The UK’s data protection laws are unlikely to be impacted by Brexit, but law enforcement appears to have taken a back seat in negotiations
Just when we thought the hysteria surrounding the General Data Protection Regulation (GDPR) had finally died down, information sharing has once again fallen under the spotlight following the release of the much anticipated agreement for Britain’s withdrawal from the EU.
The draft Brexit treaty (PDF), spanning well over 500 pages, has the wider tech and business community celebrating, albeit hesitantly, with what appears to be little change to previously implemented safeguards protecting cross-border data transfer.
Under the current agreement, the data rights of British citizens will continue to be secured under EU legislation, both during and after the Brexit transition period.
Once Britain has left the bloc, it can add further exemptions to existing laws outlining how personal information is used. Such exemptions are already present in the UK’s Data Protection Act 2018 – the legislation enforcing GDPR.
“There is no particular indication that the UK plans to reduce the level of data protection to any significant degree in the future,” Christopher Knight, a junior barrister at 11KBW, told The Daily Swig.
“The [British] government’s position has always been that GDPR is a good thing and so this [Withdrawal Agreement] is not much of a change from its existing position.”
For businesses that have spent the last year improving security to obtain GDPR compliancy, the tentative agreement is a welcomed framework for protecting data without disruption to economic activity.
But not everyone has welcomed the deal as a win.
Simon Kempton, operational lead at The Police Federation of England and Wales (PFEW) – the body representing Britain’s regional law enforcement – thinks Brexit has side-lined the importance of data sharing between UK and EU crime fighting partners.
“None of us has a crystal ball, so with Brexit now little over four months away, we really have no idea what the policing landscape will look like post March 29, 2019,” he said, writing in a blog post not long after the Withdrawal Agreement was published.
“Crime is no respecter of borders but we are still no closer to understanding what the Brexit process will mean for the current EU data sharing and cooperation tools, such as the European Arrest Warrant and Schengen Information System.”
The Schengen Information System (SIS II) is a database maintained by the European Commission and used by police forces within the Schengen Area, including the UK, to access information on individuals and property. It also assists with extraditions through the European Arrest Warrant under the jurisdiction of the European Court of Justice.
According to the proposed withdrawal deal, SIS II, and any other EU database, can still be accessed by British security services throughout the Brexit transition period. Come 2020, however, when the transition period ends, the UK will no longer reap the benefits of these resources.
“We know that 70% of transient organised crime groups operate in more than three different countries, but without these data sharing methods we will no longer be able to share real-time alerts for wanted persons, including serious criminals,” said Kempton.
Law enforcement cooperation post-Brexit has come up frequently in Britain’s ongoing negotiation with Brussels, with the UK’s influential role within Europol now hanging in the balance, despite the bilateral relationship being called “mission-critical” on either end of the debate.
What this means for the future of criminal investigations is still uncertain, and particularly worrying as illicit activity increasingly takes place online where jurisdiction and legislation has yet to catch-up with the digital realities of gross misconduct.
Britain’s exit from the EU could additionally mean being locked out from the European Cybercrime Centre (EC3) – a coordinating body established in 2013 to provide support to law enforcement in tackling internet-enabled crime.
The UK’s National Crime Agency (NCA), along with the FBI, have worked closely with EC3 since 2014 to shut down illicit marketplaces through intelligence sharing that has proven equally beneficial at protecting citizens from terrorist and state-sponsored attacks.
“The ability to work in this manner with our European partners benefits us all, increasing our ability to disrupt criminal activity and protect our citizens from national threats as well as local level volume crime at the heart of our communities,” Lynne Owens, director general of the NCA, said in February this year, reiterating the security community’s position on data-sharing post-Brexit.
A clean break from Europe also has a potential impact on the intelligence gathering of the Five Eyes partnership, to which Britain’s membership was previously considered a massive bargaining chip on achieving a win-win Brexit deal.
A new security treaty is expected to take effect in 2021.
Kempton added: “At this stage there is no intelligence to suggest there will be an increase in crime or disorder as a result of a Brexit deal or no deal.”