The UK government has called for a “new, deep and special partnership” to protect its digital economy and data flows with the EU, but experts have warned that the Snoopers’ Charter could scupper any such arrangements.
A new positioning paper was released yesterday designed to provide “ongoing regulatory cooperation and certainty for businesses and other stakeholders.”
In it, the government recognized the importance of unhindered cross-border data flows with its largest trading partner, citing figures that suggest 43% of all large EU digital companies are started in the UK, and that 75% of UK cross-border data flows are with EU countries.
Aside from the economic implications, sharing data with the EU is also essential in the fight against serious crime and terrorism, the report claimed.
Between October 2014 and September 2015, over half (51%) of the 1566 requests from international partners received by the UK Financial Intelligence Unit (UKFIU) apparently came from EU Member States, for example.
The report optimistically suggested that having the new Data Protection Bill enshrine the GDPR into UK law will help the dialogue on cross-border data flows.
It claimed:
“The UK starts from an unprecedented point of alignment with the EU. In recognition of this, the UK wants to explore a UK-EU model for exchanging and protecting personal data, which could build on the existing adequacy model, by providing sufficient stability for businesses, public authorities and individuals, and enabling the UK’s Information Commissioner’s Office (ICO) and partner EU regulators to maintain effective regulatory cooperation and dialogue for the benefit of those living and working in the UK and the EU after the UK’s withdrawal.”
However, it’s far from certain that, on leaving the EU, Britain will receive the green light from the European Commission that its data protection regime meets essential 'adequacy requirements'.
That’s because the Investigatory Powers Act grants unprecedented mass surveillance and bulk hacking powers to the UK state; powers which could be used to snoop on EU citizens’ data.
These are the same kind of concerns that led to the scrapping of the Safe Harbor agreement between the US and EU, and risk scuppering its replacement: Privacy Shield.
Simon Migliano, head of research at Top10VPN.com, argued that the IPA is “bad for privacy, bad for business and bad for law enforcement.”
“The UK government's over-the-top approach to mass surveillance of the British public in the Investigatory Powers Act has frequently been criticized for its serious privacy implications for individuals and ineffectiveness at fighting terrorism. Now we learn the Snoopers' Charter could be even worse for the nation than we thought,” he continued.
“This extreme legislation is now revealed as a likely major obstacle to maintaining the transfer of data between the UK and the EU post-Brexit. Not only would any disruption to that critical data flow deal a body blow to businesses but also make it harder to fight crime.”
The comments echo those of Chatham House associate fellow, Emily Taylor, who told Infosecurity Magazine last year that “at least some of the powers” granted by the Snoopers’ Charter could fail the high standards set by both the European Court of Human Rights (ECHR) and European Courts of Justice (CJEU) on privacy protection.
Tellingly, there’s no mention of the Investigatory Powers Act or any such concerns in the government’s new white paper.