Campaigners and MPs have claimed that the new UK-Japan trade deal does not adequately protect the data rights of UK citizens.
The warning was made in a letter to Secretary of State for International Trade Liz Truss, sent by the Open Rights Group and signed by 16 MPs, including former Shadow Home Secretary Diane Abbott.
Together, they called for additional clarity on what the new deal means for data rights, which includes subjecting the UK-Japan Comprehensive Economic Partnership Agreement to a debate.
Under the deal, various data protection standards appear to be considered acceptable. It also limits the scope of the UK Government disallowing data flows that it may consider problematic.
In addition, the letter warns that the deal appears to promote privately regulated data flows, which may provide insufficient data protections and be hard to enforce.
As such, the campaigners have seven areas that they claimed parliament needs to provide additional information on ahead of the December 7 agreement deadline.
These include the kind of data protection systems that will be regarded as sufficient under the agreement, and whether there are assessments available on the tools and frameworks envisaged by the deal.
In the letter, the MPs said that there are other aspects “of the trade agreement with Japan which also need scrutiny, including those restricting algorithmic transparency and access to source code, and Technical Protection Mechanisms. The Government needs to outline in each case what kinds of legislation and practice are allowed and disallowed,” the letter said.
The Japan-UK trade deal was announced in October and signed in November, the first trade deal struck by the UK independent from the EU since Brexit. The UK Government claims that the deal will help boost the UK economy by £15.2 billion over 15 years.
While the new deal is largely similar to the existing deal between Japan and the EU, it differs by enshrining the idea that the free flow of data between the two countries, and then on to other trade partners, should be placed above data protection.
This means that data could be potentially transferred to jurisdictions likes the US. Data transfers from the EU and the US have proven difficult after legal frameworks have been struck down in the Schrems I and II court cases.
- Data Protection Summit 2020 | The future of EU data transfers
- Meet the ‘Rising Stars’ of Scotland’s technology sector
- Leader Insights | Protecting your medical data with Elizabeth Fairley, Talking Medicines
With the UK formally leaving the UK from January 1, 2021, after a year-long transition period, forming trade deals has been vital to its future prosperity. This is especially important for data transfers.
When the UK leaves the EU, it will no longer be covered by the bloc’s data-sharing regime. Data transfers from the EU to the UK will be subject to stringent compliance regulations that will potentially cost businesses £1.6 billion.
Despite the UK upholding the same GDPR standards as the rest of the EU, it has not been placed on the list of adequate territories (which also includes Japan). Being placed on this list would simplify data transfers and save UK businesses money.
However, companies can only transfer EU citizens’ data when they receive the same protections as they would under GDPR, wherever they travel in the world. This came to a head in the Schrems court cases, which invalidated two frameworks for transferring data to the US. This was largely due to concerns that US government surveillance would make it hard to protect EU citizens’ data.
As such, not only could the Japan-UK trade deal undermine current British data protections for its citizens, it could also undermine the potential of the UK being deemed an adequate territory by the EU, jeopardising a potential deal.