Proposals for data protection and sharing include a continued role for Information Commissioner’s office in Europe and a continuation of ‘adequacy’ decisions with third countries
The Government has proposed a continued role for the Information Commissioner’s Office (ICO) in discussions on EU data regulations and a continuation of ‘adequacy’ agreements with third countries within a paper on the exchange and protection of personal data when the UK leaves the EU.
The paper has been jointly published by the Department for Digital, Culture, Media and Sport and the Department for Exiting the European Union, and emphasises an aim to ensure personal data can continue to move between the UK and EU in a properly regulated way.
This largely reflects concerns about the effects of disruption on the UK’s digital economy, along with worries that it could affect efforts to support the fight against financial crime and terrorist financing through data sharing.
The paper asserts that the UK-EU model for exchanging and protecting personal data should recognise that the UK complies with EU law in the area, and wider global standards, and that this will be enshrined in the Data Protection Bill announced by the Government in the recent Queen’s Speech.
One of its main proposals reflects the past role of the ICO as a leading influence on data protection policies for the whole EU. It says the UK is open to exploring a model in which the ICO would be “fully involved in future EU regulatory dialogue”. This would allow the organisation to carry on sharing resources and expertise with data protection authorities in the EU, and provide a practical contribution at EU level.
“This responds to the (European) Commission’s call to develop international co-operation mechanisms to facilitate effective co-operation and enforcement of data laws by data supervisor authorities,” it says, while insisting the UK Government would retain responsibility for national data protection law.
The paper also says the Government believes it would be in the interest of both sides to agree early to mutually recognise each other’s data protection frameworks.
An element of this is that the UK wants to support flows of data with third countries by ensuring that existing EU adequacy decisions – which ensure there are adequate levels of protection for data in those countries – continue to apply. This is important given that some of the data shared with third country organisations could have originated in the EU.
Minister for Digital Matt Hancock, said: “We want the secure flow of data to be unhindered in the future as we leave the EU. So a strong future data relationship between the UK and EU, based on aligned data protection rules, is in our mutual interest.
“The UK is leading the way on modern data protection laws and we have worked closely with our EU partners to develop world leading data protection standards.
“The paper published today sets out how we think our data relationship should continue. Our goal is to combine strong privacy rules with a relationship that allows flexibility, to give consumers and businesses certainty in their use of data.”
The paper points out that between October 2014 and September 2015 the UK Financial Intelligence Unit received 1,566 requests for data from international partners, of which at least 800 came from EU member states.
It also says there are estimates that about 75% of the UK’s cross-border data flows are with EU countries, and that 43% of large digital companies in the EU were started in the UK.