With the arrival of Boris Johnson in 10 Downing Street, some of the uncertainty around Brexit has gone.
Boris is resolute that the UK will be leaving the EU on October 31st with or without a deal. While the merits of Brexit continue to split the country most people on both sides of the argument will be relieved once the issue is finally resolved and we can all get on with our lives.
But while the departure date might now seem set in stone, there remains a lack of clarity over many of the minute details that will be affected by our departure from the EU.
Most of these concerns are already dealt with by the European Union (Withdrawal) Act 2018 which directly transposes great swathes of EU law into UK domestic law, giving the government a chance to review and reform it at a later date.
But there are some issues which aren’t covered by this law and one important one involves the protection of British internet users online data.
Regular readers will be aware that the USA has much looser laws on the processing of personal online data than the EU does. However, most of the big tech companies we use every day are American and when we visit their sites and log onto our accounts, our data almost always passes through US servers.
When this happens, it would normally become subject to US law. But because the EU was so determined that its privacy laws should not be circumvented in this way, they reached a deal with the US known as Safe Harbour.
In the wake of the Snowden revelations, this deal was ruled illegal and quickly replaced by a new deal called Privacy Shield.
Privacy Shield is designed to protect the data of EU citizens from being processed in the same way as American internet users. It has proved highly controversial with many activists arguing it doesn’t go far enough. There have been multiple legal challenges to it, many of which are still ongoing.
But it is still a far better arrangement than the one US citizens have to contend with.
However, Privacy Shield is expressly a deal between the USA and the EU. Once the UK leaves the EU, it would no longer be subject to Privacy Shield. And because it is an agreement, it is not covered by the European Union (Withdrawal) Act 2018.
UK still subject to Privacy Shield framework
This might sound like a big concern for UK internet users. After all, we are increasingly conscious about the importance of online privacy as shown by the growth of British users of VPNs such as ExpressVPN and NordVPN in recent years.
But, for those who are worried, there is good news.
A Government Minister in the House of Lords has confirmed, for the first time as far as we are aware, that the UK has reached an agreement with the USA to ensure that UK internet users data continues to be processed in line with the Privacy Shield, regardless of when or how we Brexit.
Baroness Blackwood of North Oxford, a Conservative Peer and Minister for Innovation in the Department for Health confirmed the new agreement in her response to a written parliamentary question from cross-bench peer Lord Freyberg.
She wrote, “As the United Kingdom leaves the European Union we have made arrangements with the United States that will ensure that in both ‘deal’ and ‘no deal’ scenarios, transfers of personal data from the UK to US Privacy Shield participant organisations can continue to be made under the Privacy Shield Framework.”
For those who may be concerned that this is a transitional arrangement and once a free trade deal with the US is under negotiation, UK internet users data could be up for grabs, she also had some reassurance.
She noted that the measures set out in last year’s Data Protection Act legislation demonstrates the government’s commitment “to maintaining a high level of data protection standards”.
She concluded by saying, “These safeguards allow the public to have trust in how and why their data is used and it is important that we maintain them.”
Reassurance for now
While these assurance given by Baroness Blackwood are not as categorical as Boris Johnson’s commitment to leave the EU on 31st October, they should offer some reassurance.
Her answer implies that the government is still acutely aware of the concerns people have over data protection and that it will be an important part of the Government’s policy agenda moving forward.
There is no cast-iron guarantee that the UK will remain in Privacy Shield for the foreseeable future, which some people would want. But, given the various legal challenges that Privacy Shield faces, its own lifespan might not be too long either.
What we have to hope is that neither this nor any future government is willing to sell out the data privacy of British internet users as part of a future agreement with the US or, for that matter, any other country.
If that worst-case scenario were ever to happen, there is little doubt that VPN use in the UK would grow even faster than it is at the moment.