The global data protection implications of ‘Brexit’

Christopher Kuner, Dan Jerker B Svantesson, Fred H Cate, Orla Lynskey, Christopher Millard

Research output: Contribution to journalEditorialResearch

Abstract

On 23 June 2016, the UK voted by referendum to leave the European Union (EU). This vote may have significant implications for data protection law both in the UK and globally. There is now particular uncertainty regarding the fate of the EU’s General Data Protection Regulation (GDPR) in the UK, while, beyond the UK, Brexit will again put the spotlight on the EU’s criterion of ‘adequacy’ for data transfers to third countries. These implications will be briefly sketched here.

The decision to leave the EU is likely to have data protection consequences within the UK. The Data Protection Act (DPA) 1998, which transposed the European Data Protection Directive (Directive 95/46 EC), was due to be replaced by the GDPR on 25 May 2018. While the UK’s Minister for Data Protection has not ruled out the possibility that the GDPR will still take effect in the UK on that date,1 this is not certain. The UK has yet to trigger the exit mechanism to leave the EU (Article 50 of the Treaty on the Functioning of the EU). However, if it does, it will ordinarily have two years to renegotiate its legal relationship with the EU. There will therefore be a time period between the entry into force of the GDPR in May 2018 and the conclusion of the re-negotiation agreement when the UK will find itself in a legal limbo.
Original languageEnglish
Pages (from-to)167-169
Number of pages3
JournalInternational Data Privacy Law
Volume6
Issue number3
DOIs
Publication statusPublished - 2016

Fingerprint

data protection
regulation
EU
third countries
data exchange
referendum
European Community
treaty
minister
voter
act
uncertainty
Law

Cite this

Kuner, Christopher ; Svantesson, Dan Jerker B ; Cate, Fred H ; Lynskey, Orla ; Millard, Christopher. / The global data protection implications of ‘Brexit’. In: International Data Privacy Law. 2016 ; Vol. 6, No. 3. pp. 167-169.
@article{15d79512fdc9464ab91e80a280ef5fa0,
title = "The global data protection implications of ‘Brexit’",
abstract = "On 23 June 2016, the UK voted by referendum to leave the European Union (EU). This vote may have significant implications for data protection law both in the UK and globally. There is now particular uncertainty regarding the fate of the EU’s General Data Protection Regulation (GDPR) in the UK, while, beyond the UK, Brexit will again put the spotlight on the EU’s criterion of ‘adequacy’ for data transfers to third countries. These implications will be briefly sketched here.The decision to leave the EU is likely to have data protection consequences within the UK. The Data Protection Act (DPA) 1998, which transposed the European Data Protection Directive (Directive 95/46 EC), was due to be replaced by the GDPR on 25 May 2018. While the UK’s Minister for Data Protection has not ruled out the possibility that the GDPR will still take effect in the UK on that date,1 this is not certain. The UK has yet to trigger the exit mechanism to leave the EU (Article 50 of the Treaty on the Functioning of the EU). However, if it does, it will ordinarily have two years to renegotiate its legal relationship with the EU. There will therefore be a time period between the entry into force of the GDPR in May 2018 and the conclusion of the re-negotiation agreement when the UK will find itself in a legal limbo.",
author = "Christopher Kuner and Svantesson, {Dan Jerker B} and Cate, {Fred H} and Orla Lynskey and Christopher Millard",
year = "2016",
doi = "10.1093/idpl/ipw018",
language = "English",
volume = "6",
pages = "167--169",
journal = "International Data Privacy Law",
issn = "2044-3994",
publisher = "Oxford University Press",
number = "3",

}

The global data protection implications of ‘Brexit’. / Kuner, Christopher; Svantesson, Dan Jerker B; Cate, Fred H; Lynskey, Orla; Millard, Christopher.

In: International Data Privacy Law, Vol. 6, No. 3, 2016, p. 167-169.

Research output: Contribution to journalEditorialResearch

TY - JOUR

T1 - The global data protection implications of ‘Brexit’

AU - Kuner, Christopher

AU - Svantesson, Dan Jerker B

AU - Cate, Fred H

AU - Lynskey, Orla

AU - Millard, Christopher

PY - 2016

Y1 - 2016

N2 - On 23 June 2016, the UK voted by referendum to leave the European Union (EU). This vote may have significant implications for data protection law both in the UK and globally. There is now particular uncertainty regarding the fate of the EU’s General Data Protection Regulation (GDPR) in the UK, while, beyond the UK, Brexit will again put the spotlight on the EU’s criterion of ‘adequacy’ for data transfers to third countries. These implications will be briefly sketched here.The decision to leave the EU is likely to have data protection consequences within the UK. The Data Protection Act (DPA) 1998, which transposed the European Data Protection Directive (Directive 95/46 EC), was due to be replaced by the GDPR on 25 May 2018. While the UK’s Minister for Data Protection has not ruled out the possibility that the GDPR will still take effect in the UK on that date,1 this is not certain. The UK has yet to trigger the exit mechanism to leave the EU (Article 50 of the Treaty on the Functioning of the EU). However, if it does, it will ordinarily have two years to renegotiate its legal relationship with the EU. There will therefore be a time period between the entry into force of the GDPR in May 2018 and the conclusion of the re-negotiation agreement when the UK will find itself in a legal limbo.

AB - On 23 June 2016, the UK voted by referendum to leave the European Union (EU). This vote may have significant implications for data protection law both in the UK and globally. There is now particular uncertainty regarding the fate of the EU’s General Data Protection Regulation (GDPR) in the UK, while, beyond the UK, Brexit will again put the spotlight on the EU’s criterion of ‘adequacy’ for data transfers to third countries. These implications will be briefly sketched here.The decision to leave the EU is likely to have data protection consequences within the UK. The Data Protection Act (DPA) 1998, which transposed the European Data Protection Directive (Directive 95/46 EC), was due to be replaced by the GDPR on 25 May 2018. While the UK’s Minister for Data Protection has not ruled out the possibility that the GDPR will still take effect in the UK on that date,1 this is not certain. The UK has yet to trigger the exit mechanism to leave the EU (Article 50 of the Treaty on the Functioning of the EU). However, if it does, it will ordinarily have two years to renegotiate its legal relationship with the EU. There will therefore be a time period between the entry into force of the GDPR in May 2018 and the conclusion of the re-negotiation agreement when the UK will find itself in a legal limbo.

UR - http://www.scopus.com/inward/record.url?scp=85070891511&partnerID=8YFLogxK

U2 - 10.1093/idpl/ipw018

DO - 10.1093/idpl/ipw018

M3 - Editorial

VL - 6

SP - 167

EP - 169

JO - International Data Privacy Law

JF - International Data Privacy Law

SN - 2044-3994

IS - 3

ER -