Government unsure how EU data protection laws will apply post-Brexit

Government unlikely to understand how EU rules will apply before UK withdrawal

The UK government is unsure how European rules will affect the storage and transfer of personal data in the UK following the country's vote to leave the EU.

Data protection minister Baroness Neville-Rolfe has explained that the government cannot determine how it will have to apply EU rules on data before discussions about withdrawing from the EU take place.

However, Neville-Rolfe explained that the basic problems are not likely to be vastly different. Her main focus in the digital space is the EU General Data Protection Regulations (GDPR) which take effect in the UK on 25 May 2018.

"All of us ... need to consider carefully what might be done to replace [the GDPR] if and when it ceases to have effect or in the event that it never comes into force," she said.

Neville-Rolfe echoed a statement from the Information Commissioner's Office (ICO) that any country wishing to share data with EU member states or handle EU citizens' data will need to provide adequate protection.

She explained that the government will work closely with the ICO during this transitional period to guide businesses implementing the regulation. The Data Protection Act will continue to be the UK's data protection legal framework in the meantime.

The Safe Harbour agreement is about to be replaced by the EU-US Privacy Shield, but again Neville-Rolfe suggested that it isn't clear how this will affect the UK.

"We will need a satisfactory understanding with the US of the rules to be applied," she said, hinting that the UK will have to draw up its own pact with the US.

Neville-Rolfe urged business leaders to "get on with it" when it comes to cyber security, and said that the Internet of Things is a "huge opportunity for Britain at home and overseas with its strength in digital, its creative, innovative people and strong universities to keep up the flow of new ideas and intellectual property".

She said that it will be important to establish a clear basis for dealing with the protection of users and third parties, and liability, in areas where automation takes a large role, such as driverless cars. She welcomed the IoT Council's work in putting together a common industry approach to these problems.

Neville-Rolfe explained that there will be more to say in the government's digital strategy, but that it "would be imprudent" to forecast its exact timing.