Dominic Cummings’ data protection shake-up threatens billions in EU trade, Brussels warns

The government released its new data strategy report which promises a “transformation” of the UK’s data protection laws. It comes at a sensitive time between Britain and the EU, which are trying to negotiate a post-Brexit trade deal.

The European Commission is currently examining whether the UK’s laws match its own, allowing the movement of information between companies and government authorities.

Downing Street hopes that positive “adequacy” decisions can be made by Brussels before the end of the year.

The government estimates that EU exports to the UK of data-enabled services were worth approximately £31 billion in 2017 while UK exports of data-enabled services to the EU were worth around £80 billion in 2017.

British officials were called on Friday to explain its stated intentions to remove “legal barriers (real and perceived)” to data use and what the “radical transformation” of the way government data is accessed would look like.

EU officials said the two key issues standing in the way of a positive decision were the use of data by the UK intelligence services and the potential “onward flow” to countries such as the US.

“While the UK applies EU data protection rules during the transition period, certain aspects of its system may change in the future or be implemented in a manner that differs from the approach of the EU such as rules on international transfers,” an EU official said. “These aspects therefore raise questions that need to be addressed.”

They added officials were concerned data would land into the hands of US intelligence services which have been known to undertake intrusive surveillance programmes.

In July, the European Court of Justice ruled that the transfer of personal data to the US from the EU would be almost legally impossible because of the intrusive nature of US intelligence activities. 

Legal challenges to an adequacy decision would be expected in Brussels should the British government fail to offer failsafe safeguards, EU sources said.

Ross McKenzie, a partner at the Addleshaw Goddard law firm, said the government was “walking a tightrope” by trying to move away from the EU’s “gold standard” GDPR while also seeking to illustrate that it was in line with its regulatory intentions.

He said: “It is a surprise to me that the government has been so bold in the strategy paper. The European Commission will be thinking: ‘What on earth do you want to change?’ But the UK cannot be a world-beating data economy unless we have ‘adequacy’.”

Two years ago, Cummings promised to change the UK’s laws after Brexit. 

“One of the many advantages of Brexit is we will soon be able to bin such idiotic laws,” Cummings wrote. “We will be able to navigate between America’s poor protection of privacy and the EU’s hostility to technology and entrepreneurs.”

“Those comments haven’t gone unnoticed,” a diplomatic source told the paper.

Without a GDPR adequacy decision, businesses will be forced to organise individual agreements which industry insider say will be crippling for many small and medium-sized enterprises.

A government spokesman said: “We are a global leader, committed to high data protection standards. Protecting the privacy of individuals will continue to be a UK priority. The EU’s adequacy assessment ascertains whether UK data protection standards are ‘essentially equivalent’ to the EU’s.”