Thank you for your email regarding the Data Protection Bill.
I understand you have concerns about safeguards for data-sharing in the Data Protection Bill but the Bill provides that the intelligence services can only make transfers outside of the UK when necessary and proportionate for the purposes of the services' statutory functions.
The General Data Protection Regulation (GDPR) doesn’t deal with national security processing since that is outside the scope of EU law. The GDPR therefore isn’t designed for, and doesn’t provide an appropriate basis for, the unique nature of intelligence services processing, including when they make international transfers to partners when necessary to safeguard national security.
The international transfer of personal data is vital to the intelligence services' ability to counter threats to national security and they must be in a position to be able to operate across borders and share information quickly to protect the UK and its partners. In all cases, the intelligence services apply robust necessity and proportionality tests before sharing any information. The inherent risk of sharing information must be balanced against the risk to national security of not sharing such information.
Thank you once again for taking the time to contact me.
With best wishes.