On 28 June 2021, the European Commission adopted ‘data adequacy’ decisions for the United Kingdom. This marked the beginning of a new chapter of UK-EU relations on data protection standards following our departure from the European Union on 31 January 2020. This pivotal step forward recognised the implementation of the EU General Data Protection Regulation into domestic law through the ‘essentially equivalent’ 2018 Data Protection Act, including the UK’s equivalence with the Law Enforcement Directive.
However, just over two months after these decisions were adopted, the Department for Digital, Culture, Media and Sport published its consultation, ‘Data: a New Direction’. This followed the publication of the ‘UK Global Data Plans’ put forward by DCMS in August 2021 and set out the Johnson government’s intention to follow a policy of ‘regulatory divergence’ from European standards and directives on data. Not only would such proposals do significant damage to future UK-EU relations and risk the United Kingdom’s data adequacy arrangement with the European Union but would be a significant step back in our own data protection regime.
Rather than developing £11bn in growth through deregulation, as suggested by the government, the potential loss of data flows will cost business far more. Imports and exports of goods and services heavily depend on the free flow of personal data. EU personal data-enabled services exports to the UK were worth approximately £42 billion (€47bn) in 2018, and exports from the UK to the EU were worth £85 billion (€96bn).
The report draws attention to the dangers of the Johnson Government’s trajectory on data protection and offers an alternative path for the incoming Prime Minister which safeguards the UK’s data adequacy arrangement with the EU and ensures stability for consumers and businesses alike. The free flow of data is essential: for our economy, for our national security and for the future relationship between the UK and the EU.
The EU GDPR is widely regarded as having the highest personal data protection standards in the world. Maintaining equivalence on data standards not only preserves these consumer rights but will also ensure that the UK is not left behind as these regulations continue to be updated and strengthened. Should the government seek to lower its regulatory data standards, such consumer rights may be put at risk with increased amounts of our personal data being put into the hands of corporations without our consent.
For the United Kingdom to be able to continue to capitalise on the advantages that accompany UK-EU data equivalence it must retain and go beyond its Data Adequacy Status and in so doing prove to the European Commission that it is committed to dynamic regulatory alignment on data.
This paper, which comes ahead of anticipated legislation on the future of the UK’s data protection regime, calls for the next government to change course and to adopt a policy of dynamic alignment with the EU GDPR as it evolves of the coming years, not just taking and blindly implementing new rules but actively engaging with the European Union as a partner.
Equivalence on data policy is not only a pragmatic solution to an issue that will continue to mount as the world becomes ever more digitally inter-connected but also a sizeable opportunity to take advantage of both parties’ shared interests and goals to advance the vital case for strategic cooperation between the United Kingdom and European Union.
Click here to read the full report.
