Risk to business data flows as Brexit nears, reports UK government Brexit committee
Written by Alex Baker on 15 August 2018« Return to Reading Room
Negotiations to determine exactly what will happen post-Brexit with regards to the flows of business data are yet to get underway but should be of serious concern for the government, a recent report from the House of Commons’ Exiting the European Union Committee warns.
The report highlights the importance of digital data flows in 21st century business, in addition to the importance of privacy with regards such data, and asks what contingencies are going to be established by the government in order to cope with the political disruption of Brexit.
Digital data flows represent the lifeblood of the digital economy in the 21st century. Such data that businesses hold include information on their customers and employees – everything from people’s search queries to company payroll details – and sharing such data is absolutely essential for the accomplishment of business, in matters such as fulfilling orders, managing operations, and communicating services etc.
Exiting the EU places UK businesses at risk of being unable to efficiently share data within EU countries, and thus access any EU data, due to restrictive EU data protection laws.
Fortunately, the EU has existing arrangements for data flows with third countries (countries outside of the EU), and this involves what is known as a ‘decision of adequacy’ made by the European Commission concerning the status of the data regime of a third country. It essentially involves a third country ensuring they provide protection of fundamental rights concerning individuals' and commercial data equivalent to that protection provided within the EU, and subsequently being permitted to engage in data sharing with EU countries as a result. Third countries such as Switzerland and New Zealand have previously agreed such terms.
Such a decision of adequacy is not immediately guaranteed, however, particularly with a ‘no-deal’ Brexit being a distinct possibility. Without such a decision, British-based companies would not have automatic rights to data held within the EU (and vice versa) due to the data protection laws, and this would certainly pose a cumbersome problem given around 75% of the UK’s cross-border data flows are with EU countries.
However, at the same time, the government had previously indicated its desire to form a two-way international treaty for an adequacy decision, as opposed to the usual one-way decision from the European Commission. It is evident that the government wants a deeper, and more even set of negotiations and eventual outcomes regarding this issue, but the EU has nonetheless stated that it will not share regulatory autonomy with a third country: the CJEU would continue to have jurisdiction over aspects of data protection law in the UK after it exits the EU.
It is the uncertainty that poses considerable problems for business’, and indeed some business’ have begun to review their data transfer arrangements to account for the risks posed by an uncertain Brexit, imposing their own adequate safeguards.
We await to see what the outcome of any future negotiations will be, and we can only hope for a smooth transition to ensure the world of business and data transfer is not disastrously interrupted.
Want to speak
Complete the form below and we’ll call you back free of charge.