UK-RoI Cross-Border Data Protection Network (Cross-DPN)
Lead Research Organisation:
University of Southampton
Department Name: Southampton Law School
Abstract
The UK-RoI Cross-Border Data Protection Network (Cross-DPN) will create a forum for discussing the challenges of data protection in the post-Brexit era through an interdisciplinary perspective, involving a number of stakeholders.
The protection of personal data is of critical importance from a social, economic and legal perspective. In contemporary global societies, networks of individuals, businesses and states heavily rely on flows of data across borders. Three-quarters of the UK's data transfers to other countries are with the EU. RoI hosts the European headquarters of leading technology corporations, such as Google and Facebook, which process data of millions of European and British citizens. Free transfer of data between RoI and Northern Ireland is vital for maintaining all island co-operation on an economic, political and social basis, and safeguarding peace.
Brexit disrupts the current data protection regime. Following the UK's departure from the EU, it is unclear whether and how personal data will continue to be freely transferred between the EU and the UK. In the absence of a specific agreement, the UK will be treated as a non-EU country, with important implications for citizens, businesses and national security agencies. Millions of citizens whose personal data are processed in the UK and thousands of businesses carrying out cross-border activities between the UK, RoI or other EU countries face major uncertainties about their future rights and obligations as regards data protection. As a result, the Irish border - a site where entities, mobility and information intersect - gives rise to an unprecedented puzzle pertaining to the mechanisms of data transfer to the UK, law enforcement and intelligence sharing, and administrative cooperation in the post-Brexit era.
Cross-DPN will build the first sustainable network of academics, civil society, industry and public officials to engage with data protection-related challenges in the post-Brexit era. The network is directed by a steering committee of four early career researchers, both from the UK and RoI, all experts in data protection and with a consolidated experience in network building, project management and knowledge dissemination. This network will be the first of its kind, both in terms of theme and in terms of range of stakeholders involved.
Its mission will be to pursue three main objectives:
1. to create a knowledge-sharing forum for assessing the challenges of data protection after Brexit and explore potential solutions;
2. to strengthen existing links between researchers from the UK and RoI and foster the formation of new relationships between academics and public/private stakeholders; and
3. to offer a platform for identifying common research agendas, laying the foundations for future collaborations, and applying for competitive bids in the area of data protection.
In order to achieve these objectives, we plan three activities that will start in January 2021:
a. we will organise four events in the RoI and the UK, focusing on the areas which will present major challenges for the development of data protection in the years ahead, namely: EU-UK data transfer mechanisms; the management of the Irish border and data protection; data protection in law enforcement and intelligence sharing; and institutional cooperation between UK, RoI and EU data protection authorities.
b. we will set up a website, social media channels and a mailing list for disseminating research outputs and the latest news relevant to data protection and Brexit.
c. we will organise an annual open call aiming to support short research visits by two emerging scholars whose research seeks to contribute to a better understanding of the challenges of data protection in the post-Brexit era.
Ultimately, Cross-DPN aims to open a new channel for dialogue in the island of Ireland, and contribute to maintaining the Irish border as a site of integration and cooperation.
The protection of personal data is of critical importance from a social, economic and legal perspective. In contemporary global societies, networks of individuals, businesses and states heavily rely on flows of data across borders. Three-quarters of the UK's data transfers to other countries are with the EU. RoI hosts the European headquarters of leading technology corporations, such as Google and Facebook, which process data of millions of European and British citizens. Free transfer of data between RoI and Northern Ireland is vital for maintaining all island co-operation on an economic, political and social basis, and safeguarding peace.
Brexit disrupts the current data protection regime. Following the UK's departure from the EU, it is unclear whether and how personal data will continue to be freely transferred between the EU and the UK. In the absence of a specific agreement, the UK will be treated as a non-EU country, with important implications for citizens, businesses and national security agencies. Millions of citizens whose personal data are processed in the UK and thousands of businesses carrying out cross-border activities between the UK, RoI or other EU countries face major uncertainties about their future rights and obligations as regards data protection. As a result, the Irish border - a site where entities, mobility and information intersect - gives rise to an unprecedented puzzle pertaining to the mechanisms of data transfer to the UK, law enforcement and intelligence sharing, and administrative cooperation in the post-Brexit era.
Cross-DPN will build the first sustainable network of academics, civil society, industry and public officials to engage with data protection-related challenges in the post-Brexit era. The network is directed by a steering committee of four early career researchers, both from the UK and RoI, all experts in data protection and with a consolidated experience in network building, project management and knowledge dissemination. This network will be the first of its kind, both in terms of theme and in terms of range of stakeholders involved.
Its mission will be to pursue three main objectives:
1. to create a knowledge-sharing forum for assessing the challenges of data protection after Brexit and explore potential solutions;
2. to strengthen existing links between researchers from the UK and RoI and foster the formation of new relationships between academics and public/private stakeholders; and
3. to offer a platform for identifying common research agendas, laying the foundations for future collaborations, and applying for competitive bids in the area of data protection.
