Brexit - will the UK deliver the GDPR and do we need an "adequacy decision"?
June 15, 2017
- The GDPR will automatically come into force next May, nearly a year before the expiry of the two year Article 50 Brexit negotiation window, and none of the major political parties have argued for the UK to pull back from that position. In fact, the clearest political statements are supportive of GDPR post-Brexit. Without an overriding political will to pull back, the GDPR must continue to have effect. However, a legal mechanism will be needed to achieve this outcome. The mechanism will be found in the solution to the "cliff edge" dilemma.
- To avoid a cliff edge at the end of the Article 50 period the Government will need a practical legal mechanism to manage the transition from the sovereignty of EU law to the sovereignty of UK law. The previous Government identified "The Great Repeal Bill" as that mechanism. Whether we get that, or something else, remains to be seen, but the substantive result of managing the cliff edge will be the same - the GDPR should remain in force after Brexit. The Great Repeal Bill identified an obvious solution, namely a UK law saying that all EU laws will continue to have effect post-Brexit until they are repealed.
- The UK is a Parliamentary democracy and an advanced economy, subject to the Rule of Law. These characteristics make adherence to data protection inevitable (hence why data protection laws are being adopted all over the world). The UK has one of the world's strongest legal and regulatory environments for personal data (see the latest PwC Enforcement Tracker for some perspectives). The UK regulator, the ICO, is one of the world's best resourced, most skilful and most active data protection regulators, while our domestic courts are consistently supportive of data protection and privacy rights. The UK is undoubtedly a global leader in this field. Our leadership is not dependant on being in or out of the EU.
- Plainly, it is in the UK's economic interest to be strong on data protection, as this reduces the barriers to world trade.
- Plainly, it is also in the UK's social interest to provide the highest protections for data protection rights. Again, no major political party is arguing for the erosion of UK citizen (i.e., voter) data protection rights relative to those of other citizens in the EU.