BCS, The Chartered Institute for IT, has warned that proposed changes to Britain’s data protection rules must not put the flow of data between the EU and the UK at risk.
The professional body said the supposed benefits of a leaner data protection regime – something the government promised last week – should not come at the expense of the UK’s current “data adequacy” arrangement with the EU.
The UK remained compliant with the EU’s General Data Protection Regulation (GDPR) when it formally left the EU at the end of 2020. Its interpretation of EU law meant that the trading bloc gave the UK an “adequacy” ruling, permitting data sharing across the border.
However, in the Queen’s Speech setting out policy plans for the next Parliament, the government promised the data protection regime would be reformed to “take advantage of the benefits of Brexit to create a world-class data rights regime that will allow us to create a new pro-growth and trusted UK data protection framework that reduces burdens on businesses, boosts the economy, helps scientists to innovate and improves the lives of people in the UK.”
Last week legal experts warned the government could be determined to create laws diverging from the principles underscoring GDPR to make a political point about the UK’s independence from the EU following Brexit.
Today, Dr Sam De Silva, chair of BCS’s Law Specialist Group and a technology and data partner at international law firm CMS, said: “Any material deviation the UK adopts in relation to data protection does risk its adequacy status so I hope there will be a detailed and objective analysis undertaken to assess whether the benefits from UK’s data reform outweigh the risks of not continuing to have an adequacy status.
- Lawyers say changes to UK data law will make life harder for international businesses
- Ad-tech firms grab email addresses from forms before they’re even submitted
- Europe’s GDPR coincides with dramatic drop in Android apps
- Bank for International Settlements calls for reform of data governance
“What was in the Queen’s Speech in relation to the reform of data protection was not surprising because it generally follows the principles outlined in the Government’s Consultation Paper on Reforms to the UK Data Protection Regime – ‘Data: A New Direction’.
“However, the devil will be in the detail – which we do not have sight of yet.”
Earlier this year, one legal expert warned that the UK’s approach outlined in the consultation paper would risk the adequacy ruling.
Data protection training firm Amberhawk published details of an analysis by Rosemary Jay, senior consultant attorney at law firm Hunton Andrews Kurk, in response to the government’s consultation.
In her view, it was an error for the consultation not to deal with the impact of the proposals on the UK’s adequacy determination.
“The consultation includes a number of helpful and practical proposals,” she said. “However, the wide scope means that it can be difficult to tease out the useful and/or significant elements. In some cases the impact of the proposals is not clear and in some places it is difficult to work out how different aspects of the proposals fit together.
“In addition, there are some regrettable omissions… The most striking omission is the absence of any assessment of the proposals on the UK’s adequacy finding from the EU.” ®