Would a Brexit weaken data privacy in the UK?

Opinion
26 Feb, 2016

Data privacy should be a central issue in debate of EU referendum pros and cons

This week politicians blew lots of political FUD out of their collective nether regions around the EU 'Brexit' debate, but failed to consider how a ‘stay’ or ‘leave’ decision would affect data privacy.

All the wafty hot air from Iain Duncan Smith about staying in the EU making us more vulnerable to a Paris-style terror attack is, frankly, just that. I'd have been more impressed if he had taken the time out to examine how our EU status might impact data protection.

When industry trade body techUK asked its members if they wanted in or out of the EU last year, 71 per cent were in the stay camp, if the UK’s agreement with the EU was reformed.

A total 78 per cent insisted that a UK outside the EU would have less influence on tech industry issues.

These issues include data protection, specifically the EU’s General Data Protection Regulations (GDPR), which are set to come into force between now and 2018.

Only a complete fool would argue that leaving the EU would mean these rules no longer apply to us.

But what worries me is that if we do vote to leave the EU, then the UK will have to come up with a variant of the new Privacy Shield data-transfer agreement that replaced the defunct Safe Harbour deal, which ostensibly stopped the US spying on EU data.

I was no fan of the so-called Safe Harbour agreement. It was evident from the get-go that the USA was more interested in data snooping under the national security banner than any meaningful measure of privacy. What's more, it was also evident that the EU and the UK knew that and turned a blind eye to it.

Nothing will change under the Privacy Shield agreement, which requires the US to promise not to participate 'on its mum’s life' in mass surveillance of EU citizens. Yeah right. I've called that laudable in principle and laughable in practice.

If I'm so against this, then surely I should support a Brexit in order to escape such regulation? Well, no, because the alternative is likely to be much worse.

Look at what Prime Minister David Cameron and Home Secretary Theresa May’s Investigator Powers Bill. Earlier this month IT Pro reported how this "risks destroying UK technology firms' reputations on cybersecurity and privacy, according to experts, civil liberties campaigners and industry trade bodies". This directly opposes the GDPR, which are designed to give citizens more control over who can see and access their data.

If we do leave the EU, we would have to obey the GDPR anyway if we want to continue doing trade with the rest of Europe, as well as demonstrate an adequate level of data protection.

But, depending on the nature of the government at the time, I suspect there will come a point where the 'all your data belongs to us' mentality that underpins the Investigatory Powers Bill shines through and trumps meaningful GDPR implementation.

That will leave the EU having to decide how it deals with a UK that resists GDPR when dealing with EU citizen data, and UK PLC suffering the consequences of the almost inevitable trading fallout.