Friday 21 October 2016

Brexit: Prospects for data protection

The decision made by the British people in the 23 June 2016 referendum has multiple consequences, many of them legal. Some have already been addressed, but the issue of what Brexit could mean for European citizens’ privacy and data protection rights has been pushed to the background.

The regulatory framework for data protection in the European Union conferred total freedom of circulation on data within the 28 Member States.  The United Kingdom’s exit from the EU, and consequently from that legislative environment, will therefore mean that its citizens will be considered as established in a third country, and issues such as those currently existing with the United States will have to be contended with.  Basically, sending data from any EU country to the UK will constitute an international data transfer, with the legal effects that this entails.
Obviously, given the importance of massive data processing for a company from any sector, the UK is not going to remain aloof from its former fellow Member States, since not interacting with the EU in this field would leave it out of the game in a sphere that is vitally important for the economy.   

This situation obviously gives rise to uncertainty -which will have to be cleared up by the British government in the coming months- concerning the decision to be made on the subject of data protection in the island State.

It is first of all necessary to understand the UK’s legislative situation regarding this subject.  The law currently applicable to national data protection is the UK Data Protection Act of 1998, a product of the transposition of the 1995 EU Data Protection Directive establishing the fundamental concepts and principles underlying European data protection laws throughout Europe.  The UK Electronic Communications Act is also significant and regulates electronic signature-related issues stemming from the 1999 Directive and electronic communications and transactions, and is supported by the texts transposing the 2000 E-Commerce Directive.  The current regulatory framework is therefore not so far removed from the one existing in the other 27 countries thanks to the transposition of several directives. 
At first glance, the foreseeable reaction is that the UK will be considered as a country with a secure data protection level, and maintaining the status quo should not be overly problematic, given that UK laws have been adapted to European legislation and are very close to those of the other 27 States.  This obviously depends on a number of factors.  First of all, the British government is changing, and we do not know what the intentions of the next inhabitants of 10 Downing Street will be.  It is therefore feasible to believe that there could be a change in legislative policy concerning data protection, and the ties that bind the country to the EU will therefore be broken in a more drastic way.  Another variable to be considered is that declaring the UK as a country with an adequate level of protection is contingent upon the European Commission’s approval, which has to be carried out by means of a regulated procedure, where it is necessary to study numerous issues such as the functioning of a supervisory authority, case-law on the subject and the country’s international commitments, as well as the fact that the agreement has to be revised every four years.  
Supposing that the second option, which is more realistic and conservative, is the one that is effectively followed, the situation would not be exempt from problems.  The need for the aforementioned declaration by the Commission could mean that in the period of time between the actual departure from the EU and approval of the agreement, the UK will be considered a third country and any transfers made to it will be viewed as international data transfers.  An indefinite time period would open up, in which companies from both sides would have to regulate their operations to comply with transitional legislation with an undetermined expiry date.  In short, too many changes and requirements for a relatively short space of time.  Added to that is the fact that the British State’s laws and practices on the subject of data protection will be monitored closely by EU regulators and subjected to detailed scrutiny.

It should be borne in mind that there are two sides to this dispute, and so the European Union’s reaction has to be assessed. Since it will be for the Commission to evaluate an agreement declaring the UK a kind of “safe harbour” in the event that the exit actually comes about, the European institution may place some tremendously demanding standards on its ex-member.  Europe therefore has the power to subject British law to a comprehensive analysis that will reduce its negotiating leverage and force it to submit to iron-fisted control from Brussels so as not to end up in legislative limbo.

This declaration as a country with an adequate protection level will only be necessary if the UK, on abandoning the EU, decides not to be part of the European Economic Area.  This is the option followed by the non-EEA member Switzerland.  Since 2000, there has been an agreement with the Helvetian country, guaranteeing an adequate level of protection for the treatment of personal data in that State, as in the case of other territories such as the Isle of Man, Uruguay and New Zealand.  In the event that the British opt to adhere to the EEA, European data protection laws will apply to them, and so sending data to the British Isles will not constitute an international data transfer.  

Seeing that the option that is, let us say, peaceful, conservative, or close to the EU, is actually much more problematic than it initially appears, it cannot be ruled out that the incoming administration could make a much more drastic move and reform existing data protection laws to distance them from European legislation, over which there had been disagreement during the approval process, thus adopting a position that is more in keeping with the less protectionist principles of the Anglo-Saxon world.   Since it seems counterproductive for them to isolate themselves in such a way, this option would appear to be less likely, although it can always be argued that if the EU has reached an agreement with the United States, it could also reach one with Great Britain in such a case.

In that regard, Christopher Graham from the Information Commissioner’s Office stated that “international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens”, and that “we will be speaking to government to present our view that reform of the UK law remains necessary”.  It would therefore seem that the country’s relevant institutions in respect of this issue advocate maintaining the unity of EU and UK laws.

Regardless of which option is followed, the consequences are complex to say the least.  The exit is based on Article 50 of the EU Treaty, according to which the withdrawing State and the Union will have to negotiate a withdrawal agreement, setting a date on which the treaties will cease to apply to the former.  Where no such date has been established, the treaties will cease to apply two years after the European Council has been notified of the State’s intention to withdraw, a time period which can be extended.  This term is vitally important, given that the EU General Data Protection Regulation (GDPR) will be coming into effect on 25 May 2018, and so it will more than likely apply to the UK for a certain period of time since a withdrawal agreement has yet to be reached.  Things will therefore get messy: during the negotiation of the exit deal and the time period provided for same, the 1998 law stemming from an EU directive will continue to apply until May 2018, when the withdrawal will almost certainly not yet be effective, and so the GDPR will start to operate until the date on which the treaties will cease to apply is fixed.  Also, once the Regulation comes into force, all companies and organisations, regardless of where they are based, will be required to comply with its provisions if they process EU citizens’ data.  Therefore, when the time comes for the Regulation to cease to apply, a large number of British corporations will have to abide by its provisions in respect of a significant part of their activities.  