In order to achieve these objectives, we plan three activities that will start in January 2021:
a. we will organise four events in the RoI and the UK, focusing on the areas which will present major challenges for the development of data protection in the years ahead, namely: EU-UK data transfer mechanisms; the management of the Irish border and data protection; data protection in law enforcement and intelligence sharing; and institutional cooperation between UK, RoI and EU data protection authorities.
b. we will set up a website, social media channels and a mailing list for disseminating research outputs and the latest news relevant to data protection and Brexit.
c. we will organise an annual open call aiming to support short research visits by two emerging scholars whose research seeks to contribute to a better understanding of the challenges of data protection in the post-Brexit era.
Ultimately, Cross-DPN aims to open a new channel for dialogue in the island of Ireland, and contribute to maintaining the Irish border as a site of integration and cooperation.
Publications
Celeste E
(2023)
Data Protection and Digital Sovereignty Post-Brexit
Celeste E
(2023)
Data Protection and Digital Sovereignty Post-Brexit
Celeste E
(2024)
LEX DIGITALIS VS ESTADO DE DIREITO constitucionalismo digital nas redes sociais
in Revista EJEF
Harbinja E
(2023)
Data Protection and Digital Sovereignty Post-Brexit
Róisín Á Costello
(2024)
The Test in Kelly v Hennessy and Article 82(1) of the General Data Protection Regulation
in Irish Judicial Studies Journal
Related Projects
| Project Reference | Relationship | Related To | Start | End | Award Value |
|---|---|---|---|---|---|
| ES/V008080/1 | 11/01/2021 | 04/10/2021 | £10,053 | ||
| ES/V008080/2 | Transfer | ES/V008080/1 | 06/01/2022 | 09/04/2022 | £9,833 |
| Description | The CROSS-DPND project successfully completed its objectives. In particular, it achieved the following: 1. Set up a new network The CROSS-DPN project has created a new, transnational and cross-disciplinary network of research scholars in the UK and both sides of the island of Ireland, policy makers in the UK, EU and Ireland, civil society representatives and members of the business sector. This network consists of over 38 individuals representing 16 academic institutions, 5 civil society initiatives, 4 businesses and 4 public authorities. 2. Organised five Workshops Over two years (2020-22), the CROSS-DPN network organised five events, bringing together prominent academics, civil society leaders and public actors to engage with the challenges to data protection law caused by Brexit within the UK and on a cross-border basis between the UK, Ireland and, more broadly, the EU. The network involved three partner organisations, Dublin City University, the University of Southampton (formerly the University of Portsmouth) and Aston University, and two associate partners, King's College London and the Institute of Advanced Legal Studies. Invited speakers made contributions on specific topics under the following general themes: (i) Commercial data transfer between UK and EU and the adequacy decision (22 April 2021); (ii) Cross-border Research and Collaboration Following Brexit (23 June 2021); (iii) Data protection, law enforcement and intelligence sharing' (16-17 September 2021); (iv) Transnational institutional collaboration in the field of data protection in the post-Brexit era (16 December 2021; and (v) Towards a new UK data protection model? Cross-border cooperation challenges (7-8 April 2022). The events included multiple formats, including keynote speeches, individual presentations, roundtable discussions and Q&As. 2. Edited Book The project's team edited a book titled 'Data Protection and Digital Sovereignty Post-Brexit' (Hart Publishing, forthcoming in 2023, in press), 368pp, drawing on the findings that were shared in the above events. We are pleased to note that the publication of this book goes over and beyond the original objectives of the CROSS-DPN project. The book analyses the latest legal and policy developments in the field of cross-border data protection following Brexit, focusing on data protection but also exploring its intersection with other related regulatory areas, such as artificial intelligence and online safety. Renowned international experts contextualise current regulatory trends and policy proposals to understand whether a new UK model in the field of digital regulation is emerging and to what extent this will exacerbate existing tensions between the UK and the EU. The book includes an accessible and detailed analysis of the major judicial decisions, laws, and current bills offering an invaluable guide to academics, practitioners, and policymakers navigating the complex issues of cross-border data protection post-Brexit. The book includes 12 individual contributions and is divided in three parts: Part I explores the prospects of a new UK Data Protection Model. Part II assesses the UK adequacy decision with particular emphasis on law enforcement and national security concerns. Part III takes a future looking approach by comparing data protection and AI-related reforms in the UK and EU. Finally, Part IV explores digital sovereignty tensions following Brexit and the prospects of a new cross-border institutional collaboration. More details about the book can be found here: https://www.bloomsbury.com/uk/data-protection-and-digital-sovereignty-postbrexit-9781509966486/ 3. New online platform We created an online platform (www.crossdpn.org) to disseminate the findings of our project to the wider public over time. Several powerpoint presentations, video recording of the above events and individual publications were made publicly available. To date, the network's online platform has received over 5,000 individual visits. 