Privacy & Information Security Law Blog

On July 12, 2018, British Prime Minister Theresa May presented her Brexit White Paper, “The Future Relationship Between the United Kingdom and the European Union,” (the "White Paper”) to Parliament. The White Paper outlines the UK’s desired future relationship with the EU post-Brexit, and includes within its scope important data protection-related issues, including digital trade, data flows, cooperation for the development of Artificial Intelligence (“AI”), and the role of the Information Commissioner’s Office (“ICO”), as further discussed below:

• Section 1.5 (Digital) recognizes the importance of the digital services trade between the UK and EU, while confirming that the UK will no longer be a part of the EU Digital Single Market. Consequently, the UK proposes a digital relationship that will allow both the UK and EU to capitalize on the growth of digital technologies globally. The proposed relationship covers:
  • Digital trade and eCommerce – On the basis that the digital economy relies on the free flow of data and the disruption of data flows would be economically costly, the UK’s proposal argues for: (1) the removal of barriers to allow cross-border data flows; (2) a free, open and secure internet; and (3) recognizing equivalent forms of electronic ID and authentication.
  • Telecommunications and digital infrastructure – The UK and the EU have a history of regulatory innovation in telecommunications; as such, the UK proposes to continue these joint commitments and the sharing of cyber threat information.
  • Digital technology – Trade should promote the development of new technologies, such as AI. At the same time, however, new technologies create shared challenges that require regulatory cooperation. The European Commission recently committed to establish a European AI Alliance to develop ethics guidelines for AI. After the UK leaves the EU, the UK’s Centre for Data Ethics and Innovation intends to participate in the European AI Alliance.
• Chapter 2 (Security Partnership) explores the relationship relating to security which will differ once the UK exits the EU. The UK is seeking an ambitious partnership covering a wide range of security interests including foreign policy, defense, development, law enforcement and criminal justice cooperation. The UK proposes that this partnership would include the swift, effective and efficient exchange of data to combat crime, including cyber threats. The UK acknowledges that there is no precedent for a non-EU country having access to EU data exchange tools. Despite this, the UK is proposing an agreement to combat crime through the exchange of sensitive information and data, including: (1) information about airline passengers; (2) alerts to police and border forces (with access to systems that allow for efficient responses); (3) exchanges of criminal record information; and (4) DNA, fingerprint and vehicle registration.
• Section 3.2 (Data Protection) argues for the continued exchange of personal data between the UK and EU with strong privacy protections for citizens, and ongoing cooperation between the ICO and EU Data Protection Authorities.
  • The continued exchange and protection of personal data – Given the importance of data flows for economic growth and security, the UK and the EU must maintain the ability to exchange data securely. This includes enabling consumers to purchase goods from the UK over the internet, and supporting the exchange of data between law enforcement agencies. The UK sees the EU’s adequacy framework as the right starting point for the continued free flow of data, but wants to go beyond the framework with a focus on stability and transparency, and regulatory cooperation.
  • Ongoing cooperation between data protection authorities – The ICO has played a significant part in the development of EU data protection laws and there should be ongoing cooperation between the ICO and EU Data Protection Authorities. This would help avoid unnecessary complexity, make it easier for EU citizens and UK nationals to enforce their rights across borders, and reduce administrative burdens for businesses.