UK outlines proposals for shared approach on data protection

31 August 2017

The government has published a document which outlines how the UK is considering an ambitious model for the protection and exchange of personal data with the EU.

Data flows are important for the UK and the EU economies and for wider cooperation, including on law enforcement matters. To ensure that individuals have control over and transparency as to how their personal data is being used, and that their personal data is protected from misappropriation and misuse, robust safeguards are needed.

The UK has strong domestic personal data protection standards, set out in the Data Protection Act (DPA) 1998. The UK’s new Data Protection Bill, which will repeal and replace the DPA 1998, was announced in this year’s Queen’s Speech. It will further strengthen UK standards, ensuring they are up to date for the modern age, and it will implement the EU’s new data protection framework (General Data Protection Regulation) in our domestic law. At the point of our exit from the EU, the UK’s domestic data protection rules will be aligned with the EU data protection framework.

After leaving the EU, the UK will continue to play a leading global role in the development and promotion of appropriate data protection standards and cross-border data flows. In doing so we will work alongside the EU and other international partners to ensure that data protection standards are fit for purpose – both to protect the rights of individuals, but also to allow businesses and public authorities to offer effective services and protect the public.

After the UK leaves the EU, new arrangements to govern the continued free flow of personal data between the EU and the UK will be needed, as part of the new, deep and special partnership. The UK starts from an unprecedented point of alignment with the EU. In recognition of this, the UK wants to explore a UK-EU model for exchanging and protecting personal data, which could build on the existing adequacy model, by providing sufficient stability for businesses, public authorities and individuals, and enabling the UK’s Information Commissioner’s Office (ICO) and partner EU regulators to maintain effective regulatory cooperation and dialogue for the benefit of those living and working in the UK and the EU after the UK’s withdrawal.

The government has set out its plans for arrangements that could ensure personal data would continue to move back and forth between the UK and the EU in the future in a safe, properly regulated way.

In the latest of a series of papers looking at the UK’s future partnership with the EU after we have left, the government has considered the case for a unique approach that could allow data to continue to be exchanged to ensure ongoing competitiveness, innovation and job creation.

The document outlines how the UK is considering an ambitious model for the protection and exchange of personal data with the EU that reflects the unprecedented alignment between British and European law and recognises the high data protection standards that will be in place at the point of exit.

This would allow the UK to work more closely with the EU, providing continuity and certainty for business, allowing public authorities, including law enforcement authorities, to continue their close co-operation, protecting people’s data and privacy and providing for ongoing regulatory co-operation between the UK and EU data protection authorities.

Read the exchange and protection of personal data - a future partnership paper