My Lords, I thank the noble Lord, Lord Stevenson, for bringing before us what are undoubtedly very important issues. I am grateful to the noble Lords, Lord Warner and Lord Clement-Jones, for their contributions. I say by way of preface that the general data protection regulation comes into force on 25 May this year. Noble Lords will be aware that there is, as the noble Lord, Lord Stevenson, referred to, a Data Protection Bill currently before Parliament which fully implements the current EU framework, including
the GDPR. We would not have chosen to legislate in this way if we were not committed to that EU framework. To be fair, the noble Lord, Lord Stevenson, was gracious enough to acknowledge that. I also say that to seek to reassure the noble Lord, Lord Warner. Let me try to help a little further.
As the Prime Minister has set out, the Data Protection Bill will ensure that we are aligned with the EU framework, but we want to go further than that and further than the typical adequacy agreement—I think that this was the concern of the noble Lord, Lord Stevenson. We want to seek a bespoke arrangement to reflect the UK’s exceptionally high standards of data protection. To reassure the noble Lord, Lord Clement-Jones, this would include an ongoing role for the UK’s Information Commissioner’s Office and effective representation for UK businesses under the EU’s new one-stop shop mechanism for resolving data protection disputes.
Even with that background and that backdrop it is nevertheless crucial that we have powers to correct any deficiencies that arise as a result of the current text of the GDPR being retained in the UK, post exit, word for word. For example, at its simplest we will need to replace references to “Union law” and “member states” with references to “UK law” and “the UK” respectively. We will also need to replace specific articles that do not make sense in a UK-only context; for example, article 3 on territorial scope. These are, of course, exactly the same kinds of changes that will need to be made to a wide range of EU-derived legislation to ensure a smooth exit. Where I slightly differ from the noble Lord, Lord Stevenson, is that while data protection is extremely important, there is nothing particularly special about data protection in this regard.
The difficulty about the amendments tabled—we have to be quite clear about this—is that they would remove the powers that allow the Government to remedy these deficiencies or make any other adjustments to the GDPR to ensure we have complied with our international obligations or implemented the withdrawal agreement. Alarmingly, this would damage the integrity of our regime and put at risk the data flows between the UK and the EU, which are crucial, I think we all agree, for our shared economic prosperity and wider co-operation, including on law enforcement. It is essential that we have the powers to ensure that the UK legislation framework remains functional after our exit. Of course, I accept that exactly how the powers in Clauses 7 to 9 will be used in relation to data protection depends on the outcome of negotiations, but I hope it is helpful to noble Lords to have the illustrative examples I have provided on the record.
I hope I have reassured noble Lords of our commitment to both data protection and the flow of data between the UK and the EU and in these circumstances I urge them not to press their amendments.