| |
UK Seeks Data Alignment and Involvement after Brexit
The UK government has set out its aims for data protection and international data flow after Brexit, in the last of its current round of positional papers. Britain will seek a close alignment with EU laws, including adherence to the GDPR from next May.
 With talks set to resume on Monday, the Government said it would 'be in the interest of both the UK and EU to agree early in the process to mutually recognise each other's data protection frameworks as a basis for the continued free flows of data … from the point of exit until such time as new and more permanent arrangements come into force'.
With GDPR implemented in the UK, rules at the point of departure will be very closely aligned, and the UK will look for guarantees that data flows will be maintained without interruption immediately after Brexit: subsequently, it aims for a new and tailored model with the EU affording 'adequacy' status to its arrangements as it does with twelve existing partners including Switzerland, Israel and the USA. However, as the EU is not noted for its brevity and the quickest of these took eighteen months to conclude, the maintenance of the status quo in the interim will be crucial.
Britain says it will seek to remain 'fully involved' in shaping EU privacy regulations after 2019, with the Information Commissioner's Office (ICO) 'fully involved in future EU regulatory dialogue' and with an 'ongoing role' among EU data protection authorities. It concedes that no other country currently has such status, but given that 43 percent of all large EU digital companies are started in the UK, any failure to agree a deal will cause 'economically costly' disruption to both sides.
For their part, EU sources have cautioned that 'adequacy' is not guaranteed, with particular EU concerns over the 'proportionality of data use' and the UK government's views on surveillance and emphasis on national security. As reported in the Daily Telegraph (www.telegraph.co.uk ), tech industry leaders have echoed the concern over 'adequacy', pointing to the lengthy and difficult process of building the Privacy Shield agreement between the EU and US, after the ECJ's decision to strike down the pre-existing Safe Harbour agreement.
If existing rules are discontinued without an adequacy agreement, businesses will fall back on 'standard contract clauses' in which they agree individually to follow EU data privacy rules.
Thanks to www.warc.com and the Telegraph for much of the above.
|
