As opposition grows in the British Parliament to the nearly 600-page agreement negotiated by Prime Minister Theresa May’s government to withdraw the United Kingdom from the European Union, it’s increasingly clear that the current text will not be the final word. But even if the British government is ignominiously sent back to the negotiating table with Brussels, it would be a mistake to dismiss the behemoth withdrawal agreement, and the accompanying 26-page political declaration on the future U.K.-EU relationship, as headed for the trash heap.
Kenneth Propp teaches European Union law at Georgetown University Law Center, and consults on transatlantic digital and privacy issues. He was director of trade policy for BSA | The Software Alliance, a trade association of major software companies, where he advised and advocated on digital trade and international privacy issues. Prior to that, he served from 2011-2015 as legal counselor at the U.S. Mission to the European Union in Brussels, Belgium, leading its diplomatic and legal activities with the EU on privacy and digital legal and policy issues. As an attorney at the U.S. Department of State, he participated in negotiation of a number of international trade agreements, as well as a series of agreements reached between the United States and the European Union on data transfer in the commercial and law enforcement contexts.
Subscribe to this Lawfare contributor via RSS.
As the United Kingdom approaches the early 2017 start of negotiations on its departure from the European Union, questions are emerging about the future direction of the country’s EU-based data privacy laws. In parallel, the British Parliament is close to completing a comprehensive overhaul and expansion of its controversial surveillance laws. At stake in these two exercises is whether the UK will retain a recognizably European balance between privacy and security, or will move closer in approach to its American cousin.
Brexit: When and How?
Over the past fifteen years, an uneasy trans-Atlantic equilibrium between U.S. law enforcement and security agencies’ collection of personal information, sometimes on a bulk basis, and European privacy protection imperatives has prevailed—even despite Edward Snowden's disclosures. Most notably, beginning in the immediate post-9/11 era, international agreements enabling U.S. access to Europeans’ airline passenger name records (PNR) and international bank transaction data were reached, and have been quietly functioning.
In the years since Edward Snowden claimed that U.S. intelligence agencies were tapping into Europeans’ personal data flowing to the United States through undersea cables, an icy distrust has prevailed between Washington and Brussels on the subject of privacy and security. Tensions reached a new high last fall, when the European Court of Justice (ECJ) invalidated the principal legal mechanism for trans-Atlantic data flows, the U.S.-EU Safe Harbor Framework on protecting personal information in the commercial context.