UK Snooper’s Charter could hinder post-Brexit data deal with EU

Data with mug

16 December 2016. By Magnus Franklin.

When UK citizens voted to leave the EU, they envisaged “a Britain in which we pass our own laws and govern ourselves,” as Theresa May put it. But they may get exactly the opposite when it comes to a new British surveillance law.

The bill, which passed into law last month, gives UK intelligence agencies and police sweeping eavesdropping powers. The snag is that those provisions could block companies in Britain from transferring data to and from the Continent after a Brexit.

To keep the data flowing, London might be forced to soften its own new law, MLex has learned.

‘Adequacy’ decision

Lawmakers in the European Parliament have been analyzing EU legislation that will be affected by the UK’s departure. The laws under review include privacy rules that allow banks and other companies in the British Isles to transfer personal data freely inside the bloc.

To maintain that privilege after Brexit, the UK will need to demonstrate that its privacy standards adhere closely to the bloc’s new privacy legislation, as the country’s top data-protection regulator, Elizabeth Denham, has said.

But EU lawmakers have raised serious concerns about the new UK surveillance law, MLex has learned.

Those reservations could hinder British efforts to obtain an “adequacy” decision from the EU saying that UK privacy rules comply with pan-European law post-Brexit.

National security

Under European law, each national government manages its own surveillance activities and other security matters. EU officials have very limited power to rein in excessively intrusive measures.

But once Brexit becomes a reality, the UK will have to gain “adequacy” status, using a mechanism that allows EU officials to certify that its data-protection regime affords European citizens the same protections as they have under EU law.

That’s where the UK’s new Investigatory Powers Act could cause trouble, because it violates European privacy rules protecting citizens from mass surveillance, EU lawmakers say.

The Snooper’s Charter, as the British press calls it, allows UK authorities to issue “interception warrants” authorizing expansive eavesdropping on communications to and from the British Isles.

A similar provision allowing mass surveillance in the US proved a major stumbling block in the EU’s negotiation of a trans-Atlantic data-transfer deal. Washington had to adopt new legislation to boost the legal standing of Europeans and to commit to curbs on its intelligence services before the bloc approved the new “Privacy Shield” regime.

EU Parliament members are concerned that the UK surveillance law would be incompatible with pan-European privacy safeguards, MLex understands. This difficulty would linger even if the UK were to adopt legislation very similar to EU privacy law for purposes other than safeguarding national security.

The upshot: The UK government might be forced to redraft its surveillance law to restrain British snooping powers over Europeans. Alternatively, it could keep its surveillance powers, which would force UK-based companies to rely on more cumbersome mechanisms if they want to keep transferring personal data in and out of the EU.

Receive MLex Editor's Picks in Your Inbox

Complete this form to receive emails from MLex with selected highlights from our global coverage of regulatory risk and opportunity, as well as upcoming events, special reports and exclusive interviews.