U.K., EU Officials Pledge Post-Brexit Cybersecurity Cooperation

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

European leaders have agreed to continue long-standing intelligence-sharing and cybersecurity ties with the U.K. after the country leaves the European Union, according to a Brexit political declaration.

The EU and U.K. said continuing relationships around security, intelligence, and data protection are essential after the U.K.'s planned March 29, 2019, departure from the bloc, in a declaration they approved Nov. 25. The Brexit deal “establishes the parameters of an ambitious, broad, deep and flexible partnership across trade and economic cooperation, law enforcement and criminal justice, foreign policy, security and defence and wider areas of cooperation,” the leaders said in the declaration.

Continued national security cooperation after Brexit may help multinational companies feel safer about storing their data in the EU. The cooperation could reduce costly hacking attacks and other threats to the digital economy. Without it, businesses would have to place bets on which side was better equipped to fight growing international cyberthreats.

The leaders promised to continue international cybersecurity cooperation amid threats from foreign adversaries, such as Russia and China, and from Europe-based cybercriminals. The two sides will “exchange information on a voluntary, timely and reciprocal basis, including on cyber-incidents, techniques and origin of the attackers, threat-analysis, and best practices to help protect the United Kingdom and the Union from common threats,” according to the declaration.

The U.K. will continue to work with the Computer Emergency Response Team - European Union (CERT-EU) and work with a cybersecurity group associated with the European Union Agency for Network and Information Security (ENISA), according to the declaration.

U.K. and EU companies will likely benefit from the arrangement. Continued cybersecurity cooperation could help reduce cyberattacks across the EU and U.K. and provide more assurances that important cyberthreat data isn’t lost due to cross-border disputes. Business could also gain from the U.K.'s continued activity in CERT-EU and ENISA because it could help them obtain important information to thwart attacks and also provide internal cyberthreat data to stop wide-scale hacking incidents.

Although leaders on both sides have approved the Brexit deal, the U.K. Parliament may be the highest hurdle to conquer for a clean break from Europe. British Prime Minister Theresa May has seen parliamentary opposition from inside and outside her party, with some lawmakers asking for her to step down. If May can’t garner enough support for her Brexit deal, it could force a new referendum or a no-deal Brexit that could sow economic chaos.

Data Transfers

May promised in the declaration to apply a high-level of data protection, likely leaving the EU’s General Data Protection Regulation on the U.K.'s books. That could help ease data transfers talks between the parties, because the EU allows data to flow from its borders only when a country provides essentially equivalent data protections, known as adequacy.

Once the U.K. leaves the EU, the bloc “will start the assessments with respect to the United Kingdom as soon as possible after the United Kingdom’s withdrawal, endeavouring to adopt decisions by the end of 2020, if the applicable conditions are met,” the declaration stated.

Request Bloomberg Law: Privacy & Data Security