My Lords, it is always a joy to speak after the noble Baroness, Lady Fox of Buckley, because of her talent for challenge—this time on privacy. This is important, although I think these SIs are narrower than the sort of points that she was interesting us in.
Like the previous regulations that we debated, these make changes to orders relating to life after Brexit—in this case to 2019 regulations on data protection, privacy and electronic communications. Many of the changes are minor and I support them. I refer to my various business interests, most of which are affected by data. I was also the Data Minister at DCMS, and that was during the negotiations on the GDPR which, ironically, we agreed to in good faith to try to help in the negotiations with the European Union in the run-up to the referendum. Indeed, I took over the portfolio from my noble friend Lord Vaizey. Perhaps because he was bored by data, which he has admitted to today, or perhaps because he was so busy with the glamour of digital and its pioneers, he passed it to me with a huge portfolio of ministerial correspondence to deal with, so I had my work cut out. He also gave me the chance to make some progress with nuisance calls, which are a very important consumer issue.
I rise to speak for three reasons. The first is that data is incredibly important to the modern economy. It is the “big oil” equivalent in the 21st century. It is vital to banking, to telecoms, to retail and supply chains, to pop music and entertainment, to aviation, to transport and energy and, with Covid, to pretty much everything else—notably, of course, education, healthcare and border controls. My noble friend Lord Vaizey gave us an idea of the sheer scale of this. He rightly said it was “the new trade route”—I like that as a parallel. It is so important that we cannot slip up in this area. It is possibly even more important than physical trade.
Secondly, I would like to know the latest thinking within the EU on data. I have the honour to sit on the Lords EU Committee. As the noble Lord, Lord McNally, has already said, we tackle data together. It is one of the aspects of the ongoing FTA negotiations that worry us most. The Government in their wisdom—
Mr Hancock was the Minister—brought in a special Act, the Data Protection Act 2018, to ensure we were fully compliant with EU rules and norms on exit day. This was to enable the EU to grant the equivalence status we need, which, as we have just heard, Japan has recently acquired. I am not sure I would have done it that way, as the Act is very burdensome, especially for small businesses, charities and local councils. Everyone, including your Lordships, risks breaches, which at the upper limit attract vast fines—an odd way to take back control. Unfortunately, so far, this has not been a successful strategy. As far as I know, we still await an equivalence decision on data. As with financial services, one assumes this is being held back by the EU as a negotiating ploy. To my mind, this is not very responsible, given the huge interest of both sides in proper data flow. Maybe my noble friend the Minister can reassure me and advise that there is a contingency plan for a year or two—as we have seen on the share trading exchanges in the financial services area—if FTA talks falter or fail, or equivalence is formally withheld for any reason. The noble Lord, Lord McNally, touched on this point and suggested that businesses needed to be consulted on contingencies. I certainly look forward to my noble friend the Minister’s reply on that.
My third reason for speaking is that I spent time in Washington helping—or trying to help—to sort out a US-EU deal on the Privacy Shield in 2017, persuading the US to give some ground. I was therefore extremely disturbed at the European Court judgment against the arrangement on 16 July 2020. During discussion on the Trade Bill on 1 October, the Minister suggested that standard contractual clauses had been supported in that judgment and that updated guidance from the Information Commissioner’s Office would be available “as soon as possible”. Is that now available and what does it, or will it, say? Most important of all: will it solve the problem?
In the meantime, I note that the Privacy Shield decision is removed from our regulations, as we have heard. I also see the reference to guidance for small businesses and to standard contractual clause templates in paragraph 13.2 of the DCMS’s helpful memorandum. But I repeat my question: does this solve the problem? If so, can the Minister kindly explain on the record how and why?
In closing, I support my noble friend the Minister and the Government in getting this and other SIs through in a timely manner before exit day, and I very much hope that she will be able to reassure me.
6.45 pm