The personal data of Britons could be handed to US firms via the new trade deal with Japan, campaigners are warning – ripping up existing protections.
The agreement is an “existential threat” to privacy, the Open Rights Group has claimed, allowing information to be transferred and kept secret, with no right of access or to delete it.
The small print of the deal – which, The Independent revealed, provides “zero” gain to exporters – also raises the risk of a no-deal Brexit if the EU rejects an agreement because of the data protection fears, it said.
“It is unacceptable for the UK to shift from the high levels of data protection we currently enjoy to a data free-for-all through obscure clauses and footnotes in a trade agreement,” said Jim Killock, the group’s executive director.
“Parliament must demand answers and ensure the government “freezes” these clauses from the treaty.”
Liz Truss, the trade secretary, hailed the Japan agreement – which effectively merely ‘rolls over’ the deal the UK enjoyed through EU membership – for its “cutting-edge digital and data” clauses.
Claiming big gains from the “free flow of data” with Tokyo, she said, last month: “Today is a landmark moment for Britain. It shows what we can do as an independent trading nation.”
But the Open Rights Group said “free flow” meant the loss of security from the General Data Protection Regulation (GDPR), an EU regulation introduced in the UK in 2018.
“Current restrictions on European data to stop lightly regulated transfers to the USA, would disappear,” its briefing warned.
“Today, UK companies must only transfer your personal data where they can guarantee that you continue to have similar rights over access, correction and deletion of that data.
Once the UK granted an “adequacy” decision to Japan, there would be a ‘gateway’ for data to flow to other countries that also have ‘free flow of data’ trade arrangements with Japan – including the US.
“In the USA, there is no automatic right for you to know where the data is held, or by whom; you cannot prevent resale, reuse, or the data being put to new uses,” the briefing added.
“There is no right to prevent your data from being used in ways that are discriminatory, or unfair. You cannot ask for your data to be deleted.
“If it is lost, then there is no legal barrier to a third party from obtaining it and using it. And there is no simple recourse to you if your data is breached or sold.”
The UK is already at risk of losing rights to share security and business data with the EU after Brexit is completed in December – because of Brussels’ reluctance to grant its own “adequacy” decision.
The EU has criticised the UK’s forwarding of personal data to other countries, as well as the processing of personal data for immigration purposes and the retention of electronic telecommunications data.