Peers are pushing for legislation aimed at stopping Britons’ personal data from being sent to third countries such as China and Russia, where there’s no guarantee the data would be protected.
The peer said that global giants, including China’s electric car company BYD, social media platforms TikTok and WeChat, and Russia’s Yandex search engine, “transmit our most personal details across borders into the hands of autocracies under the guise of legality.
“From our political leanings to our most intimate details, we cannot be certain that it’s fully protected,” he said.
Calling for the government to support his amendment, which is sponsored by Conservative Lord Kirkhope of Harrogate and Liberal Democrat Lord Clement-Jones, Lord Bethell said it “heralds a new era of digital accountability and safety ... positions the UK as a pioneer in data transfer standards, setting a global benchmark” that he believers “many will follow.”
Under EU law, the European Commission has the power to determine whether a country outside of the EU offers an adequate level of data protection.
The UK’s post-Brexit data protection law permits companies to freely transfer data to the European Economic Area (EEA) in most cases as the area is deemed adequate in protecting personal data because of the EU’s General Data Protection Regulation.
When transferring data to countries outside the EU/EEA area, a company can proceed with it once it has a contract with the data receiver that incorporates standard data protection clauses recognised or issued in accordance with UK data protection law.
However, Chung Ching Kwong, senior analyst at the Inter-Parliamentary Alliance on China, who worked in support of Lord Bethell on the amendment, said it “makes no difference” whether or not there’s a contract when a data receiver is in Russia or China.
“You cannot enforce your rights as data subjects if your data get transferred to China,” she told The Epoch Times.
“There’s nothing that actually guarantees you have that kind of—especially the right to legal redress, which is an important principle in data protection. So there is no limitation to state accessing your personal data in China because of the cybersecurity law, and all of the national security implications in that country. And Russia as well,” she said.
Lord Bethell’s amendment says no authority can deem a third country “adequate or capable of providing appropriate safeguards” where “there’s no credible means to enforce data subject rights or obtain legal remedies.”
It also compels the minister to consider the Information Commissioner’s view in determining whether credible means are available in a third country.
Ms. Kwong said she believes the proposed legislation, if it’s passed into law, will have enough power to stop data transfer to places without adequate protections in place before the Information Commissioner’s Office and the government make decisions on what transfers will be allowed.
Asked whether all data transfer to non-EEA countries will be stopped, she said it will only stop data transfer to places with no appropriate safeguard, and places such as Japan, the United States, or Singapore “wouldn’t be affected.”
There have been long-standing concerns over the handling of user data in China despite companies’ promises that they haven’t and will not provide data to the Chinese Communist Party.
Under the regime’s National Intelligence Law, organisations and citizens can be compelled to “support, assist, and cooperate with national intelligence efforts.”
