Who'll guard your personal data post-Brexit?
Regulatory arbitrage and data flows
Britons should remain in the European Union to protect their data, says Rafael Laguna of Open-Xchange.
He's not alone.
"If the UK chooses to diverge its data protection laws from the new General Data Protection Regulation (GDPR), it will become more difficult to export data to and from the EU and UK (without putting in place EU model clause contracts or binding corporate rules)," wrote lawyers Toni Vitale and Rhoda Elise Bryans of Addleshaw Goddard.
"Implementing model clause agreements between every legal entity in a complex corporate structure is at the very least an administrative headache."
But like all Brexit anxieties, that depends whether the UK chooses to follow EU data protection precedents, as non-EU European states do, the lawyers admit. The UK might want to introduce its own. Or scrap them altogether.
"The current UK government has opposed many of the changes which the Regulation will introduce, which raises the possibility that it may simply maintain the existing UK law, which could be seen as a business-friendly move," the lawyers write [PDF].
In any case, the GDPR doesn't come into effect until 2018 – giving a post-Brexit Britain plenty of time to choose what it keeps.
Laguna thinks that for all its faults, the superstate has done a better job of protecting data than individual states might have done on their own:
"I think the European Union has done a pretty good job being progressive in protecting users' privacy," he told The Register.
"Bringing down Safe Harbour, for example, or suing Google for its monopolistic behaviour. You need the power at the level of an EU to do that. The over-regulation that comes with the EU is bad, and the EU needs to change in many ways. That's no different to local government. They overreach a lot too, and so does the EU."
Corporate IT departments aren't keen on the onerous GDPR, but its removal will level the playing field for smaller and more nimble operations. ®