14 March 2016

Brexit in Brief: Data Protection


The debate about Brexit would be incomplete without considering the data protection and privacy implications.

Many UK businesses feel constrained by European data protection laws, which restrict the way in which they can handle personal data. However, it’s a key issue for many voters, who value their privacy in an increasingly digital world.

So what would happen on data protection if Britain were to exit Europe? First of all, data protection laws in the UK would still exist in some form or another. The UK's Data Protection Act has been in force since 1998 and that would continue to be in force unless and until the Government were to change those laws. The position is a little bit more questionable in terms of future laws that are being developed at a future level. At the moment, there has been much debate concerning a new general data protection regulation which will have direct force on the member states of the European Union. If Britain were to exit the EU then that regulation would not have force in the UK and, therefore, there would be a question mark as to how the British Government and British businesses would need to deal with those changes in law. On the one hand, British businesses would still need to comply with the general data protection regulation on many levels. This is because the jurisdictional scope of that new regulation would apply to any businesses that are processing the personal data of European citizens. So Britain exiting Europe would not actually remove the red tape that British businesses would need to comply with. Britain would effectively have to make a choice as to how it would like to deal with Europe in the future. It could adopt an approach similar to that of Switzerland, which tries to ensure that it has equivalent data protection laws in place to match those in force in other European member states. What that means is that Switzerland can enjoy data transfers between European member states and itself, without the need for additional agreements at an international level or between European and Swiss businesses.

However, if the UK Government were not to agree with the higher level of protection that would be imposed by the general data protection regulation at an EU level then it might seek to take more of an approach akin to that of the United States, where various laws are in place, which have much lower standards of protection than in the EU, but in which the US Government has agreed to put in place certain protections to allow more easy cross-border transfers of data from Europe to the United States.

It is true that Britain would enjoy a higher degree of control over its own data protection laws. The effect of that, however, could cut both ways. First of all, it would be much easier for the Government to pass new surveillance laws which it is always seeking to do to obtain more access to personal data on users of mobile phones, regarding individuals’ website activities and so forth. However, any of those new surveillance laws would not be subject to challenge by the Europe Court of Justice and, therefore, in many ways, individuals may lose some of the rights of privacy that they have enjoyed to date.

In conclusion, if Britain were to exit the European Union, Britain would obtain more control over its own privacy laws. However, British businesses would still need to comply with the red tape that is imposed by European standards concerning data protection and Britain would lose its seat at the table in determining what those standards would be in the future.

Data Central

Have you checked out our new Data Hub? Data Central contains a range of resources to help our clients minimise the legal, regulatory and commercial risks this data-driven environment presents and ensure that its full value is being realised.

A Guide to Doing Business in China

We explore the key issues being considered by clients looking to unlock investment opportunities in the People’s Republic of China.

Doing Business in China
Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    April 4 2019, National Intellectual Property Administration published Patent Examination Guidelines Amendment (Draft) and requests public opinions. The opinions may be submitted to NIPA by May 5,...

    12 April 2019

    This note focuses on consent, and in particular consent requirements as set forth by the GDPR which are numerous.

    01 August 2018

    Organized into 19 stand-alone law topics, this article presents perspectives and on-the-ground experience from an experienced legal counsel in China.

    15 November 2017

    Comments on Measures for the Security Assessment of Personal Information and Important Data to be Transmitted Abroad (Draft for Comment).

    17 April 2017

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.