UK-US Privacy Shield-style agreement could be on the cards - lawyer
UK's decision to leave the EU to shake up data protection rules
Following its decision to leave the EU, the UK could strike up its own Privacy Shield-style agreement with the US, a lawyer has suggested.
Earlier this year, EU and US law makers agreed on a new Privacy Shield agreement, which they claim will place stronger obligations on US firms handling EU citizens' data.
The rule replaces the recently invalidated Safe Harbour, which had been in place for 15 years and allowed US firms to self-certify that they would deal with EU data appropriately.
Uncertainty surrounds UK data protection laws in light of the country's decision to leave the EU last week.
William Long, privacy expert at law firm Sidley Austin, said that Brexit could pave the way for a separate agreement between the UK - not the whole of Europe - and the US about data privacy.
"There could well be support in both the US and UK for a US-UK framework for data flows that is less onerous than the highly rigorous Privacy Shield," he said.
"However, the UK is likely to have an incentive to demonstrate to the EU that the data flows it receives from EU member states will not then be transferred to the US under less stringent terms."
GDPR
On top of uncertainty about Privacy Shield, and how that will apply to a non-EU UK, the incoming General Data Protection Regulations (GDPR) will also be affected by Brexit, according to a new report from the Information Commissioner's Office (ICO).
The ICO has placed the issue high on its agenda, claiming it will begin talking to government about the impact of Brexit on data laws within weeks.
The pan-European GDPR will enforce fines on companies that do not comply when it comes into place in 2018, in a bid to give EU citizens more control over their personal data, and to standardise the rules across the region.
In the document, the ICO said although Brexit-fuelled change is coming to UK laws, it will not be imminent.
"The current data protection regulatory regime was to remain in place until EU data protection reforms were implemented in May 2018," said the report. "This means that for the next financial year at least there are not expected to be any major changes in UK data protection regulation and the role of the ICO."
Information commissioner Christopher Graham added: "With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens.
"Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be speaking to government to present our view that reform of the UK law remains necessary."