Leaving the EU: Data Protection Debate
Full Debate: Read Full DebateStephen Timms
Main Page: Stephen Timms (Labour - East Ham)Department Debates - View all Stephen Timms's debates with the Department for Digital, Culture, Media & Sport
(7 years, 2 months ago)
Commons ChamberI beg to move,
That this House has considered Exiting the European Union and Data Protection.
The digital revolution through which we are living is bringing about the fastest pace of change that any generation has ever seen. With advances in technology accelerating, it is likely that this current pace of change will be the slowest that any of us will experience probably for the rest of our lives. This vast change brings with it big opportunities. We have opportunities to communicate, innovate and organise in ways that were simply inconceivable just a few short decades ago. It also brings with it challenges: to harness the technology for good; to mitigate harm; and to make sure that everyone can benefit.
Underpinning this revolution is the fact that the cost of storing and transmitting data has collapsed faster than at any time since the invention of the printing press, and perhaps at any point in history. The new technology then cut the cost of storing information from the cost of a handwritten manuscript to the cost of print, and the revolution now has cut the cost from that of print to the almost infinitesimally small cost of data storage. Data is therefore the fuel of this new digital economy, and getting the rules on data right is mission-critical for strength in the future.
As well as being fuel for change, data is a massive stimulant for our economic growth, jobs creation and innovation. The UK has Europe’s largest and most dynamic digital economy, attracting approximately £28 billion in technology investment since 2011. The UK also has the largest internet economy of all G20 countries, emphasising the fact that data is rapidly transforming our lives, and creating exciting and innovative opportunities right across the world. The impact is, of course, much broader than just in the tech industry itself. Data underpins social interactions: a Skype call to a family member on the other side of the world; our cultural collaboration, as performances are broadcast across borders; and almost every other part of economic activity, and almost all trade. The importance of the digital economy as a catalyst for job creation and innovation continues to increase exponentially, so it is vital that data is kept secure. Our approach to data protection as we leave the EU is straightforward: we wish to ensure the unhindered free flow of data between countries, if that data is held securely and privacy is respected.
I very much agree with the points that the Minister is making and the ambition he is setting out. Will he commit to securing an adequacy agreement from the EU, so that the free flow of personal data, which he rightly says is important, can continue?
I pay tribute to the right hon. Gentleman’s extensive understanding of these issues, not only from his time as a Minister but since. His understanding is so good that he has correctly anticipated the next page of my speech. That is exactly what we are seeking, because it is strongly in the mutual interests of the UK and the rest of the EU that such an arrangement is put in place.
Having just set out my punchline, perhaps I can describe the build-up to it. The goal is for data to be unhindered when security and privacy are respected. It must be unhindered, so that trade and communication can be effective and so that we can innovate in the use of information, including through advanced techniques such as machine learning and artificial intelligence. But data can be unhindered only where it is appropriate for it to go—with data held securely and privacy respected—which means where there are high standards of cyber-security and data protection.
On cyber-security, the 2017 British Chambers of Commerce digital economy survey reveals that at least one in five UK firms were subject to a cyber-attack in 2016, with larger firms more likely to be hit. As more and more citizens, and the wider economy, rely so heavily on digital technology, it is vital to keep data safe from cyber-attack. On the other side of the coin from strong cyber-security is strong data protection. The UK has been a world leader in data protection for a long time, combining privacy with support for dynamic data-driven innovation. We are determined to ensure that, after our exit from the EU, the UK remains a global leader, promoting both the flow of data internationally and high standards of data protection.
For more than a generation, the Data Protection Act 1998 has been regarded as the gold standard in the world. That Act, which was based on European rules set out in 1995, was the result of a piece of work that started under the then Conservative Government, with the legislation enacted by the subsequent Labour Government. That demonstrates the cross-party approach that has been taken to data protection in the UK. Technology marches on, however. It is almost 20 years since the 1998 Act, but the legislation needs to be kept up to date in this changing world. The Data Protection Bill, which had its Second Reading in the other place earlier this week, will modernise data protection legislation, giving citizens more rights over their data while allowing businesses to use modern data management techniques. It offers greater transparency and accountability, thus giving people more reassurance about how their personal data is used by businesses and organisations. Increased accountability and public confidence in how data is used can enhance the digital economy for the benefit of all.
