Leaving the EU: Data Protection

Tom Brake Excerpts
Thursday 12th October 2017

(7 years, 2 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Tom Brake Portrait Tom Brake (Carshalton and Wallington) (LD)
- Hansard - -

I thank the Minister for so generously giving way. I just wanted to press him on the point that he made about the engagement that will happen at a technical level. In practice, does that mean that our standards will be maintained in tandem with those in the EU, and that therefore there will be no difference between the two?

Matt Hancock Portrait Matt Hancock
- Hansard - - - Excerpts

What it means is that the arrangements are harmonised right now. Should the Data Protection Bill become an Act, as I sincerely hope it will—it does have cross-party support—our existing arrangements at the point of exit will be harmonised. What happens after that will depend on the negotiation of our future relationship, with the UK being sovereign. The point is to ensure that the technical details are informed by high-quality UK technical considerations and the capability of the Information Commissioner’s Office. This is, of course, subject to negotiation. We set that out as something we wanted to consider when we published the paper in the summer, but, as the right hon. Gentleman may have heard, we are not yet on to negotiating our future relationship, although we are looking forward to that happening.

During the summer, we published the future partnership paper, which sets out how we ensure the continued protection and uninterrupted exchange of personal data between the EU and the UK. The purpose of setting that out was to offer stability and confidence to businesses, public authorities, charities and individuals. My message to business in particular is very clear. We understand how important this matter is. We know that it is in the strong self-interest of the UK and the EU to get a good deal that involves the unhindered free flow of data. The new partnership should protect the privacy of individuals and respect the UK’s sovereignty, including the UK’s ability to protect the security of its citizens and to maintain and develop its position as a leader in data protection. Ensuring that we protect privacy while also allowing for the innovative use of big data so that the UK can be a world leader in artificial intelligence are the joint goals of the Data Protection Bill.

Matt Hancock Portrait Matt Hancock
- Hansard - - - Excerpts

I am sure that the Under-Secretary of State for Exiting the European Union, my hon. Friend the Member for Worcester (Mr Walker), will have heard that point—this is a bit like a return to business questions from earlier. Parliamentary procedure is a matter for that Bill, but the hon. Gentleman has made his case. It is very important that the element of the GDPR that is directly applicable and therefore not in the Data Protection Bill is brought into UK law. However, we have designed the Bill so that that can slot directly in, meaning that once we leave, the UK should have a fully consistent, full-spectrum data protection regime under our legislation.

The new relationship should also not impose unnecessary additional costs on businesses and must be based on the objective consideration of evidence. Furthermore, because many of these issues are technical, we will continue to seek ongoing regulatory co-operation between the EU and the UK on current and future data protection issues. By doing that, we will build on the opportunity of a partnership between global leaders on data protection and continue to protect the privacy of individuals. As the paper that we published in the summer reiterates, it is important that we provide clarity and certainty for businesses and individuals as soon as possible, so that data flows are not disrupted when the UK leaves the EU. In addition, this is part of a wider global debate about the flow of data, because it is also incredibly important that we get right our data relationship with the United States, Japan and others.

Tom Brake Portrait Tom Brake
- Hansard - -

The Minister is being very generous with his time. I am sure that he is aware that the people of Gibraltar are concerned about the impact of the disruption of data flows. Gibraltar holds many data servers, and people there are very concerned that there might be longer-term impacts on their businesses. Can the Minister say anything about that?

Matt Hancock Portrait Matt Hancock
- Hansard - - - Excerpts

Gibraltar is, and will continue to be, part of the United Kingdom. The Under-Secretary of State for Exiting the European Union leads on issues relating to Gibraltar. He will have heard those concerns and will be able to respond to them in detail. In a sense, all this shows why it is so important to get this agreement right.

Tom Brake Portrait Tom Brake
- Hansard - -

I thank the Minister for giving a detailed response. I just wanted to put on record my interest in relation to Gibraltar so that it is not missed.

