As the UK leaves the EU today, many will be wondering: what on earth does Brexit mean for GDPR then?
Many are confused about what Brexit means for the state of their privacy, below we have answered some of the most common Brexit and digital privacy questions.
Does GDPR still apply after Brexit?
As part of Boris Johnson’s Withdrawal Agreement Bill, the data privacy protections afforded by GDPR will remain intact for UK residents. Essentially, the current GDPR rules will still apply in the UK after Brexit and will be absorbed into and work hand in hand with the UK’s existing Data Protection Act of 2018.
The UK government has indicated that plans to retain GDPR in domestic law, but the Withdrawal Agreement Bill allows for minor amendments to the regulation to ensure that it works as effectively as possible for UK residents. The extent of which will mostly consist of modifications to some terminology in the legislation to make it fit in the context of the UK.
For instance, any references to EU Member State law in the text of the legislation will be modified to instead reference UK Domestic law. Basically, any amendments to the law will be minimal and will not have a significant impact on the current state of affairs when it comes to data protection for UK residents.
As it is in the UK’s best interest to retain a free flow of information with the EU, it is important to preserve robust data privacy rules that are in line with and up to the standards of GDPR. Ultimately, the fundamental principles of GDPR will remain in effect after Brexit and UK residents should expect the same data protection they have been afforded through GDPR going forward. And as such, UK businesses should expect to remain in compliance.
Do we have the right to Privacy after Brexit?
Otherwise known as: does the UK still have to adhere to Article 8 of the European Convention on Human Rights?
The UK’s EU membership had no real bearing on its membership in the European Convention on Human Rights. Brexit, therefore, will not have any direct impact on the UK’s current commitments under the ECHR. However, once the UK leaves the EU, the Conservative Party has indicated that it would work towards updating the Human Rights Act to strike more of a balance between the rights of individuals and national security, which may have an effect on future ECHR decisions.
That said, the UK would benefit from continued adherence to the standards set forth by the ECHR, as the UK’s continued commitment to the ECHR would ensure positive future security cooperation with the EU.
What happens to my website if I have a .eu domain name?
If your business is established in the UK, but not in the EU, or if you live outside of the EU/EEA and are not an EU citizen, then you will no longer be able to renew or register a .eu domain after Brexit. However, if you are an EU resident or citizen, or if your business is established in the EU, but you are living in the UK, then you will be able to retain your .eu domain or register for a new one. In any case, it is best to check with your registrar to confirm what you will need to do to prove your eligibility to retain or register a .eu domain.
If you receive notice that your .eu domain will cease to be compliant with the .eu regulatory framework, then you will be granted a two-month grace period wherein your website will remain active and during which you will have the opportunity to demonstrate your eligibility and compliance with the framework. If you do not meet the eligibility requirements within the two-month grace period, however, your domain will be withdrawn and you will no longer be able to access your .eu domain or email.
Will we still have the same Facial Recognition laws as Europe?
As the European Union considers a temporary ban on facial recognition technology, UK residents are rightfully concerned about not enjoying the same privacy protections against the use of invasive technology after Brexit. Though the UK will still be subject to EU laws until at least the end of this year, the future of facial recognition use and any potential protections against it in the UK remains to be seen.
For anyone who values their personal privacy and doesn’t wish for the UK to devolve into a police surveillance state, the future does not look great, however. Any hope of the UK adopting a similar stance on facial recognition as the EU seems to be dampening as the Metropolitan Police began deploying live facial recognition technology in London under the pretence that the technology would help catch criminals and locate missing persons.
So, in short, no, UK residents shouldn’t count on being afforded the same protections against facial recognition technology as EU residents; at least not after the UK ceases to be bound by EU laws at the end of the year.
Can I use a VPN to search the web or shop online as though I am still in Europe?
Yes, because when you connect to a VPN, all of your traffic is routed through a secure server in a remote location of your choosing. When you connect to a server located in the EU, any website you visit will register your location as that of the European server you are connecting through, even if you are physically located in the UK. This means that you can browse the web and shop online as though you are still in Europe since a VPN will allow you to be virtually anywhere in the world with just a click of your mouse.
Can I still buy things online from Europe?
Yes, even after Brexit you will be able to buy items online from Europe, though your online payments may take a bit longer and you may have to pay extra transaction fees, taxes, for making payments in Euros. However, if you want to avoid such inconveniences when shopping online from Europe, you can simply use a VPN to connect to a server in the EU and shop as though you are located in Europe.
What will European companies do with my Data After Brexit?
Since GDPR will remain applicable even after Brexit, any personal data that you may have shared with European companies will, in turn, remain protected at those businesses under the same, currently enforced rules for data protection. Consumer data protection will remain largely unchanged after Brexit and you will still be able to retain the same data rights when dealing with European companies even after the UK has left the EU.
UK businesses, on the other hand, maybe more directly affected by post-Brexit data sharing with the EU. The current situation ensures that data can flow unimpeded between the UK and the rest of the EU. However, once the UK exits the EU, it will be automatically considered a third country and not bound by GDPR or the data-sharing arrangements between EU countries therein.
This means that once that happens, data from the UK will still be able to flow freely to the EU, but not necessarily the other way around. This is why the UK is hoping for an adequacy agreement with the EU in which the UK demonstrates its adequacy in upholding the same data protection standards as the EU to ensure a continued free flow of data in both directions.
Such an agreement, however, won’t happen overnight and negotiations can last for months. In the meantime, until an adequacy decision is agreed upon, UK businesses will need to have a legal transfer agreement in place, specifically for unimpeded data transfers from the EU to the UK.