We need your support to keep TheyWorkForYou running and make sure people across the UK can continue to hold their elected representatives to account.Donate to our crowdfunder
My Lords, I am not sure the Minister is going to have quite the easy ride he had with the first statutory instrument. My eye was caught by a very detailed briefing by the law firm Fieldfisher on the consequences of this SI. It was the final paragraph that caught my eye. It says:
“From a broader perspective, the creation of a new data protection regime in the UK may present additional complexities for controllers and processors who are caught by both European and UK law and will therefore need to comply with both the GDPR and (in relation to UK customer data) something that looks like the GDPR but which may start to move away from it as time goes on”.
Those last words are ominous. There is no doubt that the GDPR was a great success for European co-operation. The noble Baroness, Lady O’Neill, reminded us earlier of the wide range of issues that we will have to take into account in protecting our democracy from data abuses. There are similar dangers in the protection of our commercial and business life. The value of the GDPR is that it gives us a strength of certainty of European legislation.
I will delay the House a little with a reminiscence. Between 2010 and 2013 I was the Minister at the Ministry of Justice responsible for the earlier negotiations on GDPR. I went to a meeting in Lithuania and throughout the day I noticed that there was one person sat at the table who never participated, voted or said anything. At the end I turned to the British ambassador and asked, “Who is the guy at the end of the table—he has not said anything?” “That is the Norwegian,” he said. “He can come and listen, but can’t vote and he is not involved our decisions.”
I often think of that when I hear people banging on about sovereignty. Sovereignty was best exercised by British Ministers at the table briefed, I have to say, by officials who were the people to go to. I will not name any particular official, but there was one man to go to as GDPR clunked its way through the machinery. There were “light touchers” and those who had quite recently experienced a Stasi or state abuse of personal data and privacy, and balancing the requirements of GDPR was part of the diplomacy our officials showed. I was also greatly assisted by our parliamentarians in the European Parliament: my noble friend Lady Ludford was very influential in steering the GDPR through some choppy waters.
The noble Lord, Lord Forsyth, who is not in his place, said a few weeks ago in one of our Brexit debates that the first time he went as a Minister to Brussels he felt resentment and animosity that he was being, as it were, dictated to by these foreigners. I do not think that I am being too misleading in saying that; I am sure that he will correct me later if I am wrong. He certainly did not feel at home there.
My first visit as a Minister was to Lithuania. I felt considerable pride that I was sitting with 27 colleagues in a part of Europe that had experienced every kind of dictatorship, from Nazism to communism. We were now sitting around a table trying to deal with one of the most important issues that we will have to face in the years ahead, with this fourth industrial revolution, artificial intelligence and the data revolution. It worries me that we are going into a period when data is described as the new oil, the most important and valued asset that we can have, while real doubts are still on the agenda and being exacerbated by the Brexit process—never, of course, put on the side of a bus.
The Minister gave sweet assurances on how quickly we would deal with adequacy. He is now shaking his head, so let us hear from him.