On Tuesday 6 December 2016, Brick Court hosted a Brexit panel discussion on “Security, Surveillance and Home Affairs”. Gordon Corera, the BBC’s Security Correspondent, moderated the event. He opened it by remarking that the subject presented many unanswered questions.
Brick Court’s David Anderson QC, Independent Reviewer of Terrorism Legislation since 2010, