Subscribe

How Will Brexit Impact On Data Protection?

The transfer of data from EU member states to the UK will likely become more complicated if Brexit goes ahead, according to Philip Nolan, partner in law firm Mason Hayes & Curran.

The UK’s data protection laws, which are primarily set out in the UK Data Protection Act 1998, derive from EU law. According to Nolan: “It is possible that the UK may seek to use Brexit as an opportunity to repeal or significantly amend the UK Data Protection Act. This agenda may get additional impetus from the recently adopted General Data Protection Regulation. This will come into force on 25 May 2018 and will significantly toughen data protection rules in the EU.

“The UK may consider taking advantage of Brexit to loosen data protection standards, and not to adopt the GDPR, so as to place UK businesses at a competitive advantage compared to companies located in other EU member states.

“However, on balance, we think it is most likely that the UK will retain EU data protection law, including the high standards contained in the GDPR.”

In Association with

If the UK wants to join the European Economic Area, it will need to adopt the GDPR. In any event, UK businesses that deal with other EU countries will still need to comply with the GDPR.

This stems from the GDPR’s expansive scope. The GDPR will apply to companies based outside the EU that offer goods or services to individuals located in the EU.

Complications

If the UK does not join the European Economic Area, serious issues will arise with respect to the free flow of data between the EU and the UK.

Says Nolan: “EU data protection law prohibits transfers to countries that do not provide an ‘adequate’ level of protection for personal data. Only a handful of countries are recognised as meeting this standard - Canada, New Zealand and Israel among them.

“This means that transfers of personal data between the EU and the UK could be presumptively unlawful and may only take place if certain derogations apply. This could include, for example, the use of EU Commission approved model contractual clauses.”

Nolan notes that international data transfers are a fraught area at present, and the Irish Data Protection Commissioner recently commenced proceedings in the High Court seeking a referral to the CJEU and a declaration that model contractual clauses are themselves in breach of EU law, at least where used for transfers to the US.

“Litigation of this sort may make it more challenging to addresses data transfers between the EU and the UK,” says Nolan.

 

• Click here for further Brexit implications overview from Mason Hayes & Curran

 

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram