Data Protection Laws in a Post-Brexit Britain: Why Uniformity is Essential

Ryan Thompson May 16, 2019 0

Brexit” (Public Domain) by

Data, in many ways, has
become currency on the internet. In many ways, it’s a precious commodity
that’s not only given away by individuals but also traded by corporations and
governments. Although estimates are outdated almost as soon as they’re
published, BBC
Science Focus reported
that the big four (Google, Amazon, Microsoft
and Facebook) alone store more than 1,200 petabytes of data. In slightly
less technical terms, that equates to 1.2 million terabytes (one terabyte is
1,000 gigabytes).

With big data come big opportunities.
Because today’s smart devices record almost every movement, activity and
interest, those with power can make use of it. Naturally, it’s not always for
the general good. When the Facebook/Cambridge Analytica scandal broke in 2018,
it not only revealed the extent to which data is collected but also how
valuable it can be. As well as being bought and sold, some companies are now
using it to target key demographics and sway popular opinion.

Facebook Data Scandal
Raises Privacy Concerns

In fact, such was the impact of the
Facebook data scandal that Guardian writer Julia Carrie Wong claimed in a 2019
article that
it “changed the world”
. Even though politicians and
legislators are calling for Facebook to be regulated, companies are now being
forced to take privacy more seriously. Today, businesses
need to consider data loss prevention (DLP)

as an integral part of their core structure. Part of a larger set of a data
security standards, DLP protocols
cover a variety of areas to ensure information doesn’t leak outside of its
intended destination. Imperva defines DLP as “the practice of detecting
and preventing data breaches, exfiltration, or unwanted destruction of
sensitive data”.

Under this definition, all data, not
just that harvested from end users, is covered. In practice, data secured on
clouds as well as intellectual property stored in digital formats is brought
into the mix. What’s more, DLP is used to improve data transparency within
large organisations in addition to preventing common cyberattacks such as

Multifaceted Solutions to
Complex Data Problems

” (CC BY 2.0) by Visual Content

Practically, DLP requires a holistic
approach. Using an Intrusion Detection System (IDS) to protect stored data is
one component. However, any company not wanting to breach data protection laws
will need to monitor inbound and outbound communications i.e. data in transit.
Beyond that, Security Information and Event (SIEM) technology is needed to
secure data storage points and identify any weaknesses in a system.

Put simply, when it comes to DLP, a
multifaceted approach is required. Of course, given how valuable data is and
the problems that can arise following a system breach, this is hardly
surprising. However, what’s interesting is how this ties into the political
world. In 2018, the European Union’s (EU) General Data Protection Regulation
(GDPR) was a major talking point. Penned in 2016, the doctrine is designed to
give EU residents more control over their personal data and, in turn, tighten
the laws regarding privacy, storage and transparency.

Indeed, visit any website operating out of
the EU today and you’ll be asked to accept or reject certain data tracking
cookies. While GDPR may have helped steady the ship and give consumers more
ways to protect their online identity, the data debate doesn’t stop there. With
Brexit throwing another curveball at European businesses, the issue of data
loss has come to the fore. In a note published on, it was made clear
that GDPR will remain in place when the UK leaves the EU. As
stated, the EU Withdrawal Act 2018 (EUWA) retains the “fundamental principles”
of the current data protection laws.

GDPR Will Remain a
Political and Practical Constant

However, to ensure seamless transition,
appropriate changes to the GDPR and the Data Protection Act 2018 using
regulation-making powers under the EUWA will have to be made. Importantly,
even in the event of a no deal Brexit, the same GDPR standards will apply
to all businesses with an online presence. Therefore, even in an uncertain
political climate, the value of online data and also its protection
remains a constant. But, even with the best intentions of keeping GDPR standards
post-Brexit, the issue may be slightly more complex.

Aligning laws between political regions
isn’t uncommon. However, we’ve already seen certain problems arise with regards
to GDPR on an international scale. Although rare, there are cases where UK and
EU residents can’t access US-based sites – more often than not, these
are local US news sites. Because the sites in question don’t have the
resources or inclination to comply with GDPR, they’ve had no choice but to
block EU residents. Although a period of adjustment is expected, similar issues
could arise after Brexit.

Brexit Could Break the

& ePrivacy Regulations
” (CC BY 2.0) by dennis_convert

For example, if the EU decides to update
GDPR and the UK doesn’t implement this set of regulations domestically, a misalignment
could occur. In other words, the UK might follow GDPR standards for the most
part but not fully. In other scenarios, slight misalignments between domestic
and European laws don’t always matter. However, with the internet being
borderless, even a small disagreement could have a huge impact on a user’s
online experience.

In this regard, data is even more important
than it would first appear. Yes, online information has become a powerful
bargaining tool for businesses and governments. However, it’s value stretches
beyond that. With privacy laws being what they are and politicians pushing for
further controls, standards matter. Brexit or no Brexit, businesses need to
ensure they have robust DLP protocols. Beyond that, those in charge need to
ensure a level of uniformity across the board to ensure political differences
don’t disrupt the flow of data and, in turn, the freedom of the internet.

Reddit this article ↓