2016 Review: Post-Brexit – What's the Potential Fallout For Data Protection?

Author:Mr Philip Nolan, Jevan Neilan and Oisin Tobin
Profession:Mason Hayes & Curran

We have written and published a variety of tech law-related insights throughout 2016. Following the trend of recent years, 2016 has not disappointed in highlighting many important and complex issues in the areas of privacy and data protection. For the MHC Tech Blog, our most popular post related, somewhat unsurprisingly, to Brexit and the effect that it may have on data protection. We have republished this post once more, as it still remains relevant as 2017 approaches.

The result in the recent Brexit referendum creates questions on how the UK's decision to leave the EU will impact stakeholders across the key sectors of the UK economy.

We take a look at what Brexit means for technology, data protection and privacy.

Existing UK rules

One of the main aspects of the EU and the Single Market is the harmonisation of national laws. Currently, the regulation and protection of personal data in the UK is primarily governed by the Data Protection Act 1998. These rules, like their Irish equivalent, derive from EU law. In the wake of the Brexit vote, the Information Commissioner's Office (“ICO”) - the UK's regulator and the counterpart of the Irish Data Protection Commissioner - issued a statement regarding the on-going status of the 1998 Act. In its statement, the ICO made clear that the 1998 Act will remain law post-Brexit.

Incoming Changes

Despite the fact that the EU-derived 1998 Act will continue to apply, UK and EU paths in respect of data protection may possibly be on course to diverge. On 25 May 2018, the General Data Protection Regulation (“GDPR”) will come into force. Unlike its predecessor - the Data Protection Directive - the GDPR will apply directly to all EU member states. In other words, for the most part, Member States will not require national measures to transpose the GDPR. The GDPR also represents a significant toughening of EU data protection rules. With the UK out of the EU picture, the GDPR will not apply to it. This in turn raises questions as to what form the UK's future data protection rules will take.

What are the UK's options?

It is possible that certain quarters of the UK may seek to use Brexit as an opportunity to repeal or significantly amend the 1998 Act. The UK may consider taking advantage of Brexit to loosen data protection standards, and to not adopt the GDPR, thereby placing UK businesses at a competitive advantage, essentially having less red tape compared to companies located in other EU Member States. However, on...

To continue reading