On January 31, 2020, the United Kingdom formally withdrew from the European Union. That membership withdrawal by the United Kingdom from the European Union is known as the “Brexit” vote which has created a clear border element distinguishing the similar and contrasting values related to data privacy held by the United Kingdom and the European Union. Today, we still do not know for certain whether the United Kingdom will use a similar or different approach to protect data as compared to the European Union. Will the United Kingdom have a weaker or more robust protection in comparison to the European Union? As of now, the United Kingdom has made a clear decision to follow the European Union’s data protection law, “upon Brexit, the United Kingdom chose to follow the path of EU data protection and remain tied to the requirements of the General Data Protection Regulation (GDPR).” However, there is uncertainty for the near future, and the question stands as to whether the values of the United Kingdom and the values of the European Union in dealing with data privacy will be in sync or will diverge.
The European Union’s approach to data privacy is based on individual dignity, “In the EU, data protection is a fundamental right anchored in interests of dignity, personality, and self-determination.” Unlike the United States, where the word “privacy” is not mentioned in the Constitution, the European Union has a treaty, the European Convention of Human Rights, which explicitly mentions the right to privacy. The Charter of the Fundamental Rights of the European Union, article 8, Dec. 18, 2000, states that, “1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. 3. Compliance with these rules shall be subject to control by an independent authority.” Therefore, the European Union may arguably have a more comprehensive or robust set of principles addressing data privacy than other countries.
On May 25, 2018, the General Data Protection Regulation (GDPR), the data protection law of the European Union, became effective in the European Union. The GDPR has become a model for many other countries’ data protection laws. The GDPR is flexible with broad coverage, including a wide range of emerging digital activity. The GDPR mandates that there be at least one of several “legitimate bases” before data processing is allowed. Under Article 17 of the GDPR, individuals may ask for the erasure of personal data. Under Article 45 of the GDPR, the UK may be given adequate recognition, which it has been given as of now, a serious concern was that “it was not clear whether the European Commission would grant the UK adequacy recognition under Article 45 of the GDPR, and organisations devised contingency plans to ensure personal data could continue to flow across the Channel to the UK.”
The GDPR has two main goals which are (1) to protect fundamental rights and freedoms of natural persons, in particular the right to the protection of personal data, and (2) to ensure that there is free movement of personal data. Does the United Kingdom have different priorities and goals in terms of protecting privacy law? Will the United Kingdom diverge greatly from the European Union’s data protection law? One of the most fundamental questions every country asks themselves is how much is their privacy worth in the global tech market. A country must weigh the cost of protecting consumer data versus the benefits given to consumers by the companies.
Is the United Kingdom wasting time by failing to take bold steps to ensure their data protection goals for the future are met? As of now, the United Kingdom is following the General Data Protection Regulation, making it clear that there is a preference to follow an EU-style data protection law.
Author Biography: Johana Jhancarla Vargas Arias is a Moderator of the International Law Society’s International Law and Policy Brief (ILPB) and an LLM candidate at The George Washington University Law School. She has a Juris Doctor from The University of the District of Columbia David A. Clarke School of Law.Tweet