The EU’s chief Brexit negotiator, Michel Barnier, has said that the UK ICO cannot remain in the European Data Protection Board, EDPB, after Brexit. Barnier also said that the UK would not be able to participate in the One Stop Shop.
He said: “Brexit is not, and never will be, in the interest of EU businesses. And it will especially run counter to the interests of our businesses if we abandon our decision-making autonomy. This autonomy allows us to set standards for the whole of the EU, but also to see these standards being replicated around the world.”
Making his case, Barnier posed several questions to his audience at the 28th Congress of the International Federation for European Law. Who would launch an infringement against the United Kingdom in the case of misapplication of the GDPR? Who would ensure that the UK would update its data legislation every time the EU updates the GDPR? How can we ensure the uniform interpretation of the rules on data protection on both sides of the Channel?
“The United Kingdom needs to face up to the reality of the European Union. It also needs to face up to the reality of Brexit,” he said.
“The UK must understand that the only possibility for the EU to protect personal data is through an adequacy decision.”
Earlier this month, Information Commissioner, Elizabeth Denham, gave evidence to Parliament’s Exiting the EU Committee. She said she would also favour a treaty or an agreement as opposed to an adequacy decision by the European Commission.
A treaty which is negotiated would be a better option for the UK than an adequacy decision, which is a one-sided review of the UK’s data privacy framework. A bespoke agreement or treaty is preferable, as that would provide mutual acknowledgement of data protection systems on both sides, she said.
In the new UK Data Protection Act 2018, exemptions for immigration data is a new element that is not included in the 1998 Act or the GDPR. This is an aspect that might raise questions should the UK apply for an adequacy decision for international data transfers.
Michel Barnier’s speech of 26 May.
Read more about these developments in PL&B UK Report.
The Privacy Laws & Business 31st Annual International Conference focuses on GDPR compliance.
Willem Debeuckelaere, Chair of Belgium’s Data Protection Commission, will speak as Vice-Chair, representing the European Data Protection Board, on its transition from the Art. 29 Data Protection Working Party.
Bruno Gencarelli, Head of International Data Transfer and protection Unit, European Commission, John Bowman, Senior Policy Manager, Promontory, Jade Nester, Senior Policy Manager at GSMA, Elisabeth Stafford, Head of EU Data Flows, EU and International Data Protection, DCMS, and David Smith, Special Advisor, Allen and Overy will speak in the EU adequacy session.