Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

The UK’s National Data Strategy – Too Much Love?

Economy Recovery 2 - Global Banking | Finance

By Julian Hayes, Partner at BCL Solicitors LLP

“We want the UK….to be the best place in the world to start and grow a digital business”. With this ambitious aim, the Government has laid out its National Data Strategy, focusing on unlocking the value of data, establishing a pro-growth data protection regime, and championing international data flows to promote economic development. Already a feted success, the UK’s digital sector now stands behind only the US and China in global venture capital funding and directly employs more than 1.5 million people in London and other major UK cities. Despite its laudable aspiration, however, the Data Strategy signals post-Brexit regulatory intentions which risk inhibiting and choking off the future growth of this successful UK industrial sector.

Bonfire of data obligations?

Though it emphasises the importance of public support and maintaining trust in how personal data is used, the Data Strategy highlights business’ lack of clarity about current data protection rules, takes implicit aim at the burden of the current data regime on innovators and entrepreneurs, and laments costly over-compliance and consequent risk aversion. In response, the Data Strategy foreshadows alleviating data compliance obligations, particularly for SMEs, once the Brexit transition period ends on 31 December 2020. Although the Data Strategy carefully avoids specifics, the complexity of the GDPR’s principles-based system and one-size fits all approach have long been a bugbear for micro-enterprises. Indeed, acknowledging concern in its recent two-year review of the GDPR, the European Commission (EC) itself urged national data regulators to lend SMEs a helping hand by offering ready-made templates, training and consultancy helplines. Nevertheless, the EC rejected calls to exempt smaller businesses from GDPR obligations, arguing that data risks were not dependent on an operator’s size.

Cross-border transfer dilemmas

Equally contentious is the Data Strategy’s approach to cross-border data transfers, cited as being of fundamental importance for economic development. The Data Strategy complains that such transfers of personal data are currently being inappropriately constrained and celebrates that the UK will be able to make its own ‘data adequacy’ decisions to allow for extra-territorial personal data transfers in a post-Brexit world. Unlike EC adequacy decisions which involve consultation between the Commission, the European Data Protection Board (EDPB) collectively representing EU data regulators, and member state representatives, UK adequacy decisions will be in the gift of the Secretary of State, subject only to Parliament’s rarely used negative resolution procedure. The Data Strategy effectively suggests UK adequacy decisions will be ‘up for grabs’ in future bilateral trade negotiations.

The transfer of personal data from the EU to ‘third countries’ has been a running sore in relations with the US which has not been granted an EC adequacy decision. The European Court of Justice (CJEU) has twice torpedoed hard-negotiated EU-US personal data transfer mechanisms, first ‘Safe Harbour’ and most recently the ‘Privacy Shield’ on which an estimated $7.1 trillion of annual transatlantic digital trade relied. US-UK trade documents leaked to the media in late 2019 suggested the US was seeking to weaken European data protection in its ongoing free trade negotiations with the UK.

These revelations merely added to pre-existing concern in Brussels, based on the UK’s Investigatory Powers Act (IPA), that Britain’s legal regime already falls short of offering an “essentially equivalent” level of personal data protection to that enjoyed in the EU. Aspects of the IPA have been repeatedly criticised by the European Courts, most recently in Privacy International’s challenge to the UK’s bulk retention powers. UK data sharing with third countries for law enforcement purposes has also raised concern in Brussels, with reservations at the UK’s participation with non-EU allies in the ‘Five Eyes’ agreement and expressions of disquiet by the EDPB and Members of the European Parliament at the implications for personal data protection of the UK-US bilateral data sharing agreement signed in October 2019.

Data adequacy – wait and see

Against this unpropitious backdrop, the prospects of Britain being granted an EC adequacy decision by the end of the Brexit transition period – something which the UK is pursuing – appear somewhat forlorn. From the Commission’s perspective, in the face of concerns over US authorities’ access to personal data, how could it grant an EC adequacy decision to the UK, allowing the free flow of EU personal data to Britain when the UK could, in turn, grant its own adequacy decision to the US, theoretically facilitating EU personal data to flow westwards to the US without what the EC regards as adequate protection? Even were the Commission to grant an EC adequacy decision to the UK, it is likely the decision would quickly face challenge in the CJEU from privacy campaigners. In any event, with the Data Strategy foreshadowing imminent changes to UK legislation, how could the Commission practically compare its own data protection regime with one which is morphing into something as yet undefined? Logic surely dictates it would delay making an EC adequacy decision until the future outline of the UK’s data protection regime becomes apparent.

Add to this uncertain picture energised lobbying by European interest groups who, even as the Commission assesses the UK’s data protection regime, have opened a new front in the “battle for adequacy”. The Irish Council for Civil Liberties has recently written to the Commission castigating the UK’s data watchdog, the Information Commissioner for being fundamentally supine, unwilling and unable to take on the “hard cases” when enforcing national data laws, even if those laws were deemed on a par with those of the EU.

All things considered, the chances of a smooth segue into the new era of EU–UK data flows at the end of the Brexit transition period seem bleak, and though undesirable, a wait and see outcome for an adequacy agreement must now be the most likely outcome.

Tech unicorns tethered

Avowedly aiming to drive UK economic growth by alleviating the deadweight of data protection obligations, the Data Strategy envisages digital entrepreneurs and innovators of the UK’s digital economy powering the country to success after the COVID-led downturn. But with the status quo of the transition period drawing to a close and an EC data adequacy decision potentially on-hold until the UK’s data protection regime becomes settled, the UK’s tech start-ups may in fact find themselves hamstrung by having to satisfy the EC’s data protection requirements in other ways, including the use of Standard Contractual Clauses and Binding Corporate Rules, if they wish to do business in Europe, adding an unwelcome layer of bureaucracy and expense to their overheads. Looking across the Atlantic, even if a US free trade deal is agreed, those same UK unicorns which the Government wishes to foster would confront the formidable stranglehold of the US tech giants when seeking to break into the North America market. That would leave them reliant on the altogether smaller domestic market which would likely inhibit their growth. Despite the Data Strategy’s good intentions, its inadvertent consequence may in fact be the stifling of the very sector it was designed to assist.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post