The Government has said it is in the interests of both the UK and the EU to agree early in the Brexit negotiation process a way to mutually recognise each other's data protection frameworks as a basis for continued free flows of data between people in the EU and the UK from the point of the UK's exit from the EU.
The potential issue for business is that the EU places strict rules on how personal data can be shared and exchanged with people from outside the European Economic Area. One way is if the country concerned is deemed to have 'adequate' data protection laws. To date, very few countries have been deemed to be adequate - examples are Argentina, Israel, New Zealand and Switzerland. Canada and the US have conditional adequacy decisions, depending on whether the organisation is bound by the rules that are adequate. There are other ways of enabling data to be transferred, such as model data protection clauses or binding corporate rules, or seeking the data subjects' consents.
The simplest means for enabling international data transfer and free flow of information is through a European Commission finding of adequacy for a country's data protection laws.
The UK Government's position is that, since the UK is already working to EU data protection standards and is implementing and recognising the General Data Protection Regulation and Data Protection Directive, both of which come into force in the UK in May 2018, there should not be any difficulties in the EU reaching a finding of adequacy in respect of the UK. That would certainly enable people on both sides on the ground to continue proceeding with certainty - particularly businesses, which are facing enough uncertainty around the Brexit process. That is why the UK Government is calling for an early finding of adequacy in respect of the UK, so as to remove at least one layer of uncertainty over what happens after Brexit and to create stability.
The UK Government is also calling for regulatory co-operation, since the UK's regulator - the Information Commissioner's Office - already works very well and has a lot of influence with the other data protection regulators around the EU.
It therefore wants to see a unique close co-operation post-Brexit deal as part of a new, deep and special partnership between the UK and the EU.
The key features of the proposed new data protection co-operation model are:
This is a very welcome step and an early agreement to build on and continue the current free flows of data can certainly be good for both sides. The question is whether the negotiation tactics will get in the way of what should be a common sense position that helps people on the ground such as businesses in the UK or EU.