WFIC 2017: Brexit, GDPR May be Bigger Disrupters than MiFID II, Says MEP Swinburne

Swinburne described how data—especially financial data—has become “increasingly important to policymakers, not just to the EU but across the globe, post the financial crisis.” The European Commission flagship digital single market agenda project, which has “dominated parliamentary debate over the last few years, brings the concept of data and data transfer firmly to the forefront of the debate,” she said, adding that it is now “difficult to separate what was once a niche area from what is now mainstream political debate in Brussels.”

With data, there is always a balance to strike between protecting national security and citizens’ rights. Freedom of expression and personal privacy have always been the focal point around the use of data and personal information in the EU, Swinburne said, adding that data has now become a “near obsession” for some of her colleagues.

Data privacy and data transfer is a difficult issue as different jurisdictions take different sides of the argument. The US has long been the champion of national security, while the EU has tended towards structured protection for individuals. Swinburne described how even within Europe, major divisions exist between different member states and how they treat data. For example, on one side is Germany, where data protection enforcement is conducted at a state level and is therefore hugely sensitive to everything they do. On the other is the UK, which, with its data sharing ethos, is much more liberal.

This means that Britain’s exit from the European Union (Brexit) could impact data legislation for other countries, too. Swinburne described how, traditionally, the UK has been the member state that “applied the brakes” on any overtly data protectionist regime that world harm otherwise global business. “With the UK gone, whose interests on this are going to dominate?” she asked.

Indeed, Europe is already seeing changes in what the commission is proposing, Swinburne said. “This month they’ve expanded their aims and what they’re going to focus on, [and] we’ve heard about further integration within the EU 27, in particular within the eurozone, that this focus is going to continue as we head towards March 2019. There are details of plans to strengthen cyber security by creating a pan-European emergency fund. They’ve also set out operational guidelines to be used in the event of a major incident across the EU. In principle, this is about protecting the freedom of movement of data within the EU, as well as opening up that data to regulatory oversight.”

In the shadow of Brexit is GDPR, Swinburne said, “which is probably just as disruptive to businesses as MiFID II” when it comes into force in May 2018. GDPR “sets a much higher standard of data protection than previous rules in the EU, and extends them to the transfer of data outside of the EU. Any country deemed not to provide the same level of protection is not deemed ‘adequate’ by the European Commission.” There will be an adequacy test that countries must pass to be on that list. So far, the list of fully adequate countries is “very exclusive,” comprising 10 countries, including Switzerland, Argentina and Israel, while America and Australia have been agreed in part. 

Swinburne also said she expects that Brexit will likely be an “even bigger disrupter to business models than MiFID II.” While it will affect different parts of the market in different ways, “very few of these effects can be absolute. We don’t know what the implications will be for individual businesses and on the overall market, because no one knows what the future relationship between the EU 27 and the UK is going to be post-march 2019.”

Click here to return to our WFIC hub for all the latest stories from the event.