UK needs to adhere to GDPR after Brexit, says techUK chief
Computer keyboard with a European flag button - Image credit: pe3check
The UK must adhere to EU data protection rules to remain a leader in the tech industry, according to the chief of a technology trade body.
The chief executive of industry association techUK, Julian David, has written to international trade secretary Liam Fox to “caution against the misunderstanding that adherence to the EU data protection regime is incompatible with securing high-quality trade agreements”.
After the country exits the European Union, to maintain its position as a singularly attractive location for investment by technology firms, the UK must ensure it implements the measures laid out in GDPR, the letter says.
Such a relationship need not come at the expense of trade deals that are beneficial for the UK, the letter says, pointing to the example of the EU-US Privacy Shield agreement.
This arrangement has not prevented the US from “negotiating high-standard trade agreements that provide strong privacy protections”, it says.
The letter is co-signed by David and Dean Garfield, CEO of the Information Technology Industry Council (ITI), a global body headquartered in the US.
David and Garfield believe that “post-Brexit, the UK has the potential to continue to hold [its] coveted position” as a key location for international technology firms.
But, “to do business internationally, companies depend upon legal certainty, clarity, and consistency”, the letter says.
“The digital world is continually evolving and countries, including the UK and EU, will have to ensure they strike the right balance in protecting their citizens’ data and positioning themselves to benefit from and lead in the development of emerging technologies,” David and Garfield say.
They add: “Given the importance of this issue to all our members, we would be keen to work with you to ensure that the UK’s strong data protection framework can be an enabler for 21st century digital trade agreements.”
The letter also includes a copy of the ‘No interruptions’ report from techUK and finance industry body UK Finance.
The report examines the options for data-sharing between the UK and the EU in a post-Brexit world.
The EU General Data Protection Regulation or GDPR comes into force on 25 May this year.
It will unite all 28 member states under a single piece of data protection legislation, making it easier to share information between entities in two nations.
But, once the UK departs the European Union, UK firms processing EU data will need alternative arrangements to ensure the security and legality of their actions – perhaps an agreement in the vein of the Privacy Shield.
“Unless agreed otherwise by the EU and the UK, at the end of March 2019, the UK will become a ‘third country’ for data protection purposes,” the report says.
“This means that, from that date, the UK will be a location which is not deemed by the EU to automatically offer sufficient safeguards and protections for EEA personal data, and further steps will need to be taken by EEA exporters of personal data to ensure such data flows may continue on a lawful basis.”
Holyrood Newsletters
Holyrood provides comprehensive coverage of Scottish politics, offering award-winning reporting and analysis: Subscribe