Matt Hancock Portrait Matt Hancock
- Hansard - - - Excerpts

I am glad that I gave the right hon. Gentleman the opportunity to do so.

A strong relationship on data is beneficial to citizens as it will reassure them that their personal data is subject to robust protection. Maintaining the flow is also important. Once we have left the EU, we will continue to play a leading global role in the development and promotion of appropriate data protection standards with trading partners right around the world.

--- Later in debate ---
Robert Neill Portrait Robert Neill
- Hansard - - - Excerpts

My hon. Friend is absolutely right. The two key messages that one gets on this topic from Gibraltarians across the political spectrum and from all parts of Gibraltarian society are, first, that they do not want to be left behind in any arrangements that the UK makes with the EU27—they do not want to be collateral damage in any sense—and they want to maintain the arrangements and access that we have. Secondly, they want above all to maintain the closest possible friction-free trading arrangements with the UK, where a great deal of their service business is already conducted. Getting that right is terribly important for Gibraltar. It is a small economy with little other resilience, and it really needs our support in getting the data issues right to protect what is a very successful story for the British family.

My third point relates to legal matters. I take the liberty of referring to the Justice Committee’s ninth report from the 2016-17 Session of the last Parliament. As hon. Members will know, I have the honour to chair that Committee, and we issued a report on the implications of Brexit for the justice system. I hope we will soon have a response from the Government to that report; it is one of those that is in Ministers’ in-tray—or, I hope, out-tray—at the Ministry of Justice. Perhaps a gentle nudge might be delivered by those on the Treasury Bench to their right hon. Friends there.

The report is constructive and stresses the importance of information-sharing arrangements for the legal system and the justice system. Part of that relates to the UK’s legal services, and that links in to what I said earlier about the financial services sector in London. The legal service sector underpins a great deal of that financial services work, so getting this issue right is critical for UK firms contracting with parties in the EU or with third parties. At the moment, a great deal of work is written in English law, and that is a great advantage to us, so getting the data sharing right around all those matters is terribly important to the firms involved.

However, the other issue in our report, which is perhaps even more strikingly important, relates to information sharing on policing and critical justice co-operation. In many respects, we have led the field in this regard, and it will certainly not be the intention of the Government or of the Prime Minister, who both as Prime Minister and as Home Secretary has stressed the importance of this issue, to lose any of that information sharing. However, again, the devil is always in the detail in these matters, and perhaps I can highlight what the Committee found.

We took a considerable amount of evidence, and it is clear that the EU offers a number of information-sharing tools. I particularly want to highlight the importance of the European criminal records information system. We are in that at the moment, and it was clear from the professionals in the field who gave evidence to us that we must do all we can to maintain access to that system. It provides access to accurate records of EU citizens’ offending histories.

It is perhaps worth putting on the record a quote from the National Crime Agency. Its evidence was:

“Through ECRIS, the UK is able to exchange tens of thousands of pieces of information about criminal convictions each year that help police and other law enforcement agencies to investigate crime, protect the public and manage violent and sexual offenders.”

Tom Brake Portrait Tom Brake
- Hansard - -

Is the hon. Gentleman able to clarify for me whether that is one of the data exchanges that are subject to the European Court of Justice rulings to ensure safeguards for those exchanges of data? If I am correct, how does he see that relationship continuing with the UK post Brexit?

Robert Neill Portrait Robert Neill
- Hansard - - - Excerpts

My understanding is that it is likely to be subject to the ECJ, and we concluded that while we might seek to remove the direct jurisdiction of the ECJ in some matters, the idea that we will not have an ongoing relationship with the ECJ on such matters is unrealistic. That will be important.

We want to stay in ECRIS, but we noted that there are no previous examples of a non-EU member having access to it. We will have to seek a bespoke arrangement to achieve that, and I hope that Ministers regard that as a high priority.

