'Brexit' Could Put Data Sharing in Jeopardy

Uploaded on 2016-06-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

A combination of a vote to leave and the passing of the so-called 'snoopers' charter' could see a ban on the transfer of data between the UK and EU, with a severe economic impact.

Last week, the European Commission published the text of the new Privacy Shield, which will govern the lawful transfer of data between the EU and US following the abolition of the previous data sharing agreement, Safe Harbour, by a ruling of the European Court of Justice (ECJ). A few days later, the UK government published an updated version of the Investigatory Powers Bill (the so-called ‘snoopers’ charter’) for presentation to parliament.

Privacy Shield covers the obligations of non-EU commercial organizations and governments when handling data of EU citizens. The Investigatory Powers Bill will regulate the role of security services and police in the UK for UK citizens’ data. Should Britain vote to leave the EU in the forthcoming referendum, the interplay of between these two could be devastating for UK digital industries.

Legislation at odds

Privacy advocates have derided Privacy Shield as gutless, but weak as it may be, the draft adequacy decision goes out of its way to emphasize how limited bulk data collection will be: ‘limited to (exceptional) situations where targeted collection is not possible’. The document repeatedly states that targeted collection will be preferred over bulk, and that collection will be ‘narrowly focused’ relating to ‘individually identified legitimate targets’.

In contrast, despite the recommendations of the three committees tasked to review it, the Investigatory Powers Bill published last week retains highly controversial proposals for bulk collection, bulk interception and equipment interference. The draft bill provides for no preference for targeted surveillance over bulk collection, it does not limit bulk collection or access to situations where it is strictly necessary, or where there is no alternative. 

Yes, the draft bill provides for strengthened oversight compared to the situation now, but by vesting the power to issue warrants in the home secretary rather than judges, the bill risks falling foul of the European Court of Human Rights’ ruling that such ‘eminently political’ supervision ‘is inherently incapable’ of providing the necessary guarantees and safeguards for human rights.

Low leverage

There was a strong mutual interest for the EU and US to move quickly to restore lawful cross border data sharing after Safe Harbour was invalidated. Like the rest of the world, EU citizens are highly reliant on US web platforms. In nearly every EU country, the top three most visited websites are American: Google, Facebook and YouTube. Stopping transatlantic data flows would severely affect the lives of European citizens. It would also have a major financial impact on US companies locked out of the largest economic bloc in the world.

Although digital industries represent 10 per cent of Britain’s GDP, the highest percentage of any G20 member, the EU is far less reliant on the UK’s digital exports than on big US tech companies. But if data flows between Britain and the EU are impeded, it will adversely affect British economic interests − e-commerce was valued at 20 per cent of British business turnover in 2014 according to the Office for National Statistics.

Plus, data sharing has an impact on all business with the EU (both online and offline), valued at 45 per cent of UK exports and 53 per cent of UK imports. New data protection regulations will guarantee EU citizens the same level of protection wherever their data is processed. Order books, sales and purchase records all involve the processing of personal data.

Trouble ahead

Should the British vote to leave, data transfer would no doubt form part of lengthy negotiations covering all aspects of the UK’s relationship with the EU. Meanwhile, the market would move without waiting for the politicians. When the ECJ abolished Safe Harbour, large (US) cloud providers quickly began offering guaranteed hosting in the EU, long before Privacy Shield was agreed.

During the uncertain period following the referendum, international providers are likely to move data out of the UK in a similar way. Meanwhile UK companies, rather than enjoying a reduction in Brussels red tape after Brexit, would still be bound by EU regulations when handling the data of EU citizens, as well as facing barriers to data transfer.

This is unlikely to be a temporary problem. The reason why the ECJ ruled Safe Harbour invalid was because of US practices of mass data retention and sharing with law enforcement, as exposed by Edward Snowden. The so-called ‘snooper’s charter’ proposes to enshrine in law equivalent practices, plus more intrusive powers to inspect internet connection records. 

If it becomes law, a post-Brexit UK would be unlikely to meet the standards required for Privacy Shield status. This would prohibit cross border data transfers between UK and EU. Even if there is some cobbled together agreement, Britain may find its former EU partners less willing to jump to the negotiating table to rescue UK economic interests. British business would continue to face barriers, and British citizens would end up with fewer protections than EU citizens against UK government intrusion.

Chatham House:http://ow.ly/Zyr7M

Emily Taylor is an internet governance expert and an associate fellow of Chatham House 

« Directors & Senior Management Cyber Report (£)
Now Surveillance 'aggressive-invasive': Snowden »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

e-Governance Academy (eGA)

e-Governance Academy (eGA)

eGA is a think tank and consultancy founded for the transfer of knowledge and best practice in e-governance, e-democracy and national cyber security.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

ClearShark

ClearShark

Since 2001, ClearShark has been a go-to adviser in the U.S. Public Sector for creating customized and integrated solutions for the most secure of networks.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.

Cyberagentur (Cyber Agency)

Cyberagentur (Cyber Agency)

Cyberagentur is the Federal Agency in Germany for innovation in cybersecurity. Our mission is to advance research and groundbreaking innovations in the field of cybersecurity and related technologies.

TeamSystem

TeamSystem

TeamSystem is a leading tech company in the market for digital business management solutions for companies and professionals.

SoteriaSec

SoteriaSec

SoteriaSec is a premier cybersecurity firm providing comprehensive digital forensics and incident response services.

Whisper

Whisper

Whisper was built to shift cybersecurity from reactive to predictive. Our mission is to stop cybercrime by helping organizations anticipate threats before damage occurs.