Baker McKenzie IT/Commercial partner, Harry Small, comments on the UK government’s Brexit position paper on The exchange and protection of personal data
These proposals are to be welcomed as they demonstrate the British Government’s desire to ensure that personal data can be freely transferred between the UK and the EU after exit. The proposal to do this is enable mutual recognition by the EU and the UK of each other’s data protection laws. The EU’s new General Data Protection Regulation, which revises and harmonises EU law on data protection, comes into force throughout the EU (at that time including the UK) in May 2018. EU law will continue in force after exit, under the authority of the so-called Great Repeal Bill. So when the UK leaves the EU in March 2019, UK data protection law will be the same as EU law. The Government’s proposal that each side recognises each other’s laws as adequate for the purpose of protecting personal data is therefore rational. Negotiations, however, are not always rational. Some EU member states have a much tougher approach to the protection of personal data – and the balance between the demands of business and the individual rights of data subjects – than the UK: such countries may lobby against a mutual recognition agreement (the process of recognition often takes a long time). We await the EU’s response to the proposals.