Risky Business

Ministers claim that the Data Protection Bill, which starts its Lords Committee Stage today, will make our data protection laws “fit for the digital age”. But how can we believe that, when the reality is that the Bill proposes to remove a legal guarantee that we currently enjoy, ensuring a right to privacy and the proper protection of our personal data?

As a result, the government are threatening our chances of establishing the legal framework needed after Brexit, to permit the free flow of data across European borders. If we are unable to reach such an agreement with the EU, there will be no legal basis for the lawful operation of countless British businesses.

The government seems to have forgotten that the frictionless transfer of data is critical for the functioning of our economy. Roughly 70% of the UK’s trade in services is reliant on the free flow of personal data. The EU’s data economy is expected to be worth £643billion by 2020 and millions of UK citizens share their lives online. To be able to operate, our businesses require clarity on the legal basis for data transfer post-Brexit.

Why are Ministers behaving in this way? Because they are trying to satisfy the many Brexiteers among the ranks of their fellow Conservative parliamentarians. The EU Withdrawal Bill, currently going through the Commons, contains thousands of provisions that will be converted into our law. Only one of these however, has been singled out for extinction – the EU Charter of Fundamental Rights. A Charter based on principles that ex-Tory minister Dominic Grieve MP recently said provides: “essential safeguards for individuals and businesses”

In 2009, the Charter became legally binding. Having codified existing EU rights and principles, it is now the source document for EU fundamental rights. Article 8 of the Charter covers the protections of personal data – the right to privacy and the right to data protection – that serve as the foundation for the EU’s data protection law. And also underpins the legal frameworks permitting the free flow of data across European borders.

It is common ground amongst all parties that it is absolutely essential that the government secure an adequacy agreement from the Commission, confirming that data protection in the UK is adequate from a European standpoint. This will ensure UK businesses can continue to exchange personal data with EU countries. But Ministers will not get an adequacy agreement if this commitment is not contained in UK law. We need article 8, or an equivalent affirmation of the same principles.

The House of Lords rarely votes on amendments to government Bills at Committee stage – just nine times in the past five years. But we prepare the ground to do so when a strong feeling arises that either a significant constitutional issue is at stake or a major injustice is being perpetrated.

Despite the government’s somewhat panicked response this weekend, we will continue to press our case in the Lords for an amendment that will both retain the guarantee that our citizens currently have and enshrine their rights to privacy and protection of personal data in UK law. Ministers should think again.