3 minute read
International Context
11. The reforms presented below for consultation deliberately build on the key elements of the current UK General Data Protection Regulation (UK GDPR), such as its data processing principles, its data rights for citizens, and its mechanisms for supervision and enforcement. These key elements remain sound and they will continue to underpin a high level of protection for people's personal data and control for individuals over how their data is used. Organisations have invested in understanding, complying with and implementing this regime, and the ICO's toolkit for supervision is fundamentally fit for purpose. The reform proposals offer improvements within the current framework, while maintaining the UK's worldwide reputation for high data protection standards and securing public trust.
International Context
Advertisement
12. Our hyper-connected world is increasingly reliant on international flows of personal data, which underpin so much of our economic activity, as well as vital scientific research, effective law enforcement cooperation, national security capabilities, and the delivery of public services.
13. An important consideration for international flows of personal data to and from the UK are the rules that facilitate the safe transfer of personal data to the European Union. The UK was a longstanding proponent of high data protection standards while part of the EU, and it will remain so as an independent nation, leading the way in creating the best possible data protection regime that exists globally. Recently, the UK and our European friends and partners agreed that our respective data regimes offer high enough standards of data protection for personal data to flow between our jurisdictions without any additional safeguards - that is, the existing safeguards in our regimes are mutually adequate for the protection of personal data. The UK has also provisionally recognised the regimes of other EEA member states as adequate, pending the full adequacy assessments which will be completed over the coming years.
14. Looking ahead, there are lively debates worldwide about the future of data protection, spurred by the pace of sweeping technological change, especially in data-intensive sectors. These debates are occurring within the EU, after more than three years' experience of implementing the GDPR.1 The GDPR has applied in the UK since 2018, supplemented by the Data Protection Act 2018, and was incorporated into UK law as the UK GDPR at the end of the Brexit transition period.2 The government recognises that different jurisdictions operate different data protection regimes, which reflect the specific values and priorities of their societies. Respect for the existence of multiple different data protection regimes and recognition of the importance of striving towards increased interoperability to support trusted international flows of data are key parts of the UK’s approach.
15. In that spirit, the government believes it is perfectly possible and reasonable to expect the UK to maintain EU adequacy as it begins a dialogue about the future of its data protection regime and moves to implement any reforms in the future. European data adequacy does not mean verbatim equivalence of laws, and a shared commitment to high standards of data protection is more important than a word-for-word replication of EU law. Indeed, other countries, such as Israel, have been granted adequacy decisions by the EU while pursuing independent and varied approaches to data protection, reflecting their unique national circumstances, cultures and heritages.
1 Javier Espinoza, Financial Times, ‘EU must overhaul flagship data protection laws, says a ‘father’ of policy’ 2 COM(2020) 264 final, COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. ‘Data protection as a pillar of citizens’ empowerment and the EU’s approach to the digital transition - two years of application of the General Data Protection Regulation’.
