One of the great ironies of Brexit is that, irrespective of where we end up as a result of the present political hokey-cokey, the UK will move forward with a large piece of European thinking at the heart of its future trading policy. We all know and love this as the General Data Protection Regulation and the GDPR (plus a little bit around national security) is now enshrined within the UK’s 2018 Data Protection Act, passed with very little political comment. One of my tutors, a delightful Frenchman, as part of my training towards becoming a certified Data Protection Officer, would bemoan the lack of the British around the 2012 negotiating table as, in his view, a far more pragmatic regulation would have resulted. A studied silence regarding the GDPR from those on both sides of the Brexit debate continues to this day.
Nevertheless, not just the European Economic Area (EEA), but the rest of the world is coming round to taking on board these European data privacy rules, Brazil and Uruguay (!) have done so already while Japan and Australia are moving towards wholesale adoption.
Most interesting are developments in the USA. Currently, data protection here is carried out under the Privacy Shield but requirements revolve around a voluntary code of practice and voluntary registration and the Ombudsman in the US has few effective powers relative to her European counterparts.
Nonetheless, powerful business and media figures there have, in general, welcomed the impact of the GDPR as providing a baseline for good regulation –“ the Brussels effect” – and in the spring Mark Zuckerberg was quoted as saying it was a “very positive step for the internet”, although I am not aware of any more recent view from him.
It must be admitted that some US based organisations, such as Klout and several on-line video games have actually closed, citing that catering for their European consumers was too burdensome, while others have decided to confine their business model to North America.
Despite these examples, the tide does seem to be moving in the other direction, California – by some measures the fifth biggest economy in the world – recently passed the 2018 California Consumer Privacy Act giving its citizens the same rights and its businesses the same obligations as those that exist in Europe. It seems likely that on the east coast, New York, may soon follow suit in adopting European data privacy standards. This is very likely to create a gravitational effect of drawing in organisations wishing to do business in key parts of the US; encouraging them to put in place policies and resources to meet these standards too. Such ripples will therefore expand ever further outwards as more and more organisations expect their suppliers to do business in the same way. Adopting higher data privacy standards actually offers business opportunities to those prepared to take data privacy seriously as part of their organisational culture.
It is ironic that this is one European export that will likely underpin many of the world’s future trading agreements and, by extension, our own in the coming years.