4. Main findings - Knowledge contribution Whilst the purpose of this project was to build a new network, CROSS-DPN has made worthy knowledge contribution to the regulation and governance of cross-border data protection in the post-Brexit era. A selection of key findings of individual network members are presented in the forthcoming edited volume 'Data Protection and Digital Sovereignty Post-Brexit' (Hart Publishing, 2023, edited by CROSS-DPN's project team members and include the following: First, data protection influences external relations makes data protection particularly important in a post-Brexit landscape. This is more clearly illustrated than in the relations between the UK and Ireland, where data protection and the adequacy of the UK's data protection laws following Brexit have the potential not only to negatively impact intelligence sharing, trade and cross-border cooperation more generally, but also compliance with the Good Friday Agreement itself. Second, the sustainability of the UK Adeguacy decision which prevented the possibility of a sudden stop to data transfers to the UK may be at risk in the light of ongoing national security and fundamental rights-related concerns at recent case law of EU Court of Justice. Third, adopting a new regulatory model governing data protection poses new challenges both internally and from a cross-border cooperation perspective. Firstly, departing from the EU data protection model concretely means challenging a framework to which the UK contributed so much as a Member State over the past three decades. Concepts, principles and processes that are embedded in the UK data protection sector now risk being unilaterally changed for political purposes or in the name of revitalising the UK economy after Brexit. It is doubtful whether this restyling of UK data protection law will succeed in its objective of making the UK more economically attractive as well as removing barriers to innovation. Fourth, the consequences of Brexit are not limited to the UK but exacerbate existing tensions between various countries' willingness to protect their digital sovereignty. Protecting the EU digital sovereignty also means preserving the EU ideal of fundamental rights-compliant development of technology. Yet, the UK is still linked to the EU from a data protection perspective by the adequacy decisions allowing data transfers between the two jurisdictions. This umbilical cord keeps the UK within the EU orbit essentially preventing it from departing radically from EU data protection law for the fear of losing this special position. This means not being fully sovereign in the digital sector, always having to assess whether a reform would eventually lead to the loss of the adequacy status. |
| Exploitation Route | Our project's findings set valuable foundations which will inform future research conducted by scholars working in the fields of data protection (and digital technology more broadly) regulation and governance. Equally, it contributes to the growing research on the legal and socio-political implications of Brexit for Britain, Ireland and the EU more widely. Furthermore, UK policy makers currently involved in the pending data protection reform, can benefit from our findings, particularly in respect of the risks associated with the UK's adequacy decision. Finally, our transnational network of researchers, public servants and professionals with specialised theoretical knowledge and practical experience can be a valuable source of expertise for policy makers active in the regulation and governance of digital technology in the UK, Ireland and the EU. |
| Sectors | Digital/Communication/Information Technologies (including Software) Government Democracy and Justice Security and Diplomacy Other |
| URL | https://crossdpn.org |
| Description | Public Online Workshop: Data protection and transnational institutional collaboration in the field of data protection in the post-Brexit era |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | In the political declaration about their future partnership, the EU and the UK agreed to make arrangements for appropriate cooperation between data protection regulators; yet, it is unclear if and how precisely this will materialise. Maintaining channels of inter-state cooperation contributes to regulatory alignment and the rapid and efficient response to common risks. Moreover, it encourages the exchange of best practices, and reduces the risk of conflicts. This workshop, co-organised by the Centre of European Law at King's College London, the University of Southampton and the UK-RoI Cross-Border Data Protection Network explored legal and practical obstacles associated with maintaining a UK-EU cooperation at multiple levels of administrative and political hierarchy post-Brexit and identify ways to address them. Contributions to the Workshop were made by the following speakers: - Wojciech Wiewiórowski, European Data Protection Supervisor. - Peter Hustinx, Non-executive director, Information Commissioner's Office; former European Data Protection Supervisor. - Sophie Stalla-Bourdillon, Senior Privacy Counsel & Legal Engineer at Immuta; Professor in Information Technology Law and Data Governance, University of Southampton. - Lilian Mitrou, Professor of Information/Data Protection Law, University of the Aegean-Greece. Uta Kohl, Professor of Law, University of Southampton. - Sir Francis Jacobs QC, former Advocate General at the European Court of Justice; President of the Centre of European Law, King's College London (welcome speech) - Takis Tridimas, Chair of EU Law, co-Director of the Centre of European Law, King's College London (moderator) - Napoleon Xanthoulis, Lecturer in Law, University of Southampton (moderator). Following the presentations, the audience was given the opportunity to engage in a direct dialogue and as questions to the invited regulators and research scholars. Several members of the audience expressed interest to learn more about our project and be more closely involved in its activities. The success of this (and previous) workshops further motivated the project team to organise an additional workshop in Dublin in 2022 to consolidate and reflect on the project's findings and proceed with publishing a selection thereof in an edited volume by Hart Publishing (forthcoming in September 2023). |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.southampton.ac.uk/law/news/events/2021/12/16-data-protection-in-post-brexit-era.page |