Would a Brexit weaken data privacy in the UK?

Several EU flags hoisted outside a building

This week politicians blew lots of political FUD out of their collective nether regions around the EU 'Brexit' debate, but failed to consider how a stay' or leave' decision would affect data privacy.

All the wafty hot air from Iain Duncan Smith about staying in the EU making us more vulnerable to a Paris-style terror attack is, frankly, just that. I'd have been more impressed if he had taken the time out to examine how our EU status might impact data protection.

When industry trade body techUK asked its members if they wanted in or out of the EU last year, 71 per cent were in the stay camp, if the UK's agreement with the EU was reformed.

A total 78 per cent insisted that a UK outside the EU would have less influence on tech industry issues.

These issues include data protection, specifically the EU's General Data Protection Regulations (GDPR), which are set to come into force between now and 2018.

Only a complete fool would argue that leaving the EU would mean these rules no longer apply to us.

But what worries me is that if we do vote to leave the EU, then the UK will have to come up with a variant of the new Privacy Shield data-transfer agreement that replaced the defunct Safe Harbour deal, which ostensibly stopped the US spying on EU data.

I was no fan of the so-called Safe Harbour agreement. It was evident from the get-go that the USA was more interested in data snooping under the national security banner than any meaningful measure of privacy. What's more, it was also evident that the EU and the UK knew that and turned a blind eye to it.

Nothing will change under the Privacy Shield agreement, which requires the US to promise not to participate 'on its mum's life' in mass surveillance of EU citizens. Yeah right. I've called that laudable in principle and laughable in practice.

If I'm so against this, then surely I should support a Brexit in order to escape such regulation? Well, no, because the alternative is likely to be much worse.

Look at what Prime Minister David Cameron and Home Secretary Theresa May's Investigator Powers Bill. Earlier this month IT Pro reported how this "risks destroying UK technology firms' reputations on cybersecurity and privacy, according to experts, civil liberties campaigners and industry trade bodies". This directly opposes the GDPR, which are designed to give citizens more control over who can see and access their data.

If we do leave the EU, we would have to obey the GDPR anyway if we want to continue doing trade with the rest of Europe, as well as demonstrate an adequate level of data protection.

But, depending on the nature of the government at the time, I suspect there will come a point where the 'all your data belongs to us' mentality that underpins the Investigatory Powers Bill shines through and trumps meaningful GDPR implementation.

That will leave the EU having to decide how it deals with a UK that resists GDPR when dealing with EU citizen data, and UK PLC suffering the consequences of the almost inevitable trading fallout.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.