Category Archives: Brexit

Information Law and Policy Centre Annual Lecture and Workshop

An afternoon workshop and evening lecture to be given by leading information and data protection lawyer Rosemary Jay.

Restricted and Redacted: Where now for human rights and digital information control?

The Information Law and Policy Centre is delighted to announce that bookings are now open for its annual workshop and lecture on Wednesday 9th November 2016, this year supported by Bloomsbury’s Communications Law journal.

For both events, attendance will be free of charge thanks to the support of the IALS and our sponsor, although registration will be required as places are limited.

To register for the afternoon workshop please visit this Eventbrite page.

To register for the evening lecture please visit this Eventbrite Page.

Please note that for administrative purposes you will need to book separate tickets for the afternoon and evening events if you would like to come to both events.

AFTERNOON WORKSHOP/SEMINAR 
11am – 5pm (lunch and refreshments provided)

For the afternoon part of this event we have an excellent set of presentations lined up that consider information law and policy in the context of human rights. Speakers will offer an original perspective on the way in which information and data interact with legal rights and principles relating to free expression, privacy, data protection, reputation, copyright, national security, anti-discrimination and open justice.

We will be considering topics such as internet intermediary liability, investigatory and surveillance powers, media regulation, freedom of information, the EU General Data Protection Regulation, whistleblower protection, and ‘anti-extremism’ policy. The full programme will be released in October.

EVENING LECTURE BY ROSEMARY JAY, HUNTON & WILLIAMS
6pm-7.30pm (followed by reception)

The afternoon workshop will be followed by a keynote lecture to be given by Rosemary Jay, senior consultant attorney at Hunton & Williams and author of Sweet & Maxwell’s Data Protection Law & Practice. Continue reading

Brexit: “You don’t know what you’ve got till it’s gone”

Brexit IT law scrabble

In the following editorial, Professor Lilian Edwards considers the implications of the Brexit vote for information law and assesses the mood amongst the academic community in the aftermath of the EU Referendum.

The article was first published in Volume 13, Issue 2 of SCRIPT-ed: A Journal of Law, Technology and Society. Professor Edwards’ views do not represent those of the Information Law and Policy Centre or the Institute of Advanced Legal Studies. 

On 23 June 2016 a slim majority of UK voters decided we should leave the EU in one of the great political upsets of British political history. On 24 June, the next day, CREATe,[1] the RCUK copyright and business models centre which I have helped run since 2012, ran a one-day festival at the Royal Society of the Arts in London. This was designed to be a showcase and celebration of four years of working at the cutting edge of copyright and how it either helps or hinders the creative industries and arts. Hundreds of academics signed up to show and see, including the Director of CREATe, Martin Kretschmer of Glasgow University, from Germany by birth, and many others from all over Europe and beyond.

It was a classic international IT/intellectual property event: analysing laws made throughout the world to regulate globalised cultural markets, transnational data and product flows, disruptive technologies that disregard borders, and audiences as likely to listen to music made in Brazil via decentralised P2P networks, as watch Netflix series made in the US, or use smartphones made in Japan to watch Hindi pop videos on YouTube.

In the event, the CREATe Festival became more of a wake. Reportedly, experienced academics, who thought themselves hardened to trauma by years of bombardment from REF, TEF and NSS, were almost in tears at the first session. This writer, derelict of duty, was not there to corroborate, still staring like a rabbit in the headlights at the TV in a hotel bedroom in Docklands, where the dominant tech, business and financial workers were almost equally in shock.

So, Brexit. As the dust not so much settles as temporarily accumulates while we work out what on earth happens next, what are the implications for IT law and UK academe? Are they really as bad as they seemed that morning? Continue reading

What is the impact of the Brexit vote on the Investigatory Powers Bill?

IP bill 2 copyThe Investigatory Powers Bill is currently proceeding through parliament – its second reading in the House of Lords took place on Monday 27 June.

Readers may have missed reports on the Lords debate amidst financial losses, Labour Party resignations, the Conservative Party leadership race and, of course, England’s embarrassing exit from Euro 2016 (among other things).

Given the ongoing political uncertainty and distractions after the Brexit vote, Open Rights Group campaigners have called on the government to halt the passage of the Bill on the basis that it cannot be adequately scrutinised by parliamentarians, the media and the public.

The Open Rights Group suggests that the passage of the Bill could be affected by the political crisis – the Bill could be accelerated or delayed depending on whether a General Election is called.

Ongoing legal cases may also affect its passage – particularly the impending European Court of Justice ruling on a case brought by MPs Tom Watson and David Davis in relation to the Data Retention and Investigatory Powers Act (DRIPA). In the Lords debate, Lord Butler described the DRIPA ruling as “hanging over the whole issue”.

Elements of DRIPA – emergency legislation passed in 2014 – have been included in the Investigatory Powers Bill. If the ECJ upholds a decision by the High Court in July 2015 that the sections on self-authorised access and bulk retention of data breach fundamental EU Charter rights under Articles 7 and 8, then this could have a significant impact on the IP Bill.

It is likely that any temptation to ignore ECJ rulings relevant to the IP Bill (and more generally) in light of the leave vote will be resisted as any failure to comply with current EU treaty obligations could possibly provide a pretext for greater EU action against the UK to speed up Brexit. Although there is no mechanism to formally expel the UK from the EU, indirect action could be explored which might put pressure on the UK’s control of the exit process through Article 50.

In the Lords debate, there was disagreement over the impact of the leave vote on the Bill. Lord Rosser noted that the vote to leave the EU had “added to the complexity” of the Bill due to uncertainties over European cooperation on security issues, but the Advocate General for Scotland, Lord Keen of Elie did not believe that any changes to the Bill would be required in light of the Brexit vote.

For the time being, the Bill continues its path to Royal Assent – the House of Lords committee stage is due to begin on 11 July.

What is the impact of Brexit on data protection and the GDPR?

A consensus already appears to be emerging among legal commentators that many UK organisations will need to comply with the provisions of the European Union’s General Data Protection Regulation regardless of the progress of the UK’s path to Brexit.

The GDPR was due to be adopted by the UK in May 2018 after a long process of EU legislative reform. As soon as the UK officially leaves the EU, in theory it is possible that the GDPR could be ignored – data protection is already written into UK law in the Data Protection Act 1998. In practice, however, if the UK continued to be part of the European Economic Area then the UK would have to abide by GDPR.

Moreover, as Andrew Cormack points out, any organisation outside the EU that wishes to process the data of “data subjects who are in the Union” will also have to abide by GDPR (Article 3(2)). This would be relevant to a number of UK organisations who need to process the data of EU clients, customers, students etc.

Further, any EU organisation sending personal data to the UK as a non-member state would no longer be able to guarantee that there was “adequate protection” of data in the UK, unless the UK sought to obtain a declaration to the contrary.

The position of the UK vis-à-vis GDPR was summarised by the ICO in a statement published in response to the referendum result:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

It is likely, therefore, that elements of the GDPR will be incorporated into UK law however Brexit progresses. Both Anya Proops QC and Eduardo Ustaran argue that any UK business which provides services into the EU will need to understand and comply with GDPR.