To return to the point made by the right hon. Member for East Ham (Stephen Timms), the Bill will prepare Britain for Brexit. It will extend the EU’s general data protection regulation—GDPR—and bring into UK law the law enforcement directive. It will extend the principles of GDPR into many areas of our domestic law, which will help to ensure that we prepare the UK for the future after we have left the EU. The implementation of the Bill will ensure that we preserve the concepts of the Data Protection Act that have served us so well. We will aim to ensure that the transition for businesses, individuals and charities is as smooth as possible, while complying with the GDPR and the law enforcement directive in full. That means we will be as well placed as possible to achieve the unhindered flow of data with the EU through something akin to the adequacy deal mentioned by the right hon. Gentleman. That is strongly in the interests of both sides in the negotiation.
I am glad that I gave the right hon. Gentleman the opportunity to do so.
A strong relationship on data is beneficial to citizens as it will reassure them that their personal data is subject to robust protection. Maintaining the flow is also important. Once we have left the EU, we will continue to play a leading global role in the development and promotion of appropriate data protection standards with trading partners right around the world.
I am glad that the Minister is committed to seeking this adequacy agreement. Does he recognise that one step that will make that a bit harder—perhaps significantly harder—is the fact that under the terms of the European Union (Withdrawal) Bill, article 8 of the European charter of fundamental rights will no longer be part of UK law? That creates uncertainty about how our data protection law will work. Appeal decisions frequently refer to the actual article, which is part of UK law at the moment. Will he therefore support amendment 151 to the Bill, which would oblige the Government to put back into law the clear assertion that everyone has a right that their personal data is protected?
I thought that the right hon. Gentleman might raise that. I understand his amendment and the reason behind it, which is to ensure that what we are trying to achieve is achieved. However, the removal of the charter from UK law should not affect the substantive rights of individuals when their data is processed, because the charter is not the source of the rights contained within it. The charter was intended only to catalogue rights that already exist in EU law. As he knows, there is not a charter of fundamental rights in the same way in UK law, and it is not necessary. Although I agree with the purpose and intent of what he is trying to achieve, which is to make it as likely as possible that we achieve the adequacy deal and the high-quality arrangements that we are seeking, the amendment is not necessary because of the nature of the charter.
I hope that I have managed to answer Members’ questions. Although I look forward to the debate, I think that we can see strong cross-party agreement on the importance of a high-quality data relationship with the EU once we have left, on ensuring that that works for citizens, businesses and individuals, and on ensuring that we can build on that relationship, which underpins so much in our modern economy.
It is a great privilege to follow the hon. Member for Argyll and Bute (Brendan O’Hara). He is a near neighbour of mine geographically, although on political issues we seem to be streets apart. I was pleased to hear him say—I assume he was speaking for the SNP as well as for himself—that he wants a deal. We all want a deal—[Interruption.] From the way SNP Members sometimes conduct themselves, we would think they take some perverse delight from the fact that we might not get a deal. We all want a deal, but I must tell him that, frankly, leaving the European Union means leaving the single market and the customs union. We cannot divorce those two things—it is the same thing. That was well rehearsed during the debate that led up to the vote last June.
Of course Norway is not a member of the European Union, but is a member of the single market.
That is the worse-case scenario of being on the receiving end of a flow of regulation with no input or influence over that at all. No, leaving the European Union means leaving the single market and the customs union.
I am pleased to follow the hon. Member for Stirling (Stephen Kerr) and will pick up on one or two of his points.
David Cameron has a great deal to answer for. To win support from his party’s right wing for his leadership bid in 2005, he promised during the leadership campaign to withdraw Conservative MEPs from the European People’s party, the main centre-right grouping in the European Parliament, and he delivered on that commitment after the European elections in 2009. By pushing his MEPs to the fringes in the European Parliament, he significantly reduced British influence there and more widely in the EU’s structures, which meant that Britain did not get its way in Europe on an increasing number of issues, by contrast with previous Governments, both Labour and Conservative. The referendum result—the decision to leave the EU—was the inevitable outcome of that spiral of loss of influence, kicked off by his commitment in 2005.
One way to look at the referendum is as a choice between sovereignty and prosperity. In the referendum, the country chose sovereignty, and of course that was a wholly honourable choice to make, but we need to be honest now about the resulting loss of prosperity. Leaving the EU, if it is seen through in the way envisaged now, will make us poorer. Ministers need to stop pretending otherwise, for their own sakes, as well as for the sake of the country, because once the reality becomes clear, the punishment inflicted on the Conservative party will be all the greater if people have not been told what is ahead.
An official in Germany put it to me like this a few months ago: “If you want the benefits of the single market, you have to obey the rules of the single market.” Ministers continue to tell us that we can have the benefits but no longer obey the rules, but that will not be the outcome of these negotiations. It could not possibly be because, if it was by some fluke the outcome, Germany and lots of other Parliaments in the EU would surely vote it down when asked to decide on the deal.
This week, we have at least had some recognition of that reality from the Prime Minister. She has announced that in the transition period from April 2019 we will continue to obey the rules. The writ of the European Court of Justice and the free movement of people will continue into the transition period. As far as I could understand it, the announcement in her statement on Monday seemed to be that we would stay in the single market and the customs union, other than in name. I presume that this is a face-saving device to avoid the embarrassment of a clear U-turn. It would be much better to be honest and commit to staying in the single market and the customs union during the transition period at least, as argued by my right hon. and learned Friend the Member for Holborn and St Pancras (Keir Starmer), the shadow Secretary of State for Exiting the European Union, and my right hon. Friend the Leader of the Opposition. The Prime Minister’s announcement does at least hold out the prospect of delaying the damage to our prosperity for a couple of years, but we need to recognise that that will not avoid the damage to our prosperity altogether.
The challenge is perfectly illustrated by the subject that we are debating this afternoon, and I welcome the fact that the Government have given us the opportunity to have this debate. Mr Speaker characterised my interest in a different area of policy earlier this week with the phrase, “some would say anorakish”. How much more that applies to the area of policy that we are debating this afternoon. The Minister was absolutely right in his opening remarks to underline just how important this policy area is for our prosperity. It underpins the wellbeing of the economy. Indeed, there is growing evidence that one of the reasons why we have failed on productivity growth in the UK in the past few years by contrast with other countries is that the internal management of companies in the UK has been digitised to a lesser extent than elsewhere. If we are to make progress on that—it is vital for our prosperity that we do—then data communications will be even more important in the future than they have been in the past.
I very much enjoyed and appreciated the contribution of the hon. Member for Bromley and Chislehurst (Robert Neill), who chairs the Select Committee on Justice. He underlined, quite apart from the economic considerations, how vital it is for our security and safety that we can continue to communicate personal data with other European Union countries.
The Minister was right to make the point at the outset that our data protection laws in the UK originated with an EU directive in which the UK was very influential. The Conservative Government who negotiated that directive had a powerful voice at that time. Sadly, as I explained earlier, more recent Conservative-led Governments have had a much less powerful voice.
I agree with the right hon. Gentleman that the British MEPs had a strong influence on the GDPR as it was developed in Europe. One of the reasons the GDPR is a good piece of legislation that we can happily bring into UK law is because of that influence. We had that influence after we had left the EPP, so perhaps he will withdraw his earlier comments. As for this argument about lack of influence, the chair of the justice committee in the European Parliament is a British Labour MEP, so is he saying that the lack of influence that he describes is because of the Labour party?
No, certainly not. I am delighted that my Labour colleagues in the European Parliament have retained their place in the Socialist group and therefore their influence. The problem for Britain has been that, by leaving the EPP, Conservative MEPs have had much less influence. I am not saying that they have not had any influence—that is not at all the point I am making—but they have had a great deal less. Therefore, the British Government have been much less able to get their way in Brussels than previous Conservative and Labour Governments, and that is what inexorably led to the referendum result.
The key foundation stone for data protection regulation in Britain has been article 8 of the European charter of fundamental rights, which states:
“Everyone has the right to the protection of personal data concerning him or her.”
The European Union (Withdrawal) Bill—the Minister and I had an exchange about this earlier in the debate—removes the charter of fundamental rights from UK law, so article 8 will no longer apply. The Select Committee on Exiting the European Union took evidence on that point from lawyers yesterday. Sir Stephen Laws, former first parliamentary counsel, argued that the removal of article 8 was a good thing because nobody can quite know exactly what it really means, so that we end up with judges deciding in appeal cases, which makes the law uncertain. He made a very reasonable case. Far better, he said, for Parliament to decide the detailed law and regulations, so that everyone knows where they stand.
However, Dr Charlotte O’Brien of York Law School pointed out that in practice, judges deciding points of data protection law in Britain often refer explicitly to article 8. A reading of their judgments suggests that article 8 frequently sways the decisions that they reach, so it is likely that its removal will mean that their future judgments will be different from those that they have made up until now. We can have an interesting debate about which arrangement is better, and, as I have said, I think that Sir Stephen Laws made a perfectly good case. Our problem, however, is that we have to achieve a declaration from the European Commission that UK data protection law is adequate. That is crucial for the future of our economy.
A point that I hope will reassure the right hon. Gentleman is that EU jurisprudence will be brought into UK law through the European Union (Withdrawal) Bill, although EU jurisdiction will no longer continue.
The proposal is that article 8 will not be there any more. The problem is this: where in the European acquis, which is being brought into UK law, is the clear statement that everyone has the right to have their personal data protected? It is not there, and if it is not there, it will be significantly harder for the European Union to recognise that UK data protection law is adequate.
This is an incredibly important point, so I am grateful to the right hon. Gentleman for allowing me to intervene. The right is there: it is in the GDPR, which will be brought into UK law through the Bill.
The problem is that it is not. There is no clear assertion anywhere in UK law—other than, at present, in article 8—that everyone has the right to have their personal data protected. As I have said, and as was said in the Select Committee yesterday, judges, when making judgments on these matters in appeal cases, often refer to the wording of that article to reach their conclusions.
There is a perfectly good case for arguing that it is better not to have these slightly vague declarations, because the law is clearer if it is all spelt out in legislation that has gone through Parliament, but our problem is that that is not how the matter is looked at in Brussels. Over the next year and a half or so, the Minister has to persuade people in Brussels that our data protection is adequate, and if we no longer have a clear statement in UK law that everyone’s personal data is protected, that task will be a good deal harder.
My right hon. Friend is making extremely important points. The very fact that we are having the debate shows that there is uncertainty. When those who may be not so friendly to us in other parts of Europe are looking for cause to be difficult, does that not absolutely give them that cause?
As chair of the all-party parliamentary group on data analytics, my hon. Friend is in a very good position to understand just how important this is for our economy. He is absolutely right: if we open up that uncertainty in our regulatory arrangements, it will be harder, perhaps impossible, to achieve the adequacy agreement that we need.
I am grateful to the Minister for committing himself to seeking that adequacy agreement. Like the hon. Member for Argyll and Bute (Brendan O’Hara), I was slightly concerned about what he meant when he referred to something “akin to” an adequacy agreement. What we need is an adequacy agreement that is formally defined. We need that declaration from the Commission, so that UK businesses can continue to exchange personal data with businesses in other EU member states.
My right hon. Friend is making an excellent speech and some very pertinent points. Many tech firms and other companies in my constituency are concerned: we need to have such agreements in place—in particular, on data protection—and not having them in place will have a hugely detrimental impact. Does my right hon. Friend agree?
The firms in my hon. Friend’s constituency are absolutely right. If we do not achieve that adequacy declaration, it will become illegal for personal data to be exchanged between the UK and the countries of the EU, and there will no longer be a lawful basis for large swathes of businesses in the country to continue to operate.
Perhaps we can draw an analogy with my right hon. Friend’s earlier remarks about the customs union and single market and say that the Government are seeking an adequacy agreement, but not in name on this occasion.
The problem is that if it is not an adequacy agreement in name, it is not clear what it is. [Interruption.] Yes, an inadequacy agreement, perhaps.
We also need this to be clarified soon, because otherwise businesses will have no alternative but to make arrangements to shift the activities into the other EU countries to avoid the risk of them no longer being lawful—and if this is left to the last minute, with some late-night deal at some distant point, these companies will have gone.
Does the right hon. Gentleman, a fellow member of the Exiting the European Union Committee, agree that one way to sort this out is by amending the Data Protection Bill—in effect, by transferring the wording of article 8 into that Bill?
I pay tribute to the hon. Gentleman for his work on that Committee, and his suggestion could well solve the problem. What I have proposed is amendment 151 to the European Union (Withdrawal) Bill, to require Ministers to put on to the statute book a clear statement that UK citizens have a fundamental right to the protection of their personal data. But he is right that we could equally well insert that wording into the Data Protection Bill, which is before the House of Lords at present. I should also point out that, splendid though it is, I cannot claim credit for the wording of my amendment, as it was drafted by techUK, in recognition of the issue’s importance to the industry.
I want to make a final point about the Data Protection Bill and postal direct marketing. I welcome the fact that the Government are implementing the GDPR, or general data protection regulation, but the Bill changes the basis for opting out of postal direct mail communications. At present, if somebody does not want to receive advertising addressed to them through the post, they can opt out by signing up to a register. As I understand it, the Bill will change that and companies will not be allowed to send people postal direct mail unless they opt into receiving it. I think that is the current arrangement for direct email, but there has been an opt-out arrangement for postal direct mail until now. There is a lot of concern that that change would be very damaging to the UK direct mail industry, which is a substantial industry, and that it is not required by the wording of the GDPR; indeed, legal advice has been taken on this point and the GDPR does not require that change to be made. If that is right, the Government are gold-plating the regulations that have come to us from the EU. They are absolutely right to be implementing the GDPR and to be doing so scrupulously, but they should not be gold-plating them, as I fear they might be in this case.
I am grateful to have had the chance to set out to the House a bit more fully the thinking behind my amendment to the European Union (Withdrawal) Bill, and hope I might have persuaded the Minister that, after all, it might be an amendment that he can support.
I am delighted to call to make his maiden speech Mr Matt Western.
With the leave of the House, Madam Deputy Speaker, I shall reply for the Government to this excellent debate. I shall try to answer the points made, unconventional as that might seem.
The subject of the debate could not be more important. The digital revolution is one of the biggest things happening to this country and the world. Indeed, I think the digital revolution as a whole is bigger than Brexit. The right hon. Member for East Ham (Stephen Timms) thought this would be an anorak-like debate, but hoped it would not. Well, I think we could liken the debate to an anorak because in some circumstances anoraks are incredibly important. The debate may have been detailed and technical in parts, but it is vital to get these things right for our country’s future.
As others have said, what a pleasure it was to hear the fine maiden speech by the hon. Member for Warwick and Leamington (Matt Western). He even introduced a word that I had never heard—camoufleurs. What a description! He spoke well of his new constituency, especially the design industry, and the gaming industry that is so important there. He spoke of history and the future. As the Minister for the gaming industry and for VR and AR, I am thrilled to hear that he will continue to champion them; I look forward to engaging with him often.
I was delighted to hear that Leamington is the happiest place to live. Funnily enough, I thought that was Suffolk. I give the hon. Gentleman a gentle warning about hostages to fortune: he very gently and elegantly took the credit for Leamington’s being the happiest place in the country, so now we all know where to look if it all goes wrong.
