Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why the UK's vote to leave the EU will have little effect on its data protection rules

Peter Sayer | June 29, 2016
Why Brexit will have little effect on data protection?

eu1

With the haircut that the sterling-euro exchange rate has taken in the wake of the UK's vote to leave the European Union, the UK has suddenly become a low-cost country for companies wishing to host or process the personal information of EU citizens.

EU businesses will need to weigh that price cut against the regulatory uncertainty Thursday's vote introduced - but it turns out that's surprisingly small, at least in the short to medium term.

As for UK businesses hoping for more relaxed data protection rules in the wake of the referendum vote, they will have to wait - perhaps for a very long while.

That's because many of the rules that the 51.9% who voted to leave the EU hoped to escape are, in fact, firmly part of UK law, and will only go away if the UK parliament votes to repeal them.

And it can't do that until it has negotiated its exit from the EU, which is a matter of international treaty and not the will of the people.

The first question, then, is when will the UK officially leave the EU?

That will depend on when the UK government informs the other member states of its intention to leave by invoking Article 50 of the Lisbon Treaty. The UK will cease to be bound by the EU treaties two years after that date - sooner in the unlikely event that all parties reach an agreement on an exit settlement before then.

However, UK Prime Minister David Cameron is in no hurry to invoke Article 50. On Friday morning he announced that he will resign and make way for a new leader of the ruling Conservative Party before the party's annual conference in October. Invoking Article 50, he said, would be a task for his successor.

That means the UK is likely to remain part of the EU until October 2018 - or longer, if Cameron's successor is in no rush to invoke Article 50.

That means UK businesses and citizens will still be subject to EU laws for some years to come.

Those laws come in two forms: directives, and regulations. In the field of data protection, there's one of each to pay attention to.

The most significant - for now - is the 1995 Data Protection Directive.

Directives are proposed by the European Commission (the members of which are nominated by the EU member states), then amended by the European Council (composed of the heads of the EU member governments or their ministers) and the European Parliament (directly elected by EU citizens) until all three parties reach a compromise. Then, the parliaments of each member state transpose the directives into their own national law, adapting it where necessary to fit their own legal systems and circumstances. In this way, the Data Protection Directive took effect in 1998.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.