Brussels has warned it could stop sharing data on criminals and suspected terrorists with Britain and tear up a Brexit data transfer deal if the UK diverges too far from flagship EU laws.
After the Culture Secretary revealed post-Brexit plans to overhaul “pointless” web cookie requests and red tape imposed on business, the European Commission said it would be monitoring the reforms “very closely” and warned it could cancel a data sharing deal at any time.
An EU official told The Telegraph member states could consider stopping sharing data about criminals or suspected terrorists. This would include anti-terror measures, such as sharing data such as passenger name records.
It came after Oliver Dowden confirmed in an interview with The Telegraph that the Government is looking to diverge from key parts of the General Data Protection Regulation (GDPR), which came into force in 2018.
The announcement was praised by a number of Tory MPs, who have long argued that GDPR, which governs how data and people’s personal information is collected and used, is overly prescriptive and bureaucratic.
Describing the proposals as the “data dividend” of Brexit, Mr Dowden said new British data privacy laws would be “more proportionate”, help cut costs for businesses, and enable “greater innovation, which will drive growth and opportunities and jobs”.
However, legal experts said the move risked putting the UK on a “collision course” with Brussels, which believes GDPR has been highly influential in driving up data privacy standards across the world.
Asked about the proposals, a Commission spokesman suggested it could suspend, terminate or amend its UK data adequacy agreements, covering the lucrative commercial transfers of data and law enforcement cooperation after Brexit.
“When adopting the adequacy decisions, the Commission was fully aware of the risk of divergence of the UK system from the EU system,” he said.
“This is why, in the case of events that negatively affect the level of protection…the adequacy decision can be suspended or terminated or amended at any time.”
Cake and eating it
Influential Dutch liberal MEP and data privacy campaigner Sophie in ‘t Veld told The Telegraph “it is obvious that the adequacy decision will fall” if the UK chose to deviate from standards it agreed to “only just a few months ago”.
She described the move to change the law as “the umpteenth example of the having-your-cake-and-eating-it attitude of the UK Government.”
Birgit Sippel, a German MEP, added: “If these general principles were not respected, the EU Commission would be obliged to revoke the adequacy decisions, which could have serious implications for the UK economy.”
Their comments suggest the European Parliament, which has often taken a stronger position on data privacy than the Commission, may push for the data deals to be suspended.
However, Axel Voss, a German MEP with the centre-Right European People’s Party, said he had sympathy with the UK proposals but cautioned it should not jeopardise EU-UK data transfers.
“You do not have to have 100 per cent identical GDPR,” he told The Telegraph. “I have sympathy with the idea of reducing the burden of businesses in the GDPR.”
“You can balance things better than we do in the GDPR but you have to be careful if there is to be an exchange of data between the UK and the EU, you must have the adequacy of the systems in mind.”
While Mr Dowden has insisted there is “absolutely no reason” why the changes should change the EU’s “determination”, the British Chambers of Commerce also said British firms needed “concrete assurances” that the reforms would “not put our adequacy relationship with the EU at risk, either directly or through legal challenges.”
The Confederation of British Industry said “alignment with GDPR will help to safeguard the UK’s digital economy” but suggested it could support divergence that helped to reduce the “high administrative burden” placed on businesses.
Separately, David Davis, the former Brexit Secretary, who has campaigned on data privacy, also urged the Government to “tread carefully”, adding: “Our privacy must be safeguarded and should not be thrown away in a frantic red tape cutting exercise.”