Skip to main content

British businesses and NHS face huge extra costs if crucial UK-EU data agreement is not reached

23 October 2024

British businesses and organisations such as the NHS will be hit by “significant” extra costs and red tape if the UK loses the right to exchange citizens’ personal data seamlessly with the EU, according to the letter sent to the Government by the European Affairs Committee.

The situation also risks serious damage to UK’s reputation as a destination for international investment, and triggering a decline in UK innovation.

Background

The letter follows a 7-month inquiry by the Committee during which peers were warned of the consequences of losing “data adequacy” – the process whereby the EU recognises the UK’s data regime, including GDPR, and so permits data to be freely transferred back and forth.

The Commission granted adequacy status to the UK in June 2021, but this runs out on 27 June 2025, at which point it has to decide whether to extend the status or let it expire.

Findings and recommendations

Experts told the Committee that losing data adequacy would increase friction as well as costs in trade and other interactions between the UK and EU, which would “probably feed through into higher prices for consumers and probably reduce consumer choice (and) hurt consumer confidence”.

The Committee’s letter urges the Government to engage in early talks with the Commission in Brussels, and other EU stakeholders, to ensure the UK maximises the prospects of achieving agreement in the first half of 2025.

The Committee’s letter, addressed to the Rt Hon Peter Kyle MP, Secretary of State for Science, Innovation and Technology, emphasises that losing adequacy would “raise new barriers to international trade and economic co-operation, and to trust in the UK’s digital economy, running counter to the Government’s objective of boosting economic growth. Losing adequacy would also have an adverse impact on Northern Ireland.”

To limit uncertainty, the Committee recommends that the Government “engage early with the Commission and other EU stakeholders with a view to ensuring that the adequacy renewal process is on a positive track and providing reassurance as soon as possible about the retention of adequacy status”.

The Government should also explore the prospects for securing future adequacy renewal decisions from the Commission which do not expire after a fixed period. It should engage with the EU in good time to explain and provide reassurances on any planned data protection reforms.

The Committee also recommended that the Government should be fully engaged in the wider debate about the future of international data flows, to ensure that the outcome serves UK interests. Peers drew attention to the fact that the UK, in addition to having EU adequacy status, is a member of the emerging Global Cross-Border Privacy Rules system. This gives the UK the opportunity to act as a trusted and responsible “data bridge” as international data protection policies evolve.

Chair's Comments

Lord Rickett, Chair of the European Affairs Committee said:

“The UK faces a potential cliff-edge in June 2025 unless agreement is reached with the EU on the continued free flow of data. The safe and effective exchange of data underpins our trade and economic links with the EU and cooperation between our law-enforcement bodies. The loss of data adequacy would create new barriers and run completely counter to the Government’s ambitions to grow the economy and reset relations with the EU. We recommend that reaching timely agreement on data adequacy should be integral to the reset, and the Government’s top data protection priority.”

He added: “The UK’s current GDPR regime is far from perfect. But the consequences of not reaching agreement with the EU are extremely harmful. There is clearly scope to reform and improve GDPR as part of the Government’s new Digital Information and Smart Data Bill. But this must not jeopardise the UK’s adequacy status.”

Further information