Brexit Fallout Continues – ePrivacy
The fall-out over the Brexit vote has already started concerns that the UK will lose its influence over the EU review of online privacy laws - and any future legislation - as the long-running dispute over transatlantic data transfers appears to be settled.
Brussels chiefs have already started a consultation on the ePrivacy Directive – including the Privacy & Electronic Communications Regulations (PECR) – which covers all online and mobile marketing, SMS, email and telemarketing activity.
The Directive was last updated in 2009 to provide clearer rules on customers’ rights to privacy. In particular, on so-called “cookies” and personal data breaches.
But Fedma - the Pan-European lobbying body of the direct and digital marketing industries - has already lamented the fact that UK experts will not be able to influence discussions.
Fedma co-chairwoman Dr Sachiko Scheuing said: “The UK has been instrumental in helping to shape the future of privacy in Europe and seen a huge number of legal professionals, business experts and data practitioners inform the legislation which will influence the way companies are able to target EU residents.
“Now the UK has left, that expertise will be unable to continue to add value to, for instance the ePrivacy directive, in the same way moving forward.” The move comes as the EU and US seem to have finally settled their differences over the transatlantic data transfer pact, Privacy Shield.
Industry experts, MEPs, UK Information Commissioner Christopher Graham, and the EU Article 29 Working Party – which is made up of the data chiefs of all EU states – had all criticised the levels of protection offered.
But the new agreement has seen the US commit not to continue its bulk collection of data sent from the EU to the US, while there are also more explicit data retention rules, and the ombudsman - who will act in any disputes - will be independent from national security services.
A spokesman for the European Commission said: “This new framework for transatlantic data flows protects the fundamental rights of Europeans and ensures legal certainty for businesses.”
While the agreement will only apply to the UK until it officially leaves the EU, the UK Information Commissioner has reaffirmed its view that Britain would need to adopt similar terms, much like it will for the EU's General Data Protection Regulation.
In a statement, the ICO said: “If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove 'adequacy' - in other words UK data protection standards would have to be equivalent to the GDPR framework starting in 2018."