Britain will mirror the European Union’s data protection rules in British law in full, UK negotiators have said in a bid to convince Brussels to preserve intelligence-sharing and the lucrative free flow of data after Brexit.
Michel Barnier, the EU’s chief Brexit negotiator, has warned that data transfers will be subject to strict rules for selected non-EU countries, such as the Faroe Islands, New Zealand and Israel.
Britain wants to sign a bespoke data protection treaty, which would, to an extent, replicate the pre-Brexit status quo and argues it would be the foundation on which the future UK-EU relationship could be negotiated.
All trade is increasingly reliant on data flows, one of the fastest growing sectors of the economy, according to British presentation slides obtained by The Telegraph.
A bespoke agreement is vital to preserve EU data exports to Britain worth about £32 billion and to underpin intelligence sharing on crime and counter-terrorism after Brexit, the slides said.
British officials told their European counterparts that the government would enshrine the EU’s General Data Protection Regulation (GDPR), which is due to come into force on Friday, and Law Enforcement Directive in full in a 2018 Act.
The GDPR will be the biggest change to data protection laws in 20 years and could mean fines on companies for future breaches of up to £17.5 million or 4 per cent of global turnover, depending on which is higher.
EU countries can choose to only put minimum standards demanded by the GDPR into national law but Britain will adopt the strictest possible interpretation of the bill.
However, Brussels is likely to argue that protection is weakened without EU monitoring and enforcement through institution such as the European Court of Justice.
The UK has asked for the Information Commissioners’ Office (ICO), its respected data protection regulator, to stay on the European Data Protection Board after Brexit where it could feed into EU policymaking.
That is likely to be anathema to the European Commission which has insisted that Britain must lose all representation and decision-making influence in the EU after Brexit.
The ICO hit UK organisations with a record £4.2m in data protection fines last year, up nearly a million pounds from the previous year. That figure is expected to rise as GDPR removes the ICO's £500,000 cap on fines.
As the investigating regulator for the Cambridge Analytica data breach, the ICO is working closely with the European Commission on the Facebook scandal.
British officials have also asked for UK businesses and customers to be represented in the EU’s “One Stop Shop’ for resolving data protection disputes. This would avoid UK and EU businesses enduring costly parallel data protection disputes in Britain and the EU at the same time.
In a March 1 speech, Mr Barnier told European business leaders that UK-EU data flows would only be allowed if Britain provided adequate safeguards on data protection. As an EU member, the UK is considered to have those safeguards but will lose that status after Brexit.
Mr Barnier ruled out the kind of regulatory cooperation Britain has suggested. Whether British data protection standards were good enough would be “an autonomous EU decision”, meaning Brussels' alone, he said.
Data protection is viewed as a “fundamental right” by Brussels, which has used its trade negotiations to export similar standards to countries such as Canada.
Facebook CEO Mark Zuckerberg on Tuesday night escaped largely unscathed after a shambolic grilling by peacocking MEPs in a European Parliament hearing into the data breach at the social media giant.