March 22, 2018

March 21, 2018

Subscribe to Latest Legal News and Analysis

March 20, 2018

Subscribe to Latest Legal News and Analysis

March 19, 2018

Subscribe to Latest Legal News and Analysis

Will Brexit Undermine U.K. Participation in the General Data Protection Regulation and the U.S./E.U. Privacy Shield?

The June 23, 2016 Brexit referendum outcome in the U.K. does create uncertainty about whether the U.K. will continue to follow EU data protection laws, including implementation of the E.U.'s new General Data Protection Regulation (“GDPR”), scheduled to become effective on May 25, 2018. Furthermore, the recently negotiated new U.S./E.U. Privacy Shield, intended to replace the E.U.-invalidated Safe Harbor, faces an uncertain future in the U.K. as well if it is not an available framework for multinational businesses to do business in the U.K. For example, Microsoft stated in an open letter in May, 2016 to its 5000 U.K. employees before the Brexit vote that the U.K.'s EU membership was one of the factors that attracted Microsoft to make investments in the U.K., including in a new data center. One important future signal will be whether the U.K. opts to join the European Economic Area, or otherwise maintains significant trade with the EU, in which case the U.K. would necessarily need to comply with EU privacy regulations. If not, the U.K. would still need to develop its own data protection network. However, because at least two years must elapse before the U.K. can formally exit the EU under Article 50 of the Treaty of Lisbon, and even that two year period does not commence until formal notice is given, both the GDPR (in May 2018) and the Privacy Shield are likely to be in place in the U.K. before any actual exit from the EU occurs. And many observers believe that any law that Britain adopts will likely be similar to the GDPR, since a non-member country's data protection regime must be deemed “adequate” by the EU for businesses in that non-member country to exchange data and to do business within the EU. In short, nothing is going to change immediately, and because Brexit won’t likely be completed for years, the Privacy Shield could well be implemented in the U.K. for personal data transfers from the U.K. to the U.S. well before actual withdrawal is completed. It also may take years to negotiate and complete agreements, and enactment of alternative U.K. data privacy laws. 

See our previous post regarding the text of the U.S./EU Privacy Shield...

Copyright © 2018 Womble Bond Dickinson (US) LLP All Rights Reserved.


About this Author

Douglas Bonner, Womble Carlyle, communications litigation lawyer, antitrust attorney, government affairs legal counsel, regulatory law

Doug Bonner has more than 20 years of experience representing wireline and wireless telecommunications providers, cable TV, VoIP and broadcast companies in FCC, FTC and state regulatory proceedings, as well as in telecommunications-related litigation. His specific areas of practice include telecommunications and mass media; communications litigation; and antitrust, regulatory and government affairs, relating to the telecom industry.

Doug’s telecom litigation experience includes defending businesses engaged in telemarketing in consumer class...