Brexit and data regulation: what next for data sharing and the GDPR?
Dods political consultant Andrew McQuillan explores government’s position on data regulation post-Brexit, highlighting potential pitfalls as well as opportunities
Amid the many intricacies of Brexit, leaders in both the public and private sectors will be keen to ensure the continuous and secure flow of personal data. The ramifications of no deal or "a cliff edge Brexit” for the digital economy – worth £118.4bn or 7.1% of the UK’s GVA in 2015 – would undoubtedly exert immense strain on government and business alike.
The soundbites from the government following the publication of its recent data position paper have stressed stability and a close relationship which allows for flexibility and certainty. The meat of the 15-page document contains some reassuring aspects. For example, the commitment to seek an adequacy decision from the European Commission to maintain the free flow of data will ensure that the UK and EU data protection structures will be aligned at the point of departure.
The paper suggests that the Information Commissioner’s Office could still contribute to the formulation of future EU regulation, which illustrates that the government has accepted the realities of ensuring a coherent approach towards data protection.
- GDPR deadline: One third of public sector decision makers not confident they’ll be ready
- Information commissioner says first GDPR guidance due this year
- ICO: Councils need to sharpen up on data protection ahead of GDPR
The commitment that the General Data Protection Regulation and Data Protection Directive will be implemented as part of the Data Protection Bill promised in the Queen’s Speech does mean that UK businesses and organisations dealing in data transfers with the EEA will face little trauma, assuming that the British proposals are agreed to by the Commission.
However, domestic considerations could potentially complicate achieving a smooth deal. The UK’s Investigatory Powers Act, heavily criticised by the European Court of Justice at the end of 2016, is viewed as being inimical to the EU’s interpretation of fundamental human rights. Failure to reach an accommodation could prevent an adequacy agreement being reached, which would fundamentally undermine any proposed arrangement.
Similar issues were raised between the United States and EU in 2015 which resulted in a compromise involving an independent ombudsman, which safeguards competency.
As a first substantial foray into the field, this position paper has made reassuring noises regarding the UK’s approach towards data protection for those seeking a maintenance of the status quo. Figures involved in the public and private sectors should welcome its intent, but everything hinges on what the EU Commission says in response.
This is arguably one of the least controversial areas of Brexit and given the mutual interest on both sides a resolution should be achievable. The effusive tone of the government pronouncements which accompanied the paper about a special arrangement have added some sparkle to an otherwise mundane technical aspect of Brexit and it is unlikely that should an agreement be reached that there will be any dramatic impact on current day to day data sharing protocols.
However, as with much of Brexit, the failure to reach an agreement is the real danger which could harm government and business alike.
Sector organisation writes to Matt Hancock and other MPs to express concerns
James Wickes of Cloudview believes regulators need to take steps to sharpen senior managers’ focus on cybersecurity
Policy paper from Parliament Street think tank recommends increased use of shared services
Head of the watchdog, Elizabeth Denham, says ICO will be expected to do “more of everything” as strict new data compliance law comes down the track