The importance of maintaining the free flow of data between the EU and UK

The UK is looking to forge a new relationship with the EU, which is no easy task, as we’ve seen from fraught and sometimes tense negotiations.

Part of this new relationship will include data and the rules governing how data can be exchanged between the UK and EU.

The UK Government has stated its intention to very closely align with the EU on data protection standards. The Data Protection Act 2018 recently passed by Parliament implements the General Data Protection Regulation (GDPR) in the UK and ensures the highest standards will remain after Brexit.

An agreement on data protection will be crucial for the EU and the UK, and any disruption to cross-border data flows would be costly to all partners. An agreement will also ensure clarity on enforcing citizens’ rights.

DMA Managing Director, Rachel Aldighieri said: “The free flow of data allows businesses across the EU and UK to perform a great many functions. For instance, a company based in Italy that uses one of the UK’s many server host companies to store information about its customers would have to go through the complicated process of moving its data operations to the EU. Given the number of businesses in the UK that process EU citizens’ data, the effects of stopping data flows could be huge."

All trade is increasingly reliant on data flows and especially so in Europe. For example, many EU organisations use service providers based in the UK and a major disruption of data flows would cause legal uncertainty for companies using UK service providers and vice versa. It is in the interests of both sides to do all they can to minimise disruption.

The UK is proposing a new agreement between the EU and UK, building on standard adequacy, that would better deliver on the EU and UK’s shared interests. This deal would reflect the UK’s deep alignment on this issue.

The deal aims to:

• Maintain the free flow of personal data between the UK and EU
• Minimise legal uncertainty for UK and EU businesses
• Reassure citizens that their data is safe in both the UK and EU
• Not impose unnecessary costs on businesses
• Provide for on-going regulatory cooperation

Regulatory cooperation is particularly important as this will give businesses legal certainty and allow the EU to benefit from the expertise of the Information Commissioner’s Office (ICO), which is the UK’s data protection authority.

The ICO has taken a leading role within the EU, as a member of the Article 29 Working Party, they were responsible for over 50% of the working party’s guidelines in 2017.

Aside from Ireland, the UK is the only other native English speaking country, the lingua franca of the EU, and so their contribution has been even more valuable.

A continued role for the ICO on the European Data Protection Board (EDPB) after Brexit will bring it the benefits of the ICO’s expertise, resources, experience and global influence. The ICO is the EU’s most well-resourced regulator.

This new deal would make it easier for EU consumers to complain about a UK organisation and therefore protect citizen’s rights.

A continued role for the ICO on the EDPB is in both the interests of businesses based in the EU and UK, as well as maintaining the free flow of data.

If you have any questions regarding this article then email DMA external affairs manager, Zach Thornton: zach.thornton@dma.org.uk