Sun Apr 22, 2018 4:24 pm
#1606382
Cheers @rikur_ I wasn't so much replying to your point as adding general info re GDPR for others.
I agree with your points and would add that there's a lot of uncertainty at the moment as to what is going to happen. The UK has a very successful data processing industry, with significant numbers of high-value jobs around the country, and has benefitted from being able to say that data located in the UK is also in the EU.
HMG, AIUI, have put continued free movement of data in its negotiating position wish list, but that position has to be accepted by the EU, there needs to then be a deal and we need to pass the adequacy test - as you say. Passing the adequacy test, if we don't have it automatically as part of continued EU membership or an exit deal, would need to become a goal of future UK governments.
It's not just the question of how the Henry VIII powers will be implemented, but also the cost to UK businesses of setting up data protection contacts in the EU if we are outside (there's already a startup industry in the EU for organisations worldwide who need to meet their obligations).
If the Facebook news has woken politicians up to anything it should be that commerce these days is not just about physical widgets, but about services and information - especially information as that is involved in every service and widget transaction.
I'm an optimist and believe that this will all be sorted out in the final bill that is presented to the UK and EU parliaments. The Irish border question can't be solved unless we stay in a (the) customs union, membership of a customs union requires acceptance of a court to settle disputes, which then opens the way for us to remain within the EU territorial scope of GDPR, accepting the role of the EU data protection board and, ultimately, the ECJ.
If we end up without a deal then the location and movement of data will be just one of the many problems that we will face (although probably one of the biggest). Just can't see it coming to that unless there is another change of PM.
Suspect that the final deal will have us being treated as part of the EEA (along with Norway etc.), which would allow for movement of data. The data protection bill that is going through Parliament will implement GDPR in advance of Brexit, the final deal bill will adopt all the wider rules into UK law and make provision for defining geography.