BEERG Newsletter - EU/UK Data Flows: UK government set to put data flows at risk?

Derek Mooney writes: On Tuesday the British government confirmed that it will shortly publish a Data Reform Bill which will replace EU rules on data protection. It was one of a number of items listed in the “Queens Speech” the centuries old ceremony where the monarch formally addresses parliament to set out the government of the day’s legislative programme for the next few years. 

The Data Reform Bill’s contents were recently flagged by the Brexit Opportunities Minister, Mr Jacob Rees-Mogg who said the new law will be “superseding and repealing things that have been done under the EU”. He added that the British Government wants to reshape its approach to data regulation to “secure an even better data protection regime that will help to drive growth, innovation and competition across the UK”. 

Others have been less obtuse, saying that the most likely effect of the new law will be to put UK/EU data flows at risk. The rhetoric coming from Rees-Mogg and others in government is adding to the growing concern amongst data privacy experts that the UK is considering a large-scale unilateral departure from EU law, most particularly the GDPR, and are putting the UK’s data adequacy ruling from the EU at risk. 

Rafi Azim-Khan, head of data privacy at Pillsbury law firm told the Press Association  “I think there will still be quite a bit of nervousness from businesses in the weeks ahead though… Any significant departure from the GDPR would not only mean renewed compliance efforts, but also potentially risk the UK’s EU data adequacy ruling… I’d imagine we’d see more of a pruning than root and branch reform, but hopefully we’re not left waiting too long to find out.”

His concerns as to the damage that could potentially be inflicted on EU/UK data flows are shared by the UK Labour opposition party, who have questioned whether reforming the UK’s data protection regime could pose risks to the UK’s future data adequacy status with the EU. This critical importance of this adequacy status was flagged in a number of UK parliamentary reports including this March 2021 report from the House of Lord’s European Union Committee.

These moves to reform the UK’s data privacy rules have to be seen in the context of the British government’s latest threat to trigger an escalating trade war with the EU by unilaterally shredding the Northern Ireland Protocol it negotiated and agreed as part of its Brexit deal. 

The German Chancellor, Olaf Scholz, and the Belgian Prime Minister, Alexander De Croo, both warned the UK against breaking the Northern Ireland protocol agreement unilaterally, saying that not abiding by the protocol would create a big problem in the European Union’s internal market. (For more background see this Twitter thread from Irish TV’s European editor Tony Connelly).