refresh(PIX) - Fotolia

Brexit offers chance for UK to become a ‘data haven’

Could the UK become a a safe place for both cloud and big data after it leaves the EU?

Now that the dust has started to settle on the outcome of the Brexit vote and people take stock of what it means, it’s time to start exploring opportunities.

Could the UK become a “data haven” after it leaves the EU? The country has already created a technology-friendly environment, with more than $9.7bn raised since 2010 and investment in the tech sector rising year-on-year.

Notice to leave the EU is likely to be triggered later this year and Article 50 of the Lisbon Treaty gives us two years in which to negotiate our exit.

It is likely that the General Data Protection Regulation (GDPR), which comes into force on 18 May 2018, will be effective in the UK before that two-year period expires.

The UK Information Commissioner’s Office issued a statement shortly after the referendum highlighting the importance of “international consistency”, saying it would do its part to ensure clarity and harmony in UK data protection legislation, given its importance to the growing digital economy.

Even if Brexit is achieved before the end of the two-year period, some or even all of the GDPR’s provisions may be transposed into UK law, either via an amendment to the Data Protection Act 1998 (DPA) or by repeal and enactment of new legislation. 

Despite the current uncertainty around the future of data protection, the UK already has an opportunity to become a safe haven for big data. The answer lies in Convention 108 of the Council of Europe on the automatic processing of data.

That convention governs the processing of “automated data files” and covers any processing by automated means related to the “storage of data, carrying out of logical and/or arithmetical operations on those data, their alteration, erasure, retrieval or dissemination” – in other words, big data and certain types of cloud computing (IaaS & PaaS). 

Privacy and freedom balance

The convention seeks to balance an individual’s privacy rights against freedom of information regardless of frontiers and the free flow of information between peoples. It permits the transfer of big data from the UK to other state members of the convention – more than 50 countries in all, including the EU member states. The UK’s membership of the Council of Europe is unaffected by Brexit. 

UK data controllers are able to make their own assessments when determining whether there is adequate protection to transfer data under the DPA.

The principles for processing personal data are essentially the same under both the DPA and Convention 108. For example, fair and lawful processing, purpose limitation, integrity and security, individuals’ rights of access, correction and erasure are included and the definitions of personal data and sensitive data are also aligned. 

Even if the UK forges its own way in relation to equivalent legislation closely aligned with the GDPR, the UK has a reputation for being pragmatic and taking a risk-based approach to processing personal data. 

As some commercially significant jurisdictions, such as the US, are not members of the convention, this presents an opportunity for the UK to become a data haven, making it a safe place for both cloud and big data post-Brexit.


Cynthia O’Donoghue is a partner at Reed Smith ....................................................................................................

 

 

This was last published in July 2016

Read more on Privacy and data protection

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

This is a very optimistic article, Cynthia. Most organisations have ignored the information commissioner up to now, so what makes you think they are suddenly going to sit up and take notice?
Cancel
Very optimistic article. Clash of culture and technology. Don't think UK has any so optimistic chances for being a data haven just because it deals with things pragmatically
Cancel
Safe haven? Or Save us, Heaven!
If GDPR applies as in the EU, what makes UK different? What does a "safe haven" means for you? Safe against what threat? The threat of being investigated by a US Federal judge as Microsoft was in its Dublin infrastructure (Republic of Ireland), or the European Court of Justice if "passporting" continues for UK based service to operate in the EU.
Could you please clarify:
-your definition of safe against what
-how UK could have any advantage if everything stays the same (GDPR) at best or gets worse if its access to several markets is restricted.

Once upon a time there was a concept of "IBM PC compatible" more compatible with IBM's spec than the IBM PC products themselves.
The equivalent here would be, if you replace "IBM"  by "EU", then it works by replacing "IBM PC compatible" by... Switzerland (EU compatible by design.
However, post-brexit UK, a new country to be recognized yet in the trade arena, Brexitannia, does not look for compatibility, rather for walls and borders, right?
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close