Ross Woodham, Director, Legal Affairs & Privacy, Cogeco Peer 1
Amid the noise and fury of Brexit, the Snoopers’ Charter snuck in under the radar with very little coverage in the mainstream press. Formally known as the Investigatory Powers Act 2016 (IPA), the legislation was given royal assent in November last year, so it is now law.
This new surveillance law requires web and phone companies to store everyone’s web browsing histories for 12 months, and give the police, security services and a whole range of other agencies unprecedented access to the data. Whistle blower Edward Snowden tweeted: “The UK has just legalised the most extreme surveillance in the history of Western democracy.”
There’s just one rather glaring problem. It’s incompatible with existing European data protection laws. And to emphasise this point the European Court of Justice recently declared the IPA’s predecessor, the Data Retention and Investigatory Powers Act 2015, which the IPA replaces, illegal.
Europe’s highest court said that general and indiscriminate retention of emails and electronic communications by governments is illegal and only targeted interception of traffic and location data in order to combat serious crime, including terrorism, is justified.
This presents a potential challenge for UK businesses. The US Safe Harbour framework was declared invalid under similar actions of the US National Security Agency by the European Court of Justice.
Following Brexit, the UK could face similar issues irrespective of implementing the new GDPR in 2018. So any company that is holding personally identifiable information on an EU citizen, or any company doing business with Europe, could be impacted.
European organisations doing business with the UK will be keeping a close eye on developments and looking to hosting providers to help provide solutions.
To find out more about what Brexit means for data sovereignty in the UK, check out Ross’ article in IT Pro Portal.