Following the fallout from the EU Referendum, the impact on many industries, businesses and individuals across the UK and Europe has been pronounced. As the country begins the process of transitioning out of the EU, it’s important to note how the change will impact data protection and privacy. Data protection reform is global, so Brexit is only one element to consider.
The UK has helped shape European and international data protection reform for over thirty years and has been part of the General Data Protection Regulation (GDPR) from the beginning, advocating, shaping and supporting the reforms. The principles of the GDPR aren’t new, but rather a clarification and improvement of existing laws. Data protection laws in the UK preceded EU laws by more than a decade, introducing the Data Protection Act in 1984, as a result of OECD membership. Data protection laws weren’t pioneered by the EU - the UK already had robust legislation in place, part of a global framework of data protection rules to balance privacy and international trade.
The UK is, and always has been, on the forefront of data protection reform. Over the coming months and years, we will see Brexit negotiations unfold and gain more clarity on what the future of the UK’s relationship with the EU looks like. What’s clear is that the UK isn’t going to have the ability to influence future reforms around the EU table anymore. Unlike with the beginning stages of the GDPR initiative, the UK won’t be able to lobby for upcoming reforms such as the e-Privacy Directive, focusing on enhanced protection in the digital marketing space. The UK has previously been a driver in negotiations, pushing for reform and increased protection, but Brexit means this influence will be lost.
However, it is likely the UK will continue to show leadership around data and privacy to maintain strong economic ties with the EU for economic security in the marketing sector and other industries. Baroness Neville-Rolfe DBE CMG, Minister for Data Protection, outlined at the Privacy Laws & Business annual conference on data protection that Brexit hasn't changed the problem of how to protect data. The growth in the digital economy means the need to protect citizens’ interests and data will remain a priority. She also mentioned if any country shares data with EU Member States, or for it to handle EU citizens’ data, they will need to be assessed as providing an adequate level of data protection. It is important that organisations continue to comply with the Data Protection Act.
Over the past year, we’ve already seen the UK take steps towards greater privacy standards, even before the GDPR comes into force. The UK is ploughing ahead and putting people in front of courts, issuing record fines and building up a whole body of knowledge about people breaching current regulations. For instance, since the Information Commissioner’s Office law changes around nuisance marketing last year, £2 million in fines have been issued. Although EU data protection reforms are yet to be confirmed, the UK hasn’t been waiting. UK regulators understand the changes set to come and, as well as more investigations and fines, the ICO has re-issued its direct marketing guidance, already bringing the UK closer to GDPR standards. The Digital Economy Bill gives this guidance a statutory basis.
Another important point to note is legislation is only one piece of the puzzle when it comes to data protection. Businesses must also consider industry codes and commercial contracts alongside customer satisfaction, company ethos and company accreditations. Regular data breaches gaining mass media attention have meant consumer awareness around the risks of sharing personal data are firmly on the public’s mind, with a reported 9 out of 10 consumers wanting more control over the data they share.
There is a growing intolerance for data misuse. Businesses are being forced to accept that privacy matters. Customers will always expect more from brands than the minimum legal standards. In many ways, the specific details of laws don’t matter as much as understanding the principles that the laws are trying to promote and protect - transparency, fairness and consumer protection.
Looking to the future, the UK is unlikely to turn its back on respect for privacy and data protection or walk away from the OECD and the international trade benefits it brings. Brexit doesn’t mean the UK will abandon the fundamental principles of data protection and privacy. While our influence on the main stage will be reduced, our legacy and commitment to robust data protection legislation should remain.