Posted by Kevin on February 22, 2016.
Here’s an interesting thought on privacy in the UK – with thanks to Hawktalk’s fascinating post: “Leave” or “Stay” in the Referendum? GDPR has to be implemented by the UK whatever the result.
Put simply, if we vote to leave the EU on June 23, the UK and GCHQ will be treated similarly to the US and the NSA. That is, the UK will require its own variant of Safe Harbour/Privacy Shield in order to continue to do business with the rest of Europe.
Hawktalk’s argument is that the EU already has infringement action pending against the UK for its inadequate implementation of the Data Protection Directive. Those proceedings are being stonewalled by, yes of course, the ICO. The ICO has currently spent nine months working on a Decision Notice on these pending proceedings for the UK government. This Decision Notice won’t change anything – it’s just a delaying tactic.
Hawktalk’s conclusion is that everything will be complicated by the in/out referendum, but solved by GDPR. If we stay in, then we will need to implement GDPR; which will make infringement of the Data Protection Directive pretty meaningless. If we vote to leave, then the government will implement GDPR anyway in order to ensure we remain (become) a safe place to store personal European information.
So the UK will have GDPR whether we stay or leave.
But if we are unable to implement the Data Protection Directive to EU requirements, what chance is there that we can implement GDPR satisfactorily? Virtually nil. So even implementing GDPR will be no more than another delaying tactic. The reality is that the UK government believes it has a right to all data, personal or not, of all people, British or not. Sooner or later the European Union will have to decide whether it will accept or reject GCHQ spying.
But there is yet another rider. If TTIP is implemented in its current form, I very much doubt whether the EU would be able to enforce European Privacy on foreign companies, whether they are British or American. In fact, no government will have much say in how it governs. GDPR, adequately or inadequately implemented, will be unenforceable.Submitted in: Expert Views, Kevin Townsend's opinions |