PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Brexit: Single market access ‘likely’ to lock in EU data protection rules

Come what, May?

Thomas Newton
 & Thomas Newton Contributing Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

EU laws on data protection might still apply to a post-Brexit UK, if it’s able to remain in the single market.

The General Data Protection Regulation (GDRP) promises ‘strict conditions’ on the gathering of personal data while “safeguarding against and the prevention of threats to public security.”

In real terms this means you'll be able to demand that companies erase any data they hold on you and there will be greater fines for any law enforcement bodies that break the rules.

It’s already due to come into effect in EU member states on the 25th of May 2018, which means even if Article 50 is triggered today, the laws will apply in the UK for at least a short term. The longer term implications are less clear.

Speaking at the Privacy Laws & Business annual conference, Tory peer and minister for data protection Baroness Neville-Rolfe urged ministers and businesses to consider the possibility of having to abide by data protection rules set by Brussels:

“One problem is that we do not know how closely the UK will be involved with the EU system in future. On one hand if the UK remains within the single market EU rules on data might continue to apply fully in the UK. On other scenarios we will need to replace all EU rules with national ones. Currently it seems unlikely we will know the answer to these questions before the withdrawal negotiations get under way.”

Indeed, article 66 of the Directive states: “The Commission should be able to decide with effect for the entire Union that certain third countries, a territory or one or more specified sectors within a third country, or an international organisation, offer an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third countries or international organisations which are considered to provide such a level of protection.”

In other words, even if the UK leaves the single market, any domestic laws would have to include provisions for the handling of EU citizens data as well as how UK subjects data would be shared with European agencies and businesses.

Other elephants in the room include the eventual replacement of the Safe Harbor agreement between the EU and the United States, which was kicked to the kerb last October.

This February, the Article 29 Working Party similarly scrapped the Privacy Shield proposals, due to vague wording. Whatever new deal is hashed out with the EU and the US in the meantime would have to comply with the GDRP and whichever course the UK takes, it too would have to come to arrangement which accommodates both sets of rules.

All of the above adds up to a real headache for PM hopeful Theresa May. The current Home Secretary and MP for Maidenhead is very much in favour of the UK staying in the single market. May is also the chief sponsor of the Investigatory Powers Bill, which will allow police access to all web browsing activities. The IP Bill would therefore have to be amended or repealed in order to be compatible with the GDRP.

June-2016_0010” by Ed Everett is licensed under CC BY 2.0 / Cropped from original.

About Our Expert

Read the latest from Thomas Newton

Read full bio