Brexit Impact on the EU Data Privacy Shield

Brexit Impact on the EU Data Privacy Shield

As businesses seek to understand the implications of the Brexit vote, both in the near-term and long-term, it is interesting to reflect on the potential implications to the EU-U.S. Privacy Shield regulation and the future of data privacy for business.

Proposed as a replacement to the Safe Harbor act, the EU-U.S. Privacy Shield is designed to create a standard privacy framework to protect EU citizens when their personally identifiable information (PII) and non-Public Information (NPI) is stored on computers in the United States. While this Privacy shield has been defined, it is not scheduled to go into effect until 2018.  Setting aside that the Privacy Shield already has a number of challenges since most countries internal to the EU do not respect the same level of privacy controls that the EU is seeking to obligate the U.S. to.  How will the advent of Brexit impact the validity of the Privacy Shield.

As a side note to keep this topic interesting, it is important to know that most U.S. to EU telecommunication circuits traverse the UK? So the implications of Brexit are far more than academic. For that matter most telecommunications traffic from the middle east traverses UK telecommunications infrastructure. There is a very real and practical issue that is not physically possible to avoid without major infrastructure investment. If the UK exits the EU, they will have to become a third party in the EU to U.S. Privacy Shield discussions.

Since prior legislation governing U.S. and EU data privacy called Safe Harbor was dissolved in 2015, U.S. based businesses have been struggling to avoid fines from EU countries. Yet the Privacy Shield also creates significant data management burdens on organization that rely on PII and NPI data. Most transaction retention laws in the U.S. and Europe designed to protect citizens by enabling jurisdictions to aggregate and watch for patterns of illegal behavior directly conflict with Privacy Shield language.

However, no matter how challenging the Privacy Shield is to implement into business processes, it is still better to have a single standard than the potential of hundreds of unique laws and regulations that businesses would otherwise have to address if each European country asserted their own requirements.

I hope that the issues associated with Brexit (potential) will spur the European and U.S. negotiators to work out a consistent and realistic compromise on regulations regarding PII and NPI data privacy.



European Commission. (2016, February). EU-U.S. Privacy Shield. Retrieved July 2, 2016, from
Roberts, J. J. (2016, June 28). How Brexit Is good news for a major privacy deal [News]. Retrieved from
Whyman, P. B., Baimbridge, M., & Burkitt, B. (2012). Moored to the continent?: Future options for Britain and the EU. Exeter, UK: Imprint Academic.


Fiona Sussan's picture Fiona Sussan | July 2, 2016 8:27 pm MST

Insightful piece. First, what is the non-EU UK view on Pirvacy Shield? Does UK share the same view on digital privacy as EU? What kind of infrastructure investment will be added for UK?  How about digital privacy law - UK being common law and Germany being civil law? Will digital privacy law be different from UK than EU after Brexit? How about enforcement? 

James Rice's picture James Rice | July 3, 2016 11:53 am MST

I am also interested to see in there will be any effort by the EU to invest in telecommunication infrastructure to reduce the dependance on the U.K. as a telecommunications gateway to the EU and the Middle East.  Who is in the best position to make this kind of investment and how would it effect the U.K. economy?

For a current map of international and intercontinental telecommunications connectivity, see

Lynne Devnew's picture Lynne Devnew | July 9, 2016 7:53 am MST

What a great example of the challenges that are the unintended consequences of governance changes!  

As I read your post I wondered how involved representatives from the UK had been in developing the current EU position and, if involved, had they supported the proposals that were adopted?  If they were in synch with the EU position, having the UK as a separate party to the negotiations might not create much of a ripple; however, if the UK representatives had a unique position that was not accepted, it would appear the current "agreements" might have become quite meaningless.  Based on your description, at least in the short term the UK would seem to be in a position of considerable power!

I find the unintended consequences of major decisions (often consequences not even thought about at decision-making time) really interesting!  Thank you for bringing this to my attention.  I wonder how many other unintended consequences haven't even surfaced yet!

Fiona Sussan's picture Fiona Sussan | September 16, 2016 12:45 pm MST

The submarinecablemap is fascinating. This brings to another happening is Brazil is connecting to Europe direct diluting some of their dependecies of going through North America.  What is the cost sharing structure like when the cable go through a port? First the infrastructure, is it a consortium that pay for the cable, or telecom company, or government funded? second, what standards, are all submarine cable of same standard? third, competitive products like satellite? Fourth, who maintain these cables? Fifth, are underwater cable subject to pirates or terrorist attack? How are all these being played out - will UK charge EU in the future which could be a big potential economic benefit for UK, 

About the Author

Visit Our Blog

Visit the Research Process Blog for insights and guidance from University researchers Go >>


Recent News