--- Later in debate ---
Tom Brake Portrait Tom Brake
- Hansard - -

I wonder whether the hon. Gentleman’s excellent Committee had an opportunity to look at the contingency plans that would be necessary for all the valuable databases he has set out, should the UK crash out of the EU in March 2019.

Robert Neill Portrait Robert Neill
- Hansard - - - Excerpts

The clear evidence given to us was that the only viable contingency plan would be a significant transitional period. It would not be possible to replicate those systems in the event of a supposed clean-break arrangement, and it would be necessary to have transitional measures. The evidence did suggest that those could vary from sector to sector, in terms of the length of time required and the amount of detailed work to be done, but it would be a serious setback for us to leave the European Union and the current data-sharing arrangements without something being put in place to bridge us over the leaving period for implementation or a clear end state for our ongoing relationship in the areas of data sharing and criminal justice co-operation. It is in everybody’s interests that we achieve that and it is an important issue to bear in mind.

We concluded that data sharing is not an area in which we can take a risk. Indeed, we concluded that these matters are so important that one would ideally wish to see them decoupled from the rest of the Brexit negotiations. Divorce bills or otherwise, public safety and security work for our interests and for every one of the citizens of the EU27, too. The right hon. Gentleman makes an important point and I agree with him.

I have talked about two key systems and I want to highlight their interrelated and technical nature because it is important to put that on the record. As well as those two systems, we also have access to Prüm, a regime for exchanging biometric information and vehicle registration data. It reduces the time taken to find matches from tens of days to 15 minutes when fully in place. We have recently gone into Prüm, and the chairman of the Criminal Bar Association, Francis FitzGibbon QC made the point to us that—and I shall quote his stark words in full to highlight their significance—

“if someone lets off a bomb in Berlin and makes his way to London, the police will be able to get hold of the fingerprints of the chap they arrest for double parking, or whatever it is, instantaneously.”

That gives us the swift ability to track down serious threats to our safety across the continent. We have not yet implemented Prüm, but we have signed up to do so and I hope that we will make it clear that we will implement it while we remain in the EU and we will seek to continue in it once we leave.

Our concern was that both Norway and Iceland—which are not members of the EU, although they are Council of Europe countries and have association arrangements with Interpol and others—have waited some years to have access to Prüm. We have started from a closer position and it would be a tragedy if we went back to the same place in the queue as them, giving away something that we are already moving into. I hope that the Minister will reassure us that the Government will attend closely to those specific points during the negotiations.

Our conclusion was that all these matters, extradition arrangements, the EAW, the data sharing that underpins prisoner exchange arrangements, together with our arrangements on judicial co-operation—on which British judges work closely with their counterparts—and of course our membership of Europol are all part of a system that comes together to protect us in criminal justice and security matters. They were described by our witness Professor Wilson as part of a system that

“you cannot disaggregate because, in my view, if you take out elements of the system, you have a less effective system for protecting British citizens on the streets.”

That was also the clear evidence from the Northumbria Centre for Evidence and Criminal Justice Studies. The evidence was overwhelming. Sometimes, as lawyers, we get cases in which the evidence all points one way, and that was very much our conclusion from the evidence to the Committee’s inquiry. These are all important matters. Of course, they are but one part of the data protection and sharing regime, but they are critical.

We received the clear message from practitioners that whatever we do and however we get to these arrangements —I hope that the Bill, when it is brought to the House, will help us to achieve this—the end state has to include a means of making sure that our data sharing and data protection regime are sufficiently close to those of the EU27. We shall, therefore, have to have a means of tracking changes and replicating them when it is likely to be to our mutual advantage to do so. Otherwise, with the very best will in the world, a law enforcement agency or police officer in the EU27 might not be able to share potentially critical information with his or her UK counterparts because he or she might find themselves in breach of the data regulations in his or her own EU27 country. That cannot be in anyone’s interest. I hope that the Minister will reassure us that creating such a system will be the centrepiece of our objectives on data sharing in relation to criminal justice and co-operation matters.