Data needs to continue to flow between the UK and the EU. The EU should limit safeguards to only those needed to protect personal data, writes Andrea Giuricin.
Andrea Giuricin is Transportation Fellow at the Consumer Choice Center
The European Union and the United Kingdom are looking for new ways of collaborating and creating a new relationship following Brexit. Of course, many factors are important to keep a close relationship between both parties. However, this new relationship must include the protection of flows of cross-border data and data privacy.
In 2015, the European Commission adopted the Digital Single Market Strategy. The EU should not be only a single market for physical goods and services, but also for digital. The lack of a unique market was an historical disadvantage of the European Union in the Digital sector, with clear consequences on the efficiency of the players.
If there are no internal borders for physical goods, why should the EU keep obstacles for digital services? The EU states that free flow of non-personal data is a pre-requisite for a competitive data economy within the Digital Single Market. It is important, to fully unleash the data economy benefits, to ensure a free flow of data, allowing companies and public administrations to store and process non-personal data wherever they choose in the EU. The European Regulation, which applies since 28 May 2019, aims at removing obstacles to the free movement of non-personal data across Member States and IT systems in Europe.
The European Commission’s draft legal agreement covering the future EU-UK partnership establishes that both parties are committed to ensuring cross-border data flows to facilitate trade in the digital economy. To that end, cross-border data flows shall not be restricted between the parties by a party.
Economic growth and prosperity are made possible through free trade and less barriers, the growth in international trade and advances in technology. Just need to show that, in 2018, the global trade value of goods exported throughout the world amounted to approximately $19.5 trillion. This figure stood at around $6.45 trillion in 2000.
It is fundamental that both parties recognize the deep commonalities between the data protection and privacy regimes of the UK and the EU and reach a swift decision on adequacy. In order to maintain their shared prosperity, the UK and EU must conclude an agreement that allows data to flow between them. Overly prescriptive or ambiguous requirements may curtail beneficial cross-border exchanges in key economic sectors and are unnecessary to provide consumers with consistent safeguards for their personal data, but they could block the growth of the services and economy in general.
In this context, investments in next-generation technologies must be encouraged to maximize the full potential of the digital economy. In this sense, any EU-UK trade agreement must ensure the free flow of data, goods, and services by promoting innovation and adopting ICT services in critical economic sectors. We are referring to sectors such as healthcare (advancements in mobile networks and emerging tools such as artificial intelligence, wearables, and telehealth solutions), education (mobile and virtual reality applications), manufacturing (technologies such as the Internet of Things, remote sensors, and decision support systems), or financial services (the shift to online and mobile banking, and other digital transaction services).
The text proposed by the EU includes a significant carve-out for protection of personal privacy. It states that “each party may adopt and maintain the safeguards it deems appropriate to ensure the protection of personal data and privacy, including through the adoption and application of rules for the cross-border transfer of personal data. Nothing in this agreement shall affect the protection of personal data and privacy afforded by the parties’ respective safeguards”. This text could affect its goal on free flow of data if it adopts language without clear standards.
In fact, the broad language in the current text could allow for barriers/restrictions that are not necessary to protect data privacy but would impact the free flow of data, such as data centres, or require the use of national gateways.
In order to protect data flows and personal privacy regimes, the EU-UK trade agreement should limit the safeguards to only those “necessary” to protect personal data in order to ensure the free flow of data that drive the Internet and digital economy of today. The ‘necessary test’ is a long standing standard in trade and prevents countries from imposing unreasonable and discriminatory measures
Moreover, both parties should work towards a common goal in finding the UK’s data protection and privacy laws to be adequate and equivalent to those in the European Union. Since the UK’s data privacy laws largely mirror GDPR and EU has already granted “adequacy” to Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay; there is no reason not to do the same with the UK.
It is important because however the EU–UK trade negotiations end up, the EU and UK must recognize each other’s data privacy regimes and ensure that data flows continue to function.
The post Covid-19 era shouldn’t start with new walls that, despite having good intentions to preserve data privacy, could have the unintentional capability to block the recovery of trade and the economy.