We can confidently predict that British law will continue in line with European law for a considerable period of time, and so the aforementioned split will be a medium-term decision.  The application of the Regulation in the UK will be a reality, and so for a while there will be calm as regards data protection on the continent.  In fact, the UK, just like the other EU Member States, will have to transpose the recently approved (May) Council Directive concerning measures to ensure a high common level of network and information security across the Union into its domestic law; in other words, its legislation will keep pace with the rest of the Union for the time being. 
The ocean of uncertainty caused by the referendum has left all players in a state of bewilderment and with no choice but to wait and see how events unfold before anything definite can be affirmed.  In the meantime, there can only be forecasts and conjecture.    

Visit our website:


  1. If you want to reinstall the operating system or upgrade your device, you can use a flash file. This file helps to get back your phone in factory format. It can fix software issues, Boot loop issues, IMEI issues, and dead issues. These files are unique for every phone.Here is the link of Vivo y51l stock rom

  2. Data protection should be the main goal, whether you have a small business, or you run the country, you own a company, or you belong to the group of Dissertation Literature Review Writers uk, your main focus should be that the private data should be safe with you. I am very glad that there’s a proper union formed solely for this cause!• Know your topic well
    • Check your requirement
    • Know your structure
    • Just keep on writing in a flow
    • Proofread
    • Boom! You’re done

  3. Even though I am a responsible citizen, but I am always scared that what if, unintentionally, I end up doing something wrong and defame my country. I mean, how do people get the courage to take such a step of smuggling? That is just stupid. I provide the best academic transcription writing service and I often encourage students to talk on this topic!

  4. When I was doing my job I was hoping to get my data protection because I have a lot of dissertation writing for people I was hoping to get a good bit of data protection software

  5. Data protection is one of the most important things when you work online because theft can hurt you a lot. You can use encryption and copyright protection techniques to ensure intellectual security. The best encryption and secure data transfer I have seen when I opted to buy persuasive essay writing service online. Because they not only took care of the quality of work but also take care of the security of data.

  6. I seriously love your website.. Excellent colors & theme.
    Did you create this amazing site yourself? Please reply back as I’m attempting to create my own site
    and want to know where you got this from or just what the theme is named.

    Review my webpage - 풀싸롱

  7. Nice blog and absolutely outstanding. You can do something much better but i still say this perfect. Keep trying for the best. For More Information Visit Here:- Spectrum Email Not Working

  8. I've always found your article to be entertaining and educational, and I appreciate you sharing this one with us. I've been reading your blogs for two years and they've been quite helpful in my studies, such as Pay Someone To Take My Accounting Class, and they're all written by wonderful writers.

  9. The IT department is introducing new software every day. Now it seems that all the world systems are solved on the Internet. I appreciate your efforts in introducing new techniques. dissertation writing services

  10. Even though I am a responsible citizen, I am always afraid that I will accidently do something wrong and bring my nation into disrepute. How do people muster the guts to take such a risky smuggling step? That is completely inexcusable. I offer the greatest and frequently urge students to discuss the subject!

  11. Your blog contains lots of valuable data. It is a factual and beneficial article for us.Private Label Identity Protection Thankful to you for sharing an article like this.

  12. Hey! A good online essay writing service will always look after you. Everyone on the writing team does believe in our cause, which is helping high school, college, and university level learners get better marks and ace their essays.

  13. Counter-Strike: Global offensive es un apuestas partidos csgo excelente partido de apuestas de deportes electrónicos que encontrarás en muchas plataformas de deportes electrónicos en línea. Los juegos de CSGO implican una batalla entre dos equipos y un juego de disparos en primera persona multijugador.

  14. Espero que esta información te sea útil. Si tienes más preguntas, no dudes en preguntarme.
    Aquí hay algunos beneficios adicionales de los campus de fútbol: Los jugadores pueden aprender de entrenadores experimentados y de jugadores de alto nivel.

  15. The article by ELZABURU explores the implications of Brexit on data protection post-Brexit, highlighting the UK's transition from an EU member state to a third country. It examines the UK's data protection laws and their alignment with European legislation, suggesting maintaining alignment with the EU is more pragmatic. The article also compares the UK's approach to Switzerland and the EEA's impact on data protection laws. estates lawyer

  16. Looking for an affordable telescope? We've got you covered! Check out our amazing selection of Telescope Under 10000. Whether you're a beginner or an experienced stargazer, we have the perfect telescope for you. Explore the wonders of the universe without breaking the bank. Don't miss out on this incredible opportunity to bring the stars closer to you. Start your astronomical journey today!

  17. The UK's departure from the EU has cast a long shadow over data protection. While the immediate disruption of a "no-deal" Brexit was averted, long-term uncertainty remains. The UK's adequacy status, allowing data to flow freely between the UK and EU, hangs in the balance. Divergence from EU data laws is possible, potentially creating a patchwork of regulations and hampering cross-border business.
    divorce center new york ny

  18. The UK's post-Brexit data protection prospects are influenced by various factors, including changes in legislation, data transfer agreements, and the UK's relationship with the EU. The UK has adopted the General Data Protection Regulation (GDPR) and UK GDPR, ensuring continuity in data protection standards. The UK has secured an adequacy decision from the EU, allowing for the continued free flow of personal data from the EU/EEA to the UK. Standard Contractual Clauses (SCCs) can be used to facilitate data transfers between the UK and the EU fairfax drug crime lawyer.