Baroness Blackwood indicates that government has ‘made arrangements’ with the US

Credit: Danny Lawson/PA Archive/Press Association Images

Processing of UK citizens’ personal data by US firms will remain protected by the European Union’s Privacy Shield framework even in the event of a no-deal Brexit, a government minister has claimed.

Conservative peer Baroness Blackwood of North Oxford, who serves as minister for innovation in the Department for Health and Social Care, has claimed that the UK has reached an agreement with the US to ensure citizens’ information remains protected.

Introduced in 2016, the Privacy Shield agreement between the EU and US requires American firms that process the personal data of European citizens to self-certify that they will adhere to all relevant regulations. The arrangement, which is reviewed annually by authorities on both sides of the Atlantic, also requires firms to respond to complaints from citizens who believe their data has been misused.

Related content

• EU data watchdog calls for ‘significant improvements’ to Privacy Shield
• MEPs call for suspension of Privacy Shield unless US complies with data-protection agreement
• Government advises that NHS data can be safely hosted in the US and other countries

Almost 5,000 US companies have certified themselves under Privacy Shield. All of them face punishment under US law if they fail to comply with the agreement’s terms.

Despite the UK’s impending exit from the EU, the data of this country’s citizens will remain protected by the arrangement – even in the event of a no-deal Brexit, Baroness Blackwood claimed.

In response to a written parliamentary question from cross-bench peer Lord Freyberg, she said: “As the United Kingdom leaves the European Union we have made arrangements with the United States that will ensure that in both ‘deal’ and ‘no deal’ scenarios, transfers of personal data from the UK to US Privacy Shield participant organisations can continue to be made under the Privacy Shield Framework.”

She added that the measures set out in last year’s Data Protection Act legislation demonstrates the government’s commitment “to maintaining a high level of data protection standards”.

“These safeguards allow the public to have trust in how and why their data is used and it is important that we maintain them. Access and use of data should always be done lawfully, safely and securely. We reiterate that National Health Service data must always be held securely, with appropriate and strong privacy and cybersecurity protections.”

Privacy Shield replaced the former the Safe Harbor agreement, which stood for 15 years, but was invalidated by the European Court of Justice in 2015. Its demise came after a series of legal challenges contending that the agreement did not sufficiently safeguard the privacy of EU citizens.