November 15, 2021
As the Committee explained in its report, digital trade refers to the digitally enabled trade of goods and services and requires the movement of data across borders. The report examined the impact of new trade agreements on the protection of UK citizens’ data, the importance of a digital trade strategy and potential changes to the UK’s data protection laws. While the Committee supported the Government’s focus on this area, it noted that there was no overarching strategy informing the UK’s approach.
In response, the Government pointed to the policy paper it published in September 2021 (as reported in N2K) following the Committee’s recommendation, which sets out the Government’s objectives for digital trade, including trade in data.
The Government also said that when agreeing free trade agreements (FTAs) with trading partners, its policy is to support the protection of personal data, building on the Data Protection Act 2018 and the UK GDPR, and to address unjustified obstacles to the free flow of data. As it agrees new FTAs, it says that it will continue to publish materials that aid understanding of what has been agreed and its implications, including, where relevant, on issues related to data protection.
In response to the Committee’s recommendation that the Government publishes an assessment of each new FTA’s impact on the protection of UK citizen’s data, the Government said that it is “committed to maintaining high standards of protection for personal data, including when it is transferred across borders”. It also said that it publishes impact assessments for new FTAs, which cover all relevant impacts and it will include implications for data protection in its future assessments for new FTAs.
In response to the Committee’s recommendation that the Government also publishes an assessment of each FTA’s potential impact on maintaining an adequacy decision from the EU Commission, the Government said that the EU had declared the UK system to be adequate, based on the UK’s domestic legislation. The Government also said that it will “continue to engage with the EU as appropriate on these issues”. It also pointed out that the provisions of its FTAs do not alter domestic legislation on personal data protection or provide a lawful basis for international data transfers.
In response to the Committee’s request that the Government set out how it will depart from the UK GDPR while maintaining data adequacy, the Government pointed to the recent consultation on data protection reforms and to its desire to remain a proponent of high data protection standards. It also said that it is possible and reasonable to expect the UK to maintain EU adequacy as it begins a dialogue about the future of its data protection regime and moves to implement any reforms in the future. In the Government’s view, European data adequacy “does not mean verbatim equivalence of laws, and a shared commitment to high standards of data protection is more important than a word-for-word replication of EU law”. To support trusted data flows, alternative transfer mechanisms, such as Standard Contractual Clauses can be used, it said. Further, the Government will continue to “improve the design of alternative data transfer mechanisms”.
Finally, in response to the Committee’s findings on source code, consumer protection and online harms, the Government said that it will reference provisions relating to source code and algorithms in its future impact assessments for new FTAs. It also said that effective measures to protect consumer rights when purchasing goods and services online are important and that the UK has a strong domestic consumer protection regime, on which the Government builds when negotiating new FTAs. To read the Government’s response in full, click here.