Trade agreements matter; and Parliament has been cut out of the substance. In the Japan-UK Agreement, the Government commits the UK to huge changes in our data privacy laws, especially the protection we give data when it moves overseas, without any vote to authorise this shift.
Changes to ‘digital trade’ are rolled into accepting the whole trade deal—and nobody is going to crash it, as so much else is at stake.
The Government is claiming two things: one, that data privacy is going to be kept at high levels, and two, that it is ambitious to promote the ‘free flow of data’ through making arrangements with Japan and in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership. Both cannot be true.
Will Hutton explained what is at stake this weekend in the Observer:
The Japan-UK trade deal drops necessary privacy and protection standards for data trade, again barely reported. The EU cannot allow Britain’s financial services industries and hi-tech companies to opt out of conforming to EU data standards, otherwise Britain just becomes a global data-washing hub. Without a deal on data standards, as the international director of the Financial Conduct Authority warned last week, British financial services stand on a cliff edge. So does virtually every British business deploying data.
So far, the UK press has yet to fully engage with the issue. Academics are ahead of the game, explaining that the implications are profound. Most worryingly, the Government has provided no serious analysis of its own policies to Parliament.
What then is the Government’s position? In a one page explainer, published on 4 November, the Government says it has achieved:
Agreement to avoid unjustified restrictions on the free flow of data between the UK and Japan. This ensures that data will be able to be collected, processed, and transferred between the two countries, without facing unnecessary red tape.
A commitment to uphold world-leading standards of protection for individuals’ personal data when data is being transferred across borders.
These paragraphs are taken verbatim from the Impact Assessment that accompanies the treaty. It is unclear that the description they make is accurate: worse, these these paragraphs do not assess impact.
Contrast the Government’s skimpy “analysis” with these statements from the UK Trade Policy Observatory:
The most striking changes are in the UK-Japan provisions on cross-border data flows and data localisation. …
The provisions on data flows in the UK-Japan agreement are similar to the approach found in recent US trade agreements and the CPTPP. Governments agree not to impose restrictions on the cross-border flow of data, including personal data …
The EU has not been willing to make these types of commitments in its trade agreements, fearing they would not be compatible with its approach to data protection, embodied in the EU’s General Data Protection Regulation (GDPR).
… navigating multiple, possibly conflictual, regulatory regimes is no mean feat, and careful analysis of how best to do this and the implications of moving away from the EU’s approach is needed. What are the implications of the new UK-Japan provisions for data protection and privacy, and for an adequacy decision from the EU? The answers are far from obvious, the stakes are high, and the Government’s approach needs to be carefully analysed before the UK-Japan deal is ratified.
Will Parliament get any answers? The chances so far seem slim, but some MPs from Conservative, Labour and Liberal Democrat ranks are now pressing for them. However, so far the Government has lacked any appetite to explain itself in sufficient detail.
Parliament must demand those answers. It is disgraceful that they have not been supplied already. And if MPs get answers that are uncomfortable, partial or worse, then Government should be placing these digital trade clauses into “suspended animation” – freezing them until Parliament has decided whether it really wants to go down this dangerous path.