Upon prompting by the Open Rights Group, I've written to my MP, Layla Moran, about the data laundering provisions of the UK-Japan trade agreement.
You may or may not be aware that that new UK-Japan trade agreement includes expansive data transfer clauses posing a threat to our privacy. These provisions essentially create a surreptitious process for your data to be transferred to other jurisdictions with poor data protection records, including the US.
MPs seem to have been deliberately kept in the dark about these measures which amount to turning the UK into a data laundering haven for unaccountable multinational corporations and countries with weak data protection standards.
I would encourage you and your MP colleagues to call for the freezing of these sections of the treaty - as happened with the unconscionable intellectual property chapters of the Trans Pacific Partnership agreement.
The dangerous undermining of UK citizen and other residents' rights is likely to be an ongoing feature of the government's desperate rush to enter into trade deals they can promote as Brexit successes. In these challenging times, significant vigilance will be required on the part of all our parliamentary representatives to protect fundamental rights in the UK.
I this instance I would ask you to ask the government to “freeze data transfer clauses from the new UK-Japan trade agreement”. This will allow the agreement to go ahead but would freeze (stop) the harmful clauses endangering our privacy.
You can find the UK-Japan Comprehensive Economic Partnership Agreement documents containing treaty information and a summary of the agreement online.
Jim Killock and Heather Burns at the Open Rights Group have prepared a succinct explanation of the issues. The agreement contains brand new clauses which priotise the “free flow of data” between the UK and Japan, and from there on to other trade partners, over and above data protection rights.
"A “free flow of data” approach would be a radical departure from the current position. Today, UK companies must only transfer your personal data where they can guarantee that you continue to have similar rights over access, correction and deletion of that data. The UK Japan agreement would force the UK to accept lower data protection frameworks, including voluntary self-regulation, as compatible with the UK’s world leading privacy framework, in Article 8.80 and 8.84.
The UK-Japan agreement, together with the UK adequacy decision, would create a “gateway” for your data to flow to other countries that also have “free flow of data” trade arrangements with Japan. Worryingly, this will permit UK data to be transferred to the USA, without it being kept under GDPR-style protections.
Once data is exported from the UK to the USA via Japan under this agreement, your rights would vastly reduce. In the USA, there is no automatic right for you to know where the data is held, or by whom; you cannot prevent resale, reuse, or the data being put to new uses. There is no right to prevent your data from being used in ways that are discriminatory, or unfair. You cannot ask for your data to be deleted. If it is lost, then there is no legal barrier to a third party from obtaining it and using it. And there is no simple recourse to you if your data is breached or sold...
It is likely to prove impossible for the EU to conclude a data protection adequacy decision for the UK while these unrestricted data flows with Japan, and its trade partners are in place. The EU specifically excluded data flows from their trade agreement with Japan. Although Japan has an adequacy decision from the EU, it had to put specific arrangements in place for EU data to stay in Japan.
This stopped the data of people in the EU — including the UK — from being shifted to an overlapping legal regime and freely siphoned off to third countries. This trade deal bypasses both of those safeguards."
ORG also have a more comprehensive briefing on how the UK-Japan deal severs post Brexit data adequacy. (Pdf version available too).
There are also other serious concerns with the agreement, particularly in relation to general monitoring provisions - upload filters like the EU copyright directive's Article 17 - and bans on circumventing DRM/TPM even for the facilitation of interoperability or repair.
Given the Johnson government Svengali Cumming's obsession with eviscerating the controls on the collection and exploitation of big data, an intense and ongoing focus on resisting such dismantling of fundamental privacy and data protection rights is certainly in order.