The House of Lords European Affairs Committee has revealed the findings of a lengthy investigation which, according to peers, uncovered the major financial and other risks of losing validated status
UK businesses could face more than £1bn-worth of extra costs as the deadline approaches for the UK-EU data adequacy agreement, a House of Lords committee has warned.
In a letter to tech secretary Peter Kyle, the European Affairs Committee has urged the government to kickstart negotiations with the European Commission to avoid the “harmful consequences” if the UK loses its adequacy status after the current arrangement passes its expiry date of 27 June 2025.
The status means that the UK’s data regime has been assessed and validated as offering equivalent protections to those available under EU legislation.
The committee claims that failing to retain the status would risk “serious damage” to international trade and trust in the UK’s digital economy, which is worth more than £150bn. It added that it would harm the UK’s reputation as a destination for international investment, triggering a decline in innovation.
The cohort has urged the government to engage “early” with the commission in Brussels, and other EU stakeholders, to ensure the UK achieves a long-term agreement in the first half of 2025.
The letter follows on from a seven-month inquiry by the committee during which it heard from witnesses who told members that losing the status could cause significant problems in areas from fighting crime to banking and legal services, as well as medical treatment – both in the NHS and for UK citizens abroad.
Evidence from the NHS Confederation and Understanding Patient Data estimated that the cost to the NHS of any loss of adequacy could be in the “tens of millions of pounds”, while research by the New Economics Foundation and UCL European Institute suggests that failing to secure adequacy status would impose additional compliance costs on UK businesses of up to £1.6bn.
Related content
- Sunak and Biden agree transatlantic data bridge
- Minister: ‘Exact alignment to EU law is not a requirement for data adequacy’
- What now for the UK’s data-protection regime?
Witnesses also highlighted that losing the status would “increase friction” in trade, which would “probably feed through into higher prices for consumers and probably reduce consumer choice (and) hurt consumer confidence”.
Lord Peter Ricketts, chair of the committee said: “The UK faces a potential cliff-edge in June 2025 unless agreement is reached with the EU on the continued free flow of data. The safe and effective exchange of data underpins our trade and economic links with the EU and cooperation between our law-enforcement bodies. The loss of data adequacy would create new barriers and run completely counter to the government’s ambitions to grow the economy and reset relations with the EU. We recommend that reaching timely agreement on data adequacy should be integral to the reset, and the government’s top data protection priority.”
He added: “The UK’s current GDPR regime is far from perfect. But the consequences of not reaching agreement with the EU are extremely harmful. There is clearly scope to reform and improve GDPR as part of the government’s new Digital Information and Smart Data Bill. But this must not jeopardise the UK’s adequacy status.”
The committee called for government to secure future adequacy renewal decisions from the commission which do not expire after a fixed period.
It also recommended the government engages in the wider debate about the future of international data flows, to ensure that the outcome serves UK interests. Peers drew attention to the fact that the UK, in addition to having EU adequacy status, is a member of the emerging Global Cross-Border Privacy Rules system, claiming this offered the UK the opportunity to act as a trusted “data bridge” as international data protection policies evolve.
A version of this story originally appeared on PublicTechnology sister publication Holyrood