New Government position paper – the exchange and protection of personal data

This is the final of the five position papers released by the Department for Exiting the European Union in advance of the next round of talks between David Davis and Michel Barnier, which are due to begin next week.

It is highly unlikely that this particular subject will be up for discussion any time soon. The EU is keen to see progress on the Brexit bill, the Irish border and  the rights of EU citizens resident in the UK before widening the scope of negotiations to include issues like these.

Once again, we are informed that the Government is keen to build a “new, deep and special” relationship with the EU – an unfortunate phrase which fails to reflect the reality of Brexit, as we have already pointed out.

This study paper falls into the common trap of some earlier position papers in assuming that because our procedures are aligned with the EU at the moment by virtue of being a member state, an agreement will be straightforward. This represents a failure to appreciate that being a Third Country for EU purposes is radically different from being an EU member state. The Treaties no longer apply (to quote Article 50, Paragraph 3) and just because there has been  – and indeed, will be – conformity in a number of areas up to Brexit day, this in no way obliges the EU to carry on as normal once we leave. As far as data sharing is concerned, this remains true even though the latest EU legislation on data sharing,  General Data Protection Regulation (GDPR) will be incorporated into UK law next year.

Furthermore, the whole point of Brexit is divergence. We voted no longer to be ruled by the EU and for our own Parliament and our own laws to be supreme. In this area and many others, we will not want to incorporate subsequent EU laws into UK law lock, stock and barrel once we leave or else it means Brexit isn’t Brexit. Maintaining the balance between independence and cooperation is the biggest challenge our negotiators will have to face and this paper, along with others which have recently appeared, has stated the issues and the desired outcome without providing any detail about how it is to be reached.

The paper is nonetheless correct in stating that with data flows being important both for trade and for dealing with crime, some form of arrangement must be sought. However, we will have to agree with the European Commission that the UK provides an adequate level of data protection before any formal agreement can be made. This may not be straightforward at all. As this article points out, the UK government has been far too keen to grant excessive surveillance powers to its security services. In an understandable desire to keep tabs on terrorism, the powers sought by the UK government under the Investigatory Powers Act to interfere in the communications of innocent men and women earned it a rebuke from the European Court of Justice to which, whether we like it or not, we are subservient until March 2019.

It would have been helpful if the Government  paper had fleshed out the rather broad concepts it discusses with some everyday examples by way of illustration. The article mentioned above does provide some useful clarification on the type of personal data which is currently shared across national borders. UK companies with customers, users or employees in the EU currently transfer personal data like family pictures, banking details and employee payslips across national boundaries. This is the nature of the globalised world in which we live.

So the aim of the Government is understandable – it would like the transfer of information to carry on much as before when we finally leave. Reality could turn out to be rather different.

Print Friendly, PDF & Email

Leave a comment