Section 71 of the 585pp document published on Wednesday (14 November) has confirmed that, under the proposals, existing EU laws on data protection, including GDPR, would continue to be UK law following the Brexit transition period and the free flow of data between the UK and EU would not be affected.
“We have consistently advocated for a robust UK-EU deal on data protection that would ensure organisations could exchange data freely, much as they do now,” said DMA group chief executive Chris Combemale.
“It’s reassuring to see the UK government have listened to the concerns of our industry and is proposing a way forward that should enable the UK to remain a world leader in data, technology and marketing.”
However, the organisation added the withdrawal agreement does not refer to continued close cooperation between the UK ICO and EU data authorities.
“The challenge and area of concern is what that means in the long-term because if, for example, the EU was to bring in the ePrivacy Directive after we’ve left the Union, does that mean we have to follow it, and if it does, does that mean we have a seat at the table with those discussions?” said DMA head of insight Tim Bond.
“The DMA has long advocated for the UK ICO to continue to have a role within the EU data authorities; it’s played a very active part in things like GDPR and ePrivacy in the past and we think it provides a really important balance between the consumer right to privacy and businesses’ ability to serve that customer well through data.”
The UK is set to leave the EU on 29 March 2019. While the deal has been agreed by UK and EU negotiators, it will now require approval from MPs and the 27 other EU member states.
Following 29 March there will be a 21-month transition period, during which the UK and EU will agree the details of a new trade deal, which the draft agreement says can be extended with mutual consent.