CARL MORTISHED: Britain will lose its global voice in the battle over data

One thing is becoming clearer about Brexit: when the United Kingdom leaves the European Union it will lose control. You read that correctly — we will not be taking back control, making our own laws, free of Brussels interference. Instead, we will be losing control, in subtle but important ways.

The evidence is uploading into your phone and laptop right now. It’s the slightly irritating request from your bank, online retailer, Facebook and Twitter that you agree to their privacy policy. You may have noticed a flurry of such random requests recently accompanied by acres of text that you didn’t read. It’s no accident; these organisations are in a rush to ensure their data privacy rules are compliant with the EU’s General Data Protection Regulation as it comes into force on May 25.

This is a good thing, even if it is causing a headache for businesses. It’s a powerful kick-back at the tech industry for playing fast and loose with our personal data. It entrenches your right to know what data an organisation holds on you and you can ask that it be removed. More importantly, if your data has been stolen or misused you can take action and companies that engage in egregious behaviour can suffer colossal penalties, fines of up to 4% of global turnover.

The GDPR has been in development for many years, long before we had heard of Cambridge Analytica and its antics mining personal data from Facebook accounts. For most of us, it means only a reduction in the volume of tiresome repeat advertising for products and services that we searched for online six months ago. Of huge importance is the global reach of GDPR. Any business anywhere that holds data on an EU citizen is captured by the regulation and the vast remit of this law is already forcing big foreign enterprises to change their behaviour.

American corporations are knuckling under, not just recognizing the extra-territorial application of EU privacy law but actively extending it worldwide. Facebook, unsurprisingly in contrite mode, said it saw GDPR as “an opportunity to invest even more heavily in privacy” and the company is adopting it for all its users. Sonos, an internet-based home music system, said: “While GDPR is focused on Europe, we believe all Sonos owners have the same rights and deserve these top-level protection standards.” Apple also plans to entrench the GDPR in its global privacy rules.

The gushing adulation of the GDPR by US tech companies grates on the ear when you consider their intense lobbying campaign to capture Congress and impede US efforts to tax and regulate tech businesses. The EU is way ahead of America in regulating internet commerce; since the post-Crash bout of banking regulation, Congress has adopted a “hands-off” stance. While America sits on its hands, Brussels has become the regulator with global remit, one that can command and control corporate behaviour worldwide.

Will the EU’s data protection net catch the UK after Brexit? The simple answer is that after next April any UK-based business that processes data for customers in the EU will be caught in it. However, such a mechanistic view fails to see the elephant in the room. For any substantial UK business, the post-Brexit reality is that ignorance of relevant European law would be commercial folly, and potentially dangerous.

European law has for decades been extending its reach beyond the EU’s borders. The competition rules, merger control and rules on anti-competitive behaviour capture all interactions with the EU. It’s hard to ignore a market of 500 million people and multinational enterprises brief their senior staff regularly about EU competition rules. Until now the UK played an active role in developing EU law but our influence and expertise, notably in financial sevices regulation, will soon be lost.

Yet the EU’s legislative power and reach will continue to expand. There have been times when Europeans, including Britons, would howl with rage at the long arm of American justice — the assumption by American courts of jurisdiction over UK citizens and UK businesses seemed excessive and sometimes brutal. We now find ourselves in a world governed by two legal systems with competing claims over the conduct of global business.

Unfortunately, Britain has opted to quit the only one in which it had a voice and a vote.