作者:金杜律师事务所 King & Wood Mallesons

The debate about Brexit would be incomplete without considering the data protection and privacy implications.

如果不考虑数据保护和隐私权方面的影响,关于英国退欧的讨论就不全面。

Many UK businesses feel constrained by European data protection laws, which restrict the way in which they can handle personal data. However, it’s a key issue for many voters, who value their privacy in an increasingly digital world.

很多英国企业感觉受到欧盟的数据保护法所束缚,因为这些法律限制企业处理个人数据的方式。但这对许多参加公投的选民来说很重要,因为大家在日益数字化的世界中更加重视个人隐私。

So what would happen on data protection if Britain were to exit Europe? First of all, data protection laws in the UK would still exist in some form or another. The UK’s Data Protection Act has been in force since 1998 and that would continue to be in force unless and until the Government were to change those laws. The position is a little bit more questionable in terms of future laws that are being developed at a future level. At the moment, there has been much debate concerning a new general data protection regulation which will have direct force on the member states of the European Union. If Britain were to exit the EU then that regulation would not have force in the UK and, therefore, there would be a question mark as to how the British Government and British businesses would need to deal with those changes in law. On the one hand, British businesses would still need to comply with the general data protection regulation on many levels. This is because the jurisdictional scope of that new regulation would apply to any businesses that are processing the personal data of European citizens. So Britain exiting Europe would not actually remove the red tape that British businesses would need to comply with. Britain would effectively have to make a choice as to how it would like to deal with Europe in the future. It could adopt an approach similar to that of Switzerland, which tries to ensure that it has equivalent data protection laws in place to match those in force in other European member states. What that means is that Switzerland can enjoy data transfers between European member states and itself, without the need for additional agreements at an international level or between European and Swiss businesses.

英国一旦退出欧盟,数据保护会发生哪些变化?首先,英国的数据保护法律仍会以某种形式存在。英国的《数据保护法》自1998年生效,并将持续有效,除非英国政府修改这些法律。在整个欧盟正在制定的数据保护法方面,情况稍有些不确定。目前,一部新的一般数据保护条例引起了普遍热议,条例将在欧盟成员国直接生效。英国一旦退出欧盟,这部条例将不会在英国生效;因此,英国政府和英国企业将如何应对这些法律变更,还是一个问号。一方面,英国企业仍然需要在许多层面遵守一般数据保护条例。这是因为这部新法规的管辖范围适用于处理欧洲公民个人数据的任何企业。实际上,英国退出欧盟并不会消除英国企业需要遵守的繁琐程序。怎样在未来与欧盟打交道,英国必须做出选择。英国可能会采用瑞士的策略,即制定与欧盟成员国的现行数据保护法相匹配的同等法律。通过这种方法,瑞士与欧盟成员国之间可以进行数据传输,而不必在国际层面或欧盟企业与瑞士企业之间另行签订协议。

However, if the UK Government were not to agree with the higher level of protection that would be imposed by the general data protection regulation at an EU level then it might seek to take more of an approach akin to that of the United States, where various laws are in place, which have much lower standards of protection than in the EU, but in which the US Government has agreed to put in place certain protections to allow more easy cross-border transfers of data from Europe to the United States.

但是,英国政府如果不同意欧盟一般数据保护条例所带来的更高层面的数据保护,可能会采取与美国更为类似的做法,也就是实施多部法律,但这些法律所规定的数据保护标准比欧盟低得多,美国政府同意落实某些保护措施,使得从欧洲向美国的跨境数据传输更为简便。

It is true that Britain would enjoy a higher degree of control over its own data protection laws. The effect of that, however, could cut both ways. First of all, it would be much easier for the Government to pass new surveillance laws which it is always seeking to do to obtain more access to personal data on users of mobile phones, regarding individuals’ website activities and so forth. However, any of those new surveillance laws would not be subject to challenge by the Europe Court of Justice and, therefore, in many ways, individuals may lose some of the rights of privacy that they have enjoyed to date.

英国肯定对本国的数据保护法有更严的控制。但这种做法却是一把双刃剑。一方面,英国政府如愿以偿,更容易通过数据监控法,从而能更广泛地获取用户手机中的个人数据,了解网站用户行为,等等。但是,由于欧洲法院无法对这些新的数据监控法提出异议,个人可能会丧失一直以来享有的某些隐私权。

In conclusion, if Britain were to exit the European Union, Britain would obtain more control over its own privacy laws. However, British businesses would still need to comply with the red tape that is imposed by European standards concerning data protection and Britain would lose its seat at the table in determining what those standards would be in the future.

总之,英国一旦退出欧盟,将对本国隐私法律进行更多控制。但是,英国企业仍然需要遵守欧盟数据保护标准所规定的繁琐程序,同时英国将丧失在谈判桌前制定这些标准的话语权。