British businesses and security forces will both suffer after Brexit if transitional data arrangements with the EU are not made, according to an influential House of Lords committee.
The EU Home Affairs Sub-Committee urged the government to act quickly to avoid greater friction around data transfer in a report published yesterday under the title "Brexit: the EU data protection package".
If the government is to realise its objective of maintaining unhindered and uninterrupted data flow between the UK and EU it will require shared standards of data protection, but the committee was struck by the lack of detail in its plans to achieve this.
If data flows are disrupted, UK businesses could suffer from the competitive disadvantage of a non-tariff trade barrier.
UK law enforcement bodies are also at risk of losing vital security information that is currently accessed through the country’s memberships of Eurojust and Europol.
The committee recommends that the UK seeks an “adequacy decision” from the European Commission to assure businesses that domestic data protection is of the same standard as that offered by the EU
As an adequacy decision could only be taken once the UK leaves the EU, the committee urged the government to make a transitional agreement to avoid what it called a “cliff-edge for data transfers when the UK leaves the EU”.
When the UK leaves the EU it will no longer be bound by its laws, but it will need to adhere to meet its requirements when handling EU data.
"Between 2005 and 2012 alone, internet traffic across borders increased 18-fold," said committee chairman Lord Jay. "The maintenance of unhindered data flows is therefore crucial, both for business and for effective police cooperation.
"The Committee was concerned by the lack of detail on how the Government plans to maintain unhindered data flows post-Brexit.
"It was concerned, too, by the risk that EU and UK data protection rules could diverge over time when the UK has left the EU. To avoid this, the Committee urges the Government to secure a continuing role for the Information Commissioner's Office on the European Data Protection Board."
PwC's UK data protection leader Stewart Room gave evidence to the committee, and agreed that it was vitally important that transitional arrangements are put in the place
"A declaration of non-adequacy would be surprising given that the UK has led the way on data protection for years, we have a strong regulator in the form of the Information Commissioner's Office (ICO), and in many cases our regulations already go far beyond what other EU member states currently have," he said.
"However, there are only eleven jurisdictions that currently have adequacy agreements in place. This could point to it being a potentially lengthy process, so I would urge negotiations to begin to provide the certainty that's needed."