The Government must fight to keep the Information Commissioner’s Office at the top table of European data protection regulation or risk losing its influence and the prospect of the UK lagging behind other countries following Brexit.
That is just one of a number of recommendations from the House of Lords EU Home Affairs sub-committee inquiry into the implications of Brexit on the UK’s data protection laws.
After gathering evidence from a raft of data protection experts, the committee says it is concerned that EU and UK data protection rules could diverge over time when the UK has left the EU.
In evidence to the committee, Information Commissioner Elizabeth Denham said there was a risk that the UK could find itself “outside, pressing our faces on the glass…without influence”.
She urged the Government to “do anything they can” to ensure that the ICO had “some status, be it observer status” or something similar. “Failure to achieve this would be frustrating for citizens and for Government,” she said.
The ICO has been an influential member of the so-called Article 29 Working Party – made up of individual EU data regulators, the European Data Protection Supervisor and the European Commission – since its launch in 1996.
However, A29WP is being replaced by the European Data Protection Board (EDPB), which will have a similar membership but with an independent secretariat. It will have powers to determine disputes between national supervisory authorities, to give advice and guidance and to approve EU-wide codes and certification.
But once the UK leaves the EU the ICO will have to step down.
The reports states: “The UK has a track record of influencing EU rules on data protection and retention. Brexit means that it will lose the institutional platform from which it has been able to exert that influence. It is imperative that the Government considers how best to replace those structures and platforms in order to retain UK influence as far as possible. It should start by seeking to secure a continuing role for the Information Commissioner’s Office on the European Data Protection Board.”
When it comes to data transfers between the UK and the EU, the report calls for more detail: “The Government must not only signal its commitment to unhindered and uninterrupted flows of data, but set out clearly, and as soon as possible, how it plans to deliver that outcome.”
For its part the committee said it would be difficult for the country to achieve this without an adequacy arrangement.
Chair Lord Jay said: “The volume of data stored electronically and moving across borders has grown hugely over the last 20 years. Between 2005 and 2012 alone, internet traffic across borders increased 18-fold. The maintenance of unhindered data flows is therefore crucial, both for business and for effective police cooperation.
“The committee was concerned by the lack of detail on how the Government plans to maintain unhindered data flows post-Brexit.”
Fedma outlines EU battle plan as Combemale steps up
Brexit trigger sees UK firms abandon GDPR preparations
Brexit deal may scupper VAT exemptions, charities told
DMA backs campaign to big up industry post Brexit
Industry comes out fighting to counter Brexit fears
Industry urged to shout about the benefits of DM