I almost called the Labour Front-Bench spokesman, the hon. Member for Cardiff West (Kevin Brennan), my hon. Friend because we have spent so much time together in Committee in the past. I look forward to doing so again in future. I was surprised to learn two new things about him. I am astonished that he has university-age children; he looks as though he has barely left university himself. And he says he is delighted that the former Member for Warwick and Leamington, Chris White, is no longer in the House because he is a double. He can imagine how I felt when Mike Hancock was defeated!
The hon. Member for Cardiff West asked some serious and important questions. First, he raised the question of parental consent at the age of 13. There is flexibility in the GDPR legislation to set the age of parental consent at any age between 13 and 16. In the UK that age is effectively 12 at the moment—although it is not set in the same way—which means that we are raising the age. We of course recognise the fundamental role that the internet plays in the lives of teenagers, and we agree that it is vital to educate children, not only on the positives of the internet—coding has been in the curriculum for three or four years—but on the risks. The internet safety strategy published yesterday stated that we will do more to educate children about safety, but online platforms also give children educational and social resource, and the rules need to be realistic if they are to work. We do not want to introduce an unworkable rule.
This is a balanced judgment, but I believe we were right when we chose the age of 13. It was suggested that we did so because the Irish Government decided on 13, but the point about GDPR is that what matters is whose data it is, so it is not a question of the dataset in which the data is stored; it is a question of how old the child is.
The hon. Member for Cardiff West, and several other hon. Members, asked about the adequacy of our national security legislation. We are already compliant with EU law on data protection, with the Intellectual Property (Unjustified Threats) Act 2017, and we will be after exit. We are confident that that legislation should not present a significant obstacle to negotiations, not least because we have one of the most robust oversight frameworks in the world, and we brought in judicial oversight as part of the move from the Data Retention and Investigatory Powers Act 2014 to the Investigatory Powers Act 2016.
We heard an excellent speech from my hon. Friend the Member for Bromley and Chislehurst (Robert Neill), who argued that how data rules relate to finance is a huge issue to be tackled. He is absolutely right, and we do have regular discussions with the financial sector. None of us should forget his point that it is in the interests of both the UK and the EU to get things right. We will help to ensure that Gibraltar has market access to the UK, which my hon. Friend cares about. That may require a degree of regulatory equivalence, and he knows that those discussions are ongoing. Our intention to maintain the data relationship for law enforcement purposes is clear, which is why we are putting the law enforcement directive into UK law as part of the Data Protection Bill. We want to continue to have a strong partnership with the EU. There is no legal barrier to the EU establishing an international agreement giving third countries access to SIS II and the European Criminal Records Information System. We are exploring a full range of options, but much of the detail will obviously be down to the negotiations.
I am delighted that the Scottish National Party supports our approach, and I am grateful for the support of both the Scottish Government and the SNP Members here. When the hon. Member for Argyll and Bute (Brendan O’Hara) said that what I had said previously was absolutely right, I started to worry a little—we do not usually hear that, from the SNP Benches—but he then asked specifically about a no-deal scenario. In the annex to the paper we published in the summer, we outlined other ways to ensure the flow of data, and we do consider all options. There are alternative means of legal transfer of data, but we fully expect a good deal. The hon. Member for Strangford (Jim Shannon) made the same point, but he stressed that this is about not just the future EU-UK relationship, but the UK’s relationships all around the world and our ability to get strong trading relationships underpinned by data that is protected with good cyber-security.
My hon. Friend the Member for Stirling (Stephen Kerr) argued powerfully that data protection must be based on trust—my hon. Friend the Member for Chelmsford (Vicky Ford) made a similar point—and mentioned the advantage of future flexibility in a position in which Britain can lead across the world. He mentioned our history on that topic and the computer Manchester 1, which my mother worked on, and Stirling’s growing digital economy. He asked us to raise our eyes to the horizon and ensure that we get this right across the world.
