The UK’s vote to leave the EU means that we no longer have a clear idea what levels and kinds of protection of digital rights we will have in the future. Nearly all the relevant law is European. A lot depends on the kind of model of leaving the EU that the UK adopts.
The short term
Nothing changes in the short term. The UK must abide by legislation, incorporate new regulations and directives as they come along. Decisions of the Court of Justice of the European Union (CJEU) must be implemented. This could produce the potential for conflict between the UK and European Union, as the EU decisions will be seen to be less politically legitimate. However, it would be unwise for the UK to pick fights and fail to abide by EU law, as this would risk a swift ejection, and certainly weaken our negotiating position. Yesterday we also discussed the implications for the Investigatory Powers Bill debate.
Legislation that we currently depend on
Data Protection laws, e-privacy, net neutrality and other telecoms regulations, copyright enforcement and copyright laws are all currently written in the EU. Data retention and Passenger Name record retention are also decided upon at EU level.
Some of this legislation is very positive. The new data protection regime will for instance provide much better enforcement of some basic privacy rights.
EU legislation also has to abide by fundamental rights, defined in the Charter of Fundamental Rights and interpreted and enforced through the Court of Justice of the European Union (CJEU). Outside of the EU, the direct influence of the CJEU on UK law will be much lessened.
Enforcement of human rights
Recently, the CJEU has made many major digital rights advances, such as limitations on data retention and requiring better privacy protections from the USA for data transfers, and thereby cancelling “Safe Harbour”. This has not always been popular with the UK government.
In the longer term the CJEU and European Court of Human Rights (ECHR) should work to the same privacy standards, so in theory the UK’s legislation will still be subject to the same considerations. However, the ECHR does not make instructions to UK legislators, but sets principles which must be taken into account when looking at laws. This leaves a lot of flexibility in the hands of legislators. In contrast, the CJEU as an EU court makes direct instructions to EU institutions about laws and decisions, which has been demonstrably effective.
The Single Market
It is possible that these laws continue to be important, depending on the level of future integration with the Single Market. If so, things will be difficult for UK digital rights advocates, and digital industries, in that we will have less opportunity to shape legislation, for instance by working with MEPs. Single Market access is commonly known as the “Norwegian model” or European Economic Area (EEA) membership.
However, many digital businesses will prefer having the legal frameworks to standing fully outside of the Single Market.
If we are in the EEA, then the CJEU is no longer involved in UK decision making regarding EU law. The EEA has its own court for these purposes. It does not consider human rights in its decisions however.
Single Market access is both economically rational and politically very difficult, especially given the debate about immigration, as free movement of labour is likely to be a requirement. There would still be payments to the EU. The major change would be control of fish and agriculture policy.
Many Conservative politicians seem to be edging towards this kind of position as a workable compromise, albeit they contend they can secure limits on free movement. EEA membership would satisfy the narrow of the referendum, .
It is also possible that a ‘full Brexit’ leaving us outside of the Single Market would place all these laws into flux. At this point, the laws might be simply incorporated into UK law, or else, they would be reviewed and potentially scrapped.
For UK digital rights, this would be the most concerning. The pressure to deregulate in order to compensate for the loss of single market access would be very high. The changes could be made very swiftly, with little democratic oversight.
We would need to be confident that the UK develops much stronger constitutional protections for human rights to be fully supportive of a solution along these lines. We would need to be convinced that Parliament would be in control of the changes and would be given sufficient time to consider the changes it would be making.
There is a democratic case for a full Brexit, rather than staying within the Single Market while the EU sets laws with just consultation processes to understand the position of the UK government.
That said, the influence of EU legislation would not simply disappear. Passenger Name Record legislation may have to exist for flights to continue between the UK and EU, and data protection standards have to exist if UK companies trade with EU citizens. Even the USA has to provide these protections for Europeans. We could easily end up copying the bulk of legislation even outside of the Single Market, but of course, with even less influence over its development, and less of the economic benefits.
The digital environment is already international. There are good reasons for laws to become more consistent, rather than less. Whatever solution is adopted, this pressure will exist.
What do we do?
The Open Rights Group will engage in a discussion with supporters and experts about our preferred way forward, and how we deal with some short term issues, such as enforcement of net neutrality provisions. Decisions about the UK’s future will be based on much wider considerations, but we will explain the impacts of different models on digital rights. If you have thoughts about any of these issues, please let us know in the comments, or get in touch by email.