Retained EU law has found an unlikely champion in Nigel Farage, whose battle with NatWest has culminated in the resignation of the bank’s CEO, Alison Rose. Farage has yet to thank the EU for creating the laws that allowed him to win this battle, but his victory would not have been possible without European data regulations, which Brexiteers have long sought to remove.
The former Ukip and Brexit Party leader’s account at Coutts bank was closed against his wishes, and he filed a subject access request (SAR) to find out why. This is a right we all enjoy thanks to the UK’s implementation of the General Data Protection Regulation (GDPR), in which article 15 gives “data subjects” (the person to whom the data relates) a right of access to that data.
The GDPR also imposes responsibilities on “data controllers” (people or companies who collect information on other people). Farage was able to say whatever he liked about his own bank account, because people are free to share their own data, but Coutts was not able to comment on the specifics of the case because that would have meant sharing some of the information they had on him.
This is the reason Rose has had to step down. It was her responsibility to protect the data she held on Nigel Farage – a responsibility in which she appears to have failed when, on 3 July, she sat next to the BBC’s business editor, Simon Jack, at a charity dinner and spoke with him about Farage’s claims. In her resignation statement Rose says she did not share “any personal financial information” with Jack, but the following day the BBC published a story in which Jack claimed that Farage’s account had been closed because it had “fallen below the financial threshold” required for Coutts’ customers, who must hold £3m in savings or £1m in investments. While Rose said that she had only responded to a general question about eligibility criteria by citing publicly available information, she acknowledged that she had left Jack with “the impression” that the decision to close Farage’s account was a commercial one. Clearly, speaking to a journalist (or anyone else) about the amount of money in someone’s bank account, without their knowledge or permission, is an unacceptable thing for a bank’s CEO to do.
The narrative being pushed by people like Andrew Griffith, the City minister, is that NatWest “withdrew” Farage’s bank account after deciding his “lawful political views” were unpalatable, and that Rose has been forced out after her sinister corporate wokery was discovered. This isn’t true. While the bank’s reputational risk committee (of which Rose was not a member) did conclude that Farage’s high profile and appetite for controversy made it unattractive for the bank to continue providing services to him, it was Rose’s failure to protect Farage’s data rights under the GDPR that led to her resignation.
Farage will be familiar with the GDPR because he was a member of the European Parliament when it proposed the law in 2012 and when it enforced it in 2016. It continues to apply, as European law, to British businesses that hold EU citizens’ data, but it also applies as British law – the UK GDPR – into which it was transposed, with references to the EU taken out. In 2021 Oliver Dowden, the culture secretary at the time, said he wanted to replace it with “a world-leading data policy” that was “based on common sense, not box-ticking”, but the fact is that any country that wants its businesses to be able to provide goods and services beyond its own borders has to create similar rights and protections: without “data adequacy” the sharing agreements that allow information to flow between continents cannot be formed.
Farage initially blamed “EU directives” on anti-money laundering for the closure of his account, although he didn’t say which ones. The truth is that in this fight, the EU has been very much on his side.
[See also: Never underestimate Nigel Farage]