Oliver Dowden’s blue skies “data protection” think tank at the Department of Culture, Media and Sport (DCMS) has come up with an interesting idea to resolve all UK’s problems with respect to overseas transfers and adequacy determination, once and for ever.
According to a confidential DCMS “Departmental Information Paper” (amusingly called “DIPers” by DCMS insiders) found abandoned in Costa Coffee at Watford Gap Service station on the M11 last week, the think tank’s idea “neuters all those lefty-lawyers, privacy fanatics and foreign data protection authorities who repeatedly carp on (and on infinitum) about the low level of data protection in the UK”.
The idea is for the UK to negotiate with the Isle of Man Government to see whether the Island could be divided into two separate administrative zones and then encourage UK companies who have “many difficult transfers of personal data to accommodate” (e.g. “transfers of private accounts to the Cayman Islands”) to establish remote processing facilities “in each new administrative zone”. The Paper calls these zones, which are to be established as separate states, the “East of Man” and the “West of Man” (much in the same way there is East Ham and West Ham in London).
The two administrative zones are created by installing a virtual border drawn from Douglas to Ronaldsway near the current International airport. Foreign Secretary, Dominic Raab, whose knowledge of the importance of Dover to the UK economy is now unrivalled, said that it was important to keep “both North and South Ronaldsay Islands in the same administrative zone” in order to “avoid upsetting the natives”.
This idea, the Paper concludes, “would mean an influx of UK companies into the Isle of Man, especially from the City of London which would double Isle of Man company tax revenues to such an extent that it would allow its Government to decrease in the standard rate of personal tax to 2% for the first £150K of income”.
How it works?
The idea takes advantage of an “accidental” drafting error in Article 44 of the GDPR and UK_GDPR dealing with General Principles for transfers outside the UK, made by a controller or a processor in the UK. This Article says “Any transfer of personal data which are undergoing processing … shall take place only if, subject to the other provisions of this Regulation, …and … including for onward transfers of personal data from the third country … to another third country”.
Quite simply a controller wanting to do a dodgy transfer from the UK to a British Overseas Territory tax haven, first transfers personal data from the UK to one zone of the newly divided Isle of Man. This transfer is subject to all of the UK_GDPR provisions and is to the Isle of Man which already has an adequacy determination. Therefore the requirements of the first half of A.44 are met as the transfer is subject to “other provisions of this Regulation”.
The personal data are then transferred from this zone to the other zone of the Island, and this constitutes the “transfers of personal data from the third country … to another third country” (thereby meeting the requirements specified in the second half of A.44) and the transfer is also subject to the GDPR.
As there is nothing else in A.44 to satisfy, the personal data can then freely be transferred from the second half of the Isle of Man to the tax haven, knowing that all data protection requirements have been met.
There will be two versions of the GDPR operative on the divided Island; there will be the Man_GDPR which operates in the East, and a West of Man GDPR (or WoMan_GDPR) in the West. However, as both versions of the GDPR initially will be identical to the current Isle of Man legislation, and because the European Commission has already recognised the Isle of Man as adequate, it follows both zones of the Island will also become adequate.
Echoing the content of Mr Dowden’s recent Financial Times article (see last week’s blog), the DCMS Paper says “This is an example of the UK maintaining high standards of data protection without creating unnecessary barriers to data transfer” and that the new ICO (due to commence employment this Autumn) will “understand the importance of striking the correct balance and delivering on this critical agenda”.
The Paper stresses that the border operates just like the virtual border running down the Irish Sea which separates Northern Ireland from the rest of the UK mainland, post Brexit. Like the UK Government, the Isle of Man Government can pretend the border does not exist and, at appropriate times, ignore international treaties and agreements that refer to it.
Over time, the Paper notes, the name change in two zones of the Island could be shortened to “Isle of Men”, and this in itself could boost tourism to the territory as a “Go To” holiday destination for “male bodybuilders and strongest-man competitors” (as well as the famous TT motorcycle races, much beloved by serious heavy-metal blokes and bikers).
Upcoming Data Protection Courses
All courses lead to the relevant BCS qualification:
- Data Protection Foundation: London, Starts April 27-29 (3 days)
- Data Protection Practitioner: London, Starts May 11 (6 days)
- Data Protection Upgrade Practitioner: London, May 25-26 (2 days)<LAST ONE
Full details on www.amberhawk.com of by emailing [email protected]
You had me right up to the lefty-lawyers, bravo. This is the best April Fools I’m going to see all day bar none.
Posted by: K Slaney | 01/04/2021 at 08:05 AM