We must ditch Brexit plan to diverge from EU data protection regulations
Under Boris Johnson, the government has been seeking to diverge with the European Union on data protection regulations and, as non-EU member, we legally can do this.
However, simply because we can diverge does not mean that we should diverge; the benefits are negligible at best. The likely result would be the United Kingdom no longer being recognised as a “trusted partner” in the field of data security and the end of a free flow of data.
The next prime minister, and the government that he or she will form, should rethink our approach to data security. They must have the common sense and courage to break with that past trajectory and act in the national interest.
We need policy of dynamic alignment with European data protection regulation as it evolves over the coming years. This does not mean simply taking and blindly implementing new rules but actively engaging with the European Union as a partner.
As one of the MEPs who drafted the general data protection regulation, I believe this matters for three reasons: our national security, our economy and for consumer protection.
Rather than £11 billion in growth through deregulation, as suggested by the government, the potential loss of data flows will cost business far more
The European Commission has adopted data adequacy decisions for the UK, which recognised comparable high standards of data protection and allows data exchanges to continue unimpeded. This should have been the beginning of a new chapter of UK-EU relations on data protection standards. However, the government’s white paper, which outlined its intention to follow a policy of regulatory divergence, does not give me much hope that the level of cooperation in the future will be sufficient to protect our data flows.
Rather than £11 billion in growth through deregulation, as suggested by the government, the potential loss of data flows will cost business far more. Imports and exports of goods and services heavily depend on the free flow of personal data. EU personal data-enabled services exports to the UK were worth approximately £42 billion in 2018, and exports from the UK to the EU were worth £85 billion. It is important that UK businesses and consumers have clarity and can trade as freely as possible with our European neighbours.
Data exchanges are not only important in relation to commercial matters. They are absolutely vital from a national security perspective. The Visa Information System, Prüm, the European Criminal Records Information System and the second generation Schengen Information System are essential tools used on a daily basis by our law enforcement agencies – in 2019 UK police checked Schengen Information System no fewer than 603 million times. They have proved essential in tackling crime and bringing criminals to justice. Without equivalence on data, we risk losing access to these vital databases.
UK and European data protection regulations are widely regarded as having the highest personal data protection standards in the world. Should the government seek to lower its regulatory data standards, such consumer rights may be put at risk with increased amounts of our personal data being put into the hands of corporations without our consent.
I have written a paper which draws attention to these matters and calls for much greater cooperation with the EU. I do not believe that it is in our national interest to diverge in any meaningful way from the present regulations that the UK helped to shape. Data protection regulations have their faults but those can be corrected by agreement between all parties.
Equivalence on data policy is a pragmatic solution to an issue that will continue to mount as the world becomes ever more digitally inter-connected and an opportunity to take advantage of both parties’ shared goals.
Lord Kirkhope is a Conservative peer and former home secretary.
Get the inside track on what MPs and Peers are talking about. Sign up to The House's morning email for the latest insight and reaction from Parliamentarians, policy-makers and organisations.