Britain wants to co-operate with the European Union in relation to data protection and to have its legal regime accepted after it leaves, it said on Thursday.
It proposed using an "adequacy" agreement – whereby the European Commission recognises the levels of protection provided by non-EU countries – to ensure the flow of information vital to businesses and law enforcement was not interrupted.
In the latest in a series of papers outlining its aims in Brexit negotiations, the government said Britain had been a major player in the negotiation of the EU General Data Protection Regulation (GDPR) which comes into force next May.
“The UK has played an important role in developing the EU’s approach to data protection, including by playing a full part in the negotiation of the GDPR,” the government said in its paper. “In light of the UK’s unprecedented position, the future deep and special partnership between the UK and the EU could productively build on the existing adequacy model.”
The status has been granted to 12 countries, including New Zealand, Switzerland, Canada, Andorra and Israel.
The Privacy Shield framework agreed between the European Commission and the US in July last year provides a mechanism for companies on both sides of the Atlantic to comply with data protection requirements when transferring personal data from the EU to the US.
Binding corporate rules
The British government said that if it cannot agree an adequacy deal, it could fall back on so-called binding corporate rules or standard contractual clauses.
"We want the secure flow of data to be unhindered in the future as we leave the EU," minister for digital Matt Hancock said.
He said the goal was to combine strong privacy rules with a relationship that allowed flexibility, to give consumers and businesses certainty in their use of data.
Noting that the digital economy in Britain was worth £118.4 billion in 2015, he said any disruption in the free flow of data could be costly both to Britain and to the remaining members of the union.
Data Protection Commissioner Helen Dixon asked the High Court in Ireland earlier this year to refer to the Court of Justice of the European Union (CJEU) the question of whether the standard contractual clauses used by companies to transfer personal data are valid.
Ms Justice Caroline Costello’s judgment is expected before the end of the year. – (Additional reporting: Reuters)