The House of Lords Library, which provides research and information services to Members of the House of Lords, has published a briefing on the Data Protection Bill (“Bill”) which sets out an overview of and reactions to the Bill (“Briefing”). The Briefing was prepared in advance of the Bill’s second reading in the House of Lords, which took place 10 October.

Some of the key points to note from the Briefing are as follows:

The Bill in the context of Brexit

The Briefing highlights the recommendations of the House of Lords European Union Committee that the government should:

  • Pursue and maintain regulatory equivalence with the EU for data protection to ensure unhindered data flows between the UK and EU post-Brexit
  • Seek an adequacy decision from the European Commission

The Committee noted that “stakes are high” because any post-Brexit arrangement that results in greater friction around data transfers between the UK and the EU could present a non-tariff trade barrier, putting the UK at a competitive disadvantage. It could also hinder police and security cooperation.

This is particularly relevant considering the estimate cited in the Department for Exiting the European Union’s government position paper that 75 percent of the UK’s cross-border data flows are with EU countries.
Continue Reading House of Lords publishes briefing on Data Protection Bill

The UK Government has published a position paper (“the Paper”), which will form part of a series of papers setting out key issues forming the Government’s vision for their partnership with the EU post-Brexit. The Paper explains how it intends to resolve the much-debated issue of UK-EU data transfers post-Brexit. This issue is a real concern for businesses that currently enjoy the ability to transfer data freely within the EEA, as well as with third countries that are recognised by the European Commission as providing an ‘adequate’ level of protection under EU law.

Some of the key points to note are as follows:

The Government wants to explore a UK-EU model which allows free flows of data to continue after the UK leaves the EU.

It proposes that this could build on the adequacy model that is currently provided under the EU Data Protection Directive (95/46/EC) (“Directive”), and is set out in the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”)). Both the Directive and the GDPR allow the European Commission to formally recognise that a third country – i.e., a country outside the EEA – provides an ‘adequate’ level of data protection under EU law. To date, the Commission has adopted 12 adequacy decisions under the Directive. Two of these decisions are partial: in Canada, the decision applies only to transfers of data to Canadian recipients who are subject to the PIPED Act; and the EU-US Privacy Shield applies only to transfers to those companies in the United States that have self-certified to the standards set out in the Privacy Shield framework.
Continue Reading UK Government publishes its position on UK-EU data transfers post-Brexit