Like the hon. Member for Cambridge (Daniel Zeichner), my hon. Friend the Member for Stirling asked about the EU-US privacy shield and post-Brexit data flows. We of course want to maintain the current protections for UK citizens under the privacy shield after exit. We want to ensure that data flows between the UK and third countries with EU adequacy decisions, like the US, can continue on the same basis. That is part and parcel of what we are trying to achieve.
The hon. Member for Cambridge also asked about dialogue with the EU on the future partnerships paper, and that is ongoing. For example, the Secretary of State for Justice is at the Justice and Home Affairs Council this week and will be speaking about that paper, setting out in particular the argument that we are approaching Brexit from a point of harmonisation. Keeping the Data Protection Bill harmonised with the GDPR will be critical as we take the Bill through both Houses, and I am glad for the Opposition’s support in maintaining that position.
The right hon. Member for East Ham made a characteristically excellent speech. I hope he is not on the Bill Committee, and I mean that as a compliment. However, he was wrong about the loss of influence, and my hon. Friend the Member for Chelmsford, who was in the European Parliament at the time, pointed out just how influential both Labour and Conservative British MEPs were in ensuring that we got a good piece of GDPR legislation.
I want to make it absolutely clear that our goal is an agreement that builds on the existing model of adequacy. We are seeking an arrangement at least as strong as adequacy—stronger, in fact. There was a bit of debate about whether how I put things in my opening speech implied that we were moving off adequacy. We are not. I say again that we are seeking an arrangement at least as strong as adequacy—stronger, in fact—as part of the negotiation.
Does the Minister recognise that the absence of article 8 will make his goal harder to achieve? He said that we can look elsewhere in the body of European law, and it is all terribly vague and badly defined. The problem is that that will not convince the Commission—and it is the Commission that he has to convince about adequacy.
I think the right hon. Gentleman is wrong on this point, which no doubt we will debate during the passage of the Bill. We know of no other jurisdiction with an adequacy deal that has been required to put the charter into law. Such a requirement has not been imposed anywhere else, so there is no reason for it in this case. The charter is a summary of laws present elsewhere and we are bringing the jurisprudence into UK law. Our goals are the same; in a sense, the question is a legal one. The fact that such a requirement has not existed in any other adequacy arrangements implies that the issue should not be problem for us, not least because of our strong legal basis for bringing GDPR into UK law.
On mail and direct marketing by post, I should like to correct the right hon. Gentleman slightly. Data controllers will need a legal basis for this under GDPR, but article 6 sets out a number of potential legal bases, not only consent. That does not change the reality on the ground from the current data protection arrangements. I hope that I have provided adequate reassurance.
The right hon. Gentleman and the hon. Member for Leeds North West (Alex Sobel) raised article 8, as did others. I am clear about the strength of the assurance that I have given and I hope that Opposition Members accept it. When private businesses consider their future arrangements, I hope that Members on both sides will make clear our determination to get a deal that is as good as adequacy, if not better. We want people to continue to do business and thrive here in the UK.
My hon. Friend the Member for Chelmsford, whom I have mentioned a couple of times, made a powerful and informed speech. Of course we think that the passenger data transfer is important; the referendum does not change how important it is. The EU already has third country arrangements in place with others, so we see no reason why the issue cannot be fixed. I am also sure that Chelmsford is a happy place to live; I wonder whether that is down to my hon. Friend or her ebullient predecessor.
I also agree with my hon. Friend that we must be vigilant and not gold-plate the Data Protection Bill through Information Commissioner’s Office guidance. No doubt we will discuss that during the passage of the Bill. I have regular conversations with the ICO about exactly that issue. We want guidance to come out early. In some cases, the ICO is having to wait for guidance from the Commission and that causes the delay—it is not the fault of the Information Commissioner. But we do want guidance to be in clear, simple language, not gold-plated, and to come out as early as is reasonably practicable. I thank the Information Commissioner and all her team for her excellent work.