What the UK’s Departure from the EU Means for Data Privacy and Security

Update – June 24, 2016: After a close referendum, the UK voted yesterday in favor of leaving the EU (52% v. 48%). As people start to worry what will happen to their cybersecurity, experts are stating that Britain’s cybersecurity should not have such a mysterious future and it’s predicted that Great Britain will potentially adopt legislation similar to the GDPR (allowing the UK to continue trade with the EU without as many road blocks). Britain’s exit, however, has spurred many questions in regard to human rights in general (which can include online rights) and whether or not British citizens will lose certain rights once the UK formally pulls out of the EU. Sources such as rightsinfo.org are helping to dispel human rights rumors and expose the facts. We will continue to track this complex issue as it unfolds in the coming months.

Original Post: As Great Britain decides today whether or not to remain a part of the EU, tensions are high. If the UK votes to leave the EU, they may be removed from many EU-related laws and regulations. However, would the UK still be susceptible to EU data protection laws?

As we previously reported, the Investigatory Powers Bill passed through the UK House of Commons this month, which would allow for mass surveillance of UK residents. The bill is slated to head to the House of Lords next for review and amendment before additional voting will occur. Meanwhile, the EU created their own data protection regulations that are allegedly much harsher than the UK Data Protection Act of 1998 that is still in place today. The rules, EU’s General Data Protection Regulation (GDPR), were enacted in Brussels in 2015 and will come into effect in 2018. These rules will apply to every entity that uses European personal data, both inside and outside of the EU. Therefore, if the UK wants to continue to do business with the EU market, the GDPR will impact the data being handled. For example, trade transactions between the UK and the EU, via personal data flows, will be regulated based on the GDPR, not the UK’s current data protection laws.

There are also some who believe that the GDPR would be a better protection for the UK rather than Britain enacting their own cyber security laws for their citizens, stating that the UK should want to remain in the EU to help dodge imminent cyber attacks. Brian Spector, CEO of Miracl, weighs in. “The right to privacy is a highly developed area of law in Europe. If Britain were to leave the EU, and its extensive human rights legislation, it’s likely to make it easier for future governments to access our data as and when they choose.” He goes on to add that British citizens would have far less protections than their EU counterparts, leaving them vulnerable and subject to cyber crime. A recent study by AlienVault found that a quarter of UK IT security professionals believed that leaving the EU would put their corporate data at risk.

Only time will tell whether or not cyber security in the UK falters based on today’s vote. At Golden Frog, we work hard to create products, like VyprVPN, that will never jeopardize Internet freedom and security. We hope that whichever path Britain takes today, it leads to strong data protection and individual online freedom.

Read more about the impacts of today’s vote on UK cyber security & data privacy: