Thank you to all of my constituents who contacted me about the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and data protection.
I appreciate your concerns on this issue. As you will know, CPTPP requires countries signing up to it to allow the cross-border flow of data, including personal information. At the same time, it does not hold its signatories to upholding the same level of data protection we enjoy under our General Data Protection Regulation (GDPR) here in the UK. Indeed, only three of the current CPTPP signatories – Canada, Japan and New Zealand – have received adequacy decisions on data protection from the EU. If the UK signs up to CPTPP – and specifically, article 14.11 of the agreement – we would therefore have to permit the transfer of UK data to countries whose data protection standards fall well short of our own.
The Government says CPTPP will not undermine the UK’s GDPR data protection rules. It has argued that the exception to cross-border data flows in article 14.11 for the purpose of achieving a legitimate public policy objective provides enough room for the UK to ensure personal data protection. However, experts have argued that this exception is only limited and have expressed doubt that it would be broad enough to allow us to maintain our current data privacy regime.
I am concerned that the Government appears unwilling to even acknowledge the trade-off between our strong data protections and the demands of the CPTPP to allow the free flow of data, much less to set out how it plans to balance this trade-off. I believe it needs to make clear how it will guarantee that GDPR will not be challenged or undermined as a result of the transfer of data to countries with lower protections when we join CPTPP. I can therefore assure you that I will continue to support efforts to press it on this issue.