A drastic and “pro-tech” government policy paper to overhaul the UK’s data protection legislation is believed by the European Commission to be jeopardising future collaboration with the European Union.
The government’s new “National Data Strategy”, which vows a profound “transformation” of how data is used across the public sector, is expected to adversely affect the continued flow of data between the UK and EU Member States at the end of the Brexit transition period.
Key objectives of the National Data Strategy
The National Data Strategy documentation (available here) mentions that the government intends to “take advantage of being an independent sovereign nation to maximise strengths domestically” and that it will endeavour to “influence the global approach to data sharing and use”.
The paper lists the following five key “missions” to take advantage of the opportunities data offers:
- Unlocking the value of data across the economy.
- Securing a pro-growth and trusted data regime.
- Transforming government’s use of data to drive efficiency and improve public services.
- Ensuring the security and resilience of the infrastructure on which data relies.
- Championing the international flow of data.
The government is also keenly looking to expand the regulatory framework to establish the necessary mechanisms to “unlock the value of data across the economy”, as well as to update how data is managed, used and shared internally and across public sector bodies, to create an “appropriately safeguarded, joined-up and interoperable data infrastructure”.
Likely impact on the UK’s adequacy decision
The European Commission is for its part analysing whether the UK’s data protection legislation will be consistent with the GDPR and the law enforcement directive after 1 January 2021, which is the current regulatory framework that permits data flows between law enforcement agencies as well as across the health, entertainment, banking, insurance and tech sectors.
No. 10 still expects that a positive adequacy decision confirming the UK as an adequate country for data transfers can be reached by the European Union before the end of the year when the transition period ends. However, the UK government’s policy paper might delay such a decision in the short term given the latent expansion of investigatory powers that could have the potential of rendering EU citizen’s remedies useless in case of data breaches – in fact, this was a critical factor taken into account by the Court of Justice of the European Union in its recent decision to invalidate the EU-US Privacy Shield altogether.
At the time of writing, the two main obstacles which are likely to impede a positive adequacy decision for the UK are indeed the use of data by the UK intelligence agencies and the prospect of an “onward flow of data” to countries such as the US.
Please contact Jose Saras or Xavier Prida if you have any questions relating to the GDPR rules regulating transfers of personal data outside the European Economic Area.
The material contained in this article is only a general review of the topics covered and does not constitute any legal advice. No legal or business decision should be based on its content.