UK tech worried over post-Brexit data sharing
-
The sector's main immediate concern is that the UK's data laws remain harmonised with the EU's and that free flow of data is part of a future UK-EU trade pact. (Photo: European Union)
By Benjamin Fox
The prospect of being unable to transfer and share citizens' data with EU counterparts has troubled British businesses and police agencies since the June 2016 referendum.
Those concerns have become more acute since it became clear that the UK would leave the single market in 2019.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
Since the start of 2017, industry group TechUK has been holding monthly meetings for its members with its 'Brexit advisory panel', which includes former UK civil service chief Gus O'Donnell, and Syed Kamall MEP, leader of the European Conservative and Reformist group in the European Parliament.
Their main immediate concern is that the UK's data laws remain harmonised with the EU's and that free flow of data is part of a future UK-EU trade pact.
In a step towards placating those fears, UK digital affairs minister Matt Hancock introduced a bill to implement the EU's Data Protection Regulation (GDPR) into UK law in September, stating that it would help "ensure unhindered data flows after Brexit".
But putting the GDPR into UK law isn't enough by itself to keep the data flowing.
Outside the single market, the UK will still need an 'adequacy decision' – the European Commission's approval of its data protection and privacy standards.
The main stumbling block is likely to be the UK's Investigatory Powers Act, adopted in 2016, and piloted by Theresa May in her former role as home secretary. Amongst its provisions, this controversial bill allows government agencies to monitor and keep copies of internet browser histories and phone records.
Poacher turned gamekeeper
Ironically, Brexit minister David Davis, then a backbench MP and civil liberties campaigner, was one of the chief opponents, challenging to it all the way to the European Court of Justice.
The European Court of Justice's ruling in the Max Schrems case on the EU-US 'Safe Harbor' agreement in 2015, which stated that the EU must protect its citizens from surveillance, makes the UK act particularly troublesome.
EU insiders say that means the UK would have to provide cast-iron guarantees about the forwarding of personal data, and the UK's role in the 'five eyes' intelligence and surveillance network with Australia, Canada, New Zealand, and the United States.
Even then, without scrapping the Investigatory Powers Act, court challenges to the ECJ would be inevitable, a sizeable problem since Davis and his team insist that after Brexit the UK will not be subject to the Luxembourg court.
"I wouldn't be surprised if the Germans wanted a legal commitment that the UK government will not spy on European citizens," Hosuk Lee-Makiyama, director of European Centre for International Political Economy, told EUobserver.
"The adequacy decision is an assessment based on politics. It will be a negotiation, and you pay for it," said Makiyama.
For its part, UK ministers remain outwardly confident that a data deal can be done.
"I would expect it (an adequacy decision) to be delivered," Steve Baker told the Exiting the EU select committee on October 26. "We want to get a deal on data sharing as part of the negotiated exit agreement," he added.
That suggests that the Commission's responsibility for giving an adequacy decision could be superseded by the Article 50 talks with the EU-27.
However, recent precedent suggests that the prospects of data and e-commerce being part of a speedily agreed UK-EU trade deal are not promising.
The EU's Privacy Shield agreement with the US took two-and-a-half years to negotiate, and France and Germany are opposing attempts to include e-commerce and data flows in EU trade pacts.
France is by far the leading axis on privacy, a Commission official told EUobserver.
So, what's the alternative, or will the UK's £240 billion a year digital sector simply be hit by a 'no deal' Brexit?
Nor does the Exiting the EU department want to publish its assessment of the likely cost of having to replace the EU's agencies, fearing that making this public could harm its negotiating strategy in the Article 50 talks with Michel Barnier.
"We do not want to send signals that we are considering alternatives," said Baker. "The work is being done".
That suggests that the government is not prepared or preparing for a 'no deal'.
Site Section
Related stories
- Privacy rules to create jobs, EU data chief says
- EU gives thumbs up to US data pact
- Germany tells EU to slow down on new cyber rules
- Privacy whiz Max Schrems set to challenge other big firms
- Uber may face fines in EU for keeping data breach secret
- EU 'outdoing Bush' on sea and train passenger-data warning