The government's paper suggests that they have listened to the tech sector, and the thousands of businesses across the whole economy who rely on data transfers to serve their businesses and their consumers."