EU sinks UK hopes for post-Brexit role for UK in developing data protection laws

The UK will be relegated to "third country" status, and lose its seat on the European Data Protection Board

The European Union (EU) has dealt a fatal blow to the UK's hopes of maintaining a post-Brexit role in the body that develops rules on data protection, privacy and AI.

In a speech over the weekend Michel Barnier - the EU's chief negotiator in Brexit talks - ruled out any post-Brexit UK involvement in the European Data Protection Board (EDPB) created under the General Data Protection Regulation (GDPR), which came into force 25 May.

The EDPB, an EU body tasked with applying and regulating GDPR consistently across member states, comprises the head of each nation's regulator and the European Data Protection Supervisor (EDPS) or their representatives.

But the Information Commissioner's Office (ICO), the UK's data regulator, will no longer be offered a seat once the UK leaves the EU on 29 March 2019, with the UK relegated to "third country" status.

"It is the United Kingdom that is leaving the European Union. It cannot, on leaving, ask us to change who we are and how we work," said Barnier, adding: "The United Kingdom wants to leave. That is its decision. Not ours. And that has consequences."

Referencing the UK's position on data protection published this week, Barnier said the UK believes it is in interests of EU business for the ICO to remain on the EDPB. But this was slapped down, as he said Brexit "is not, and never will be, in the interest of EU business".

Speaking to the International Federation for European Law (FIDE) at its 28th Congress in Lisbon this Saturday, Barnier also outlined a few issues this may pose.

These including who would launch an infringement against the UK where GDPR is misapplied, who would ensure the UK would update its own data legislation in conjunction with the EU, and how the EU would ensure the GDPR is uniformly interpreted across both sides of the channel.

"The United Kingdom decided to leave our harmonised system of decision-making and enforcement. It must respect the fact that the European Union will continue to work on the basis of this system, which has allowed us to build a single market, and which allows us to deepen our single market in response to new challenges," said Barnier. 

"And, as indicated in the European Council guidelines, the UK must understand that the only possibility for the EU to protect personal data is through an adequacy decision. It is one thing to be inside the Union, and another to be outside."

Barnier's comments sunk the UK's hopes for maintaining the ICO's role in the EDPB, which the Information Commissioner Elizabeth Denham warned against in oral evidence before the parliamentary committee on exiting the EU in early May.

Asked which aspects of any future data protection relationship would be the most difficult to achieve, Denham replied: "A bespoke agreement or the treaty option, which gives us more than adequacy, including a role for the ICO at the EDPB and participation in the one-stop shop, which would be really advantageous to business, would have to be negotiated.

"An agreement to go forward on data would have to be negotiated, because otherwise we would be looking at what is already in law, which is an adequacy assessment, and that would make us the same as any third country."

The only option for the UK to gain a sense of parity with the EU in the future would be an adequacy decision which, if granted, would allow a third nation's data to flow more freely between itself and member states.

Adequacy, which can be granted by the European Commission following an examination of privacy standards, does not, however, allow for the third country to be involved in contributing to any rules themselves.

Denham continued: "The European Data Protection Board will set the weather when it comes to standards for artificial intelligence, for technologies and for regulating big tech.

"We will be a less influential regulator. We will continue to regulate the law and protect UK citizens as we do now, but we will not be at the leading edge of interpreting the GDPR and we will not be bringing British values to that table if we are not at the table."

A Department for Exiting the European Union (DExEU) spokesperson told IT Pro: "Our Information Commissioner's Office well-respected and it is in the mutual interest of the UK and the EU for the ICO and EU data protection authorities to work together. Negotiations are ongoing in this regard.

"Adequacy does not reflect the full depth and breadth of the UK-EU relationship. It is an effective means of ensuring the free flow of data between the EU and a third country, but it would not allow national data protection authorities to co-operate as effectively as they do now.

"As it currently exists, adequacy alone would lead to more bureaucracy and additional costs for businesses."

Picture: Shutterstock

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
Peloton security bug could expose user data
data protection

Peloton security bug could expose user data

6 May 2021
Tens of thousands of Pennsylvanians health data exposed following data breach
data protection

Tens of thousands of Pennsylvanians health data exposed following data breach

4 May 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

30 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021