The Japanese government has expressed concerns to the UK and Europe that Brexit may impact the current level of data protection and the free flow of information across borders.
In a lengthy missive addressed to both parties, Japan’s Foreign Ministry set out the terms it hopes they will abide by during upcoming negotiations.
“What Japanese businesses in Europe most wish to avoid is the situation in which that they are unable to discern clearly the way the BREXIT negotiations are going, only grasping the whole picture at the last minute,” it states.
“It is imperative for the UK and the EU to regain the confidence of the world and ensure their unwavering competitiveness by increasing the predictability of the Brexit process, ensuring the outcome is free of unpleasant surprises and reducing the risks emanating from uncertainty.”
Of note to those in the information security space will be “maintenance of the access to workers who are nationals of the UK or the EU”; “maintenance of the freedom of cross-border investment and the provision of services”; and “maintenance of the current level of information protection and the free transfer of data.”
Tokyo’s concerns echo those of experts Infosecurity spoke to recently, who fear that if the UK fails to adhere to the General Data Protection Regulation (GDPR) with harmonized laws following a Brexit, it could be a huge blow for the country’s burgeoning digital economy as businesses take their data out of Britain.
The coming Investigatory Powers Bill, with its apparent enshrining into law the principal of mass surveillance, could cause further problems in data transfers and may even require a separate Privacy Shield-style agreement which could take years to hammer out, it’s also been argued.
Japan’s message to the UK government calls for “close co-operation on the facilitation of data transfer among Japan, the UK and the EU.”
It adds:
“Once the UK is no longer bound by the EU’s data protection legislation, the smooth cross-border transfer of personal data between the UK and the EU may become difficult. This could affect ICT businesses conducting data centre operations based on their establishment in the UK with declining demand from data centre users such as cloud operators managing personal data within the EU. Furthermore, the transfer of information between a parent company and its subsidiaries could be affected.”
However, security experts were less nervous about such concerns.
Egress Software Technologies CEO, Tony Pepper, argued that UK companies would stick to the GDPR even following a Brexit, which may not happen in any case for several more years.
“Even once Britain leaves, companies which trade across different EU member states will still need to comply with the GDPR itself. Even those that don’t will probably still be required to comply with the law; Britain’s Information Commissioner’s Office (ICO) has implied that it plans to incorporate most of the same aspects of the GDPR into a future British data protection law,” he told Infosecurity.
“So, even if UK firms which don’t trade across Europe won’t need comply with the GDPR per se, the data protection measures it calls for will still need to be respected.”