1.Data has been described as the new oil. Data is a fundamental part of modern life. Businesses hold data on their customers and employees, and transfer individuals’ personal and sensitive data from one point to another, often via the internet, as a matter of routine. Data is used by business to “manage operations, customise and market services, fulfil orders and communicate in a wide range of ways”. As the movement of personal data has become more commonplace, so public concern about what their data is used for has become more prominent. This was summed up by the Information Commissioner, Elizabeth Denham, who told us:
The point is that, bottom line, UK citizens and UK residents expect the highest level of data protection. Certainly, when we are leaving the European Union, citizens and consumers expect that Parliament is going to retain those values and those high standards in law, so that we can continue to protect our citizens. I certainly hear that every day in my office. I know the deep concerns that UK citizens have had about Cambridge Analytica and Facebook, and they expect that we as the UK regulator take strong action.
2.As the UK is a Member State, the processing of personal data in the UK is governed by the EU data protection regime, which protects individuals’ privacy and other information rights. This regime permits the transfer of personal data within the European Economic Area (EEA)—28 EU Member States plus Norway, Iceland and Liechtenstein. The Data Protection Act 2018 is the current legal basis for data protection in the UK. The legislation ensures compliance with the General Data Protection Regulation (GDPR) and transposed the Law Enforcement Directive. The GDPR introduced:
3.The ability to move data, while at the same time providing reassurance to the public that their personal data is safe, is increasingly important to business. In its recent document on data protection, the UK Government said that “All trade is increasingly reliant on data flows”. The flow of personal data between the EEA and the UK is “fundamental to the EEA’s and UK’s increasingly digitised, information-driven, economy and society”. Cross-border data flows in and out of the UK increased 28-fold between 2005 and 2015 and are expected to grow another five times by 2021. Three-quarters of the UK’s cross-border data flows are with EU countries.
4.A joint report from techUK and UK Finance described being able to move personal data as “an integral part of trade and business” and explained that businesses hold and use the personal data of their customers and employees in a range of ways, for internal operations, to market services, to fulfil orders and to communicate. The report pointed out that many such activities involve the transfer of personal data, commonly via the internet, and “such transfers are routine and ubiquitous across the EEA.” These data transfers are part of a company’s business model and are reflected in the physical infrastructure of the business, such as the location of data centres. These are arrangements that are rarely simple or cost-free to adapt or restructure.
5.The importance of data to business in a modern economy is pronounced in an economy with a reliance on services, such as the UK. A Frontier Economics report on the digital economy said that:
service industries account for 79 per cent of output and 43 per cent of trade exports across the country. For the digital sectors, those same figures are 96 per cent and 81 per cent. Economists estimate that about half of all trade in services is “digitally enabled”—they have the potential to be delivered remotely via information and communication links.
6.These general themes were reinforced in our evidence sessions with businesses, and not just those operating in the digital economy. Stephen Hurley, Head of Brexit Planning and Policy, BT, said that the impact of Brexit on data flows was “one of our top two or three concerns”, affecting both how BT related to its customers, and also its internal human resources and billing systems. Giles Derrington, Head of Policy: Brexit, International and Economics, at techUK, said enabling cross border data flows was seen as “mission critical” for the tech sector, and “absolutely vital” for other sectors. We heard the same messages from a variety of witnesses, such as Glynn Robinson, Managing Director of the IT consultancy firm BJSS, who said “I do not think you can overstate the importance of the data” and that it was important for “pretty much all organisations who are doing a form of commerce at any level. Professor Hannon, Director of Cancer Research in Cambridge, told us about the importance of data for clinical trials, as did Dr Beth Thompson, from the Wellcome Trust. Chris Cummings, from the Asset Management Association, told us that
We manage some £1.7 trillion-worth of European assets here in the UK; £1.7 trillion, with European clients coming from the EU-27, normally with the legal vehicle, the fund domicile being in Luxembourg or Dublin but the fund management expertise being here in the UK. Therefore, you can see that a three-way relationship means how absolutely essential it is that getting the data adequacy statement sorted out very quickly becomes hugely important for the industry.
7.Data flows and data protection are fundamental to the modern way of life and, increasingly, to the functioning of the economy, particularly in areas of UK comparative advantage such as services. The objective in the negotiations for the UK Government must be to maintain high standards of data protection and ensure that data can continue to be transferred across borders as it is now.
1 Attributed to Clive Humby, a mathematician, in 2006, see ; ;
8 . See also the
14 Q681, Q1713, Q1745.
Published: 3 July 2018