Data Protection Laws in a Post-Brexit Britain: Why Uniformity is Essential

    Brexit” (Public Domain) by

    Data, in many ways, has become currency on the internet. In many ways, it’s a precious commodity that’s not only given away by individuals but also traded by corporations and governments. Although estimates are outdated almost as soon as they’re published, BBC Science Focus reported that the big four (Google, Amazon, Microsoft and Facebook) alone store more than 1,200 petabytes of data. In slightly less technical terms, that equates to 1.2 million terabytes (one terabyte is 1,000 gigabytes).

    With big data come big opportunities. Because today’s smart devices record almost every movement, activity and interest, those with power can make use of it. Naturally, it’s not always for the general good. When the Facebook/Cambridge Analytica scandal broke in 2018, it not only revealed the extent to which data is collected but also how valuable it can be. As well as being bought and sold, some companies are now using it to target key demographics and sway popular opinion.

    Facebook Data Scandal Raises Privacy Concerns

    In fact, such was the impact of the Facebook data scandal that Guardian writer Julia Carrie Wong claimed in a 2019 article that it “changed the world”. Even though politicians and legislators are calling for Facebook to be regulated, companies are now being forced to take privacy more seriously. Today, businesses need to consider data loss prevention (DLP) as an integral part of their core structure. Part of a larger set of a data security standards, DLP protocols cover a variety of areas to ensure information doesn’t leak outside of its intended destination. Imperva defines DLP as “the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data”.

    Under this definition, all data, not just that harvested from end users, is covered. In practice, data secured on clouds as well as intellectual property stored in digital formats is brought into the mix. What’s more, DLP is used to improve data transparency within large organisations in addition to preventing common cyberattacks such as phishing.

    Multifaceted Solutions to Complex Data Problems

    Data Security” (CC BY 2.0) by Visual Content

    Practically, DLP requires a holistic approach. Using an Intrusion Detection System (IDS) to protect stored data is one component. However, any company not wanting to breach data protection laws will need to monitor inbound and outbound communications i.e. data in transit. Beyond that, Security Information and Event (SIEM) technology is needed to secure data storage points and identify any weaknesses in a system.

    Put simply, when it comes to DLP, a multifaceted approach is required. Of course, given how valuable data is and the problems that can arise following a system breach, this is hardly surprising. However, what’s interesting is how this ties into the political world. In 2018, the European Union’s (EU) General Data Protection Regulation (GDPR) was a major talking point. Penned in 2016, the doctrine is designed to give EU residents more control over their personal data and, in turn, tighten the laws regarding privacy, storage and transparency.

    Indeed, visit any website operating out of the EU today and you’ll be asked to accept or reject certain data tracking cookies. While GDPR may have helped steady the ship and give consumers more ways to protect their online identity, the data debate doesn’t stop there. With Brexit throwing another curveball at European businesses, the issue of data loss has come to the fore. In a note published on, it was made clear that GDPR will remain in place when the UK leaves the EU. As stated, the EU Withdrawal Act 2018 (EUWA) retains the “fundamental principles” of the current data protection laws.

    GDPR Will Remain a Political and Practical Constant

    However, to ensure seamless transition, appropriate changes to the GDPR and the Data Protection Act 2018 using regulation-making powers under the EUWA will have to be made. Importantly, even in the event of a no deal Brexit, the same GDPR standards will apply to all businesses with an online presence. Therefore, even in an uncertain political climate, the value of online data and also its protection remains a constant. But, even with the best intentions of keeping GDPR standards post-Brexit, the issue may be slightly more complex.

    Aligning laws between political regions isn’t uncommon. However, we’ve already seen certain problems arise with regards to GDPR on an international scale. Although rare, there are cases where UK and EU residents can’t access US-based sites – more often than not, these are local US news sites. Because the sites in question don’t have the resources or inclination to comply with GDPR, they’ve had no choice but to block EU residents. Although a period of adjustment is expected, similar issues could arise after Brexit.

    Brexit Could Break the Internet

    GDPR & ePrivacy Regulations” (CC BY 2.0) by dennis_convert

    For example, if the EU decides to update GDPR and the UK doesn’t implement this set of regulations domestically, a misalignment could occur. In other words, the UK might follow GDPR standards for the most part but not fully. In other scenarios, slight misalignments between domestic and European laws don’t always matter. However, with the internet being borderless, even a small disagreement could have a huge impact on a user’s online experience.

    In this regard, data is even more important than it would first appear. Yes, online information has become a powerful bargaining tool for businesses and governments. However, it’s value stretches beyond that. With privacy laws being what they are and politicians pushing for further controls, standards matter. Brexit or no Brexit, businesses need to ensure they have robust DLP protocols. Beyond that, those in charge need to ensure a level of uniformity across the board to ensure political differences don’t disrupt the flow of data and, in turn, the freedom of the internet.


    Please enter your comment!
    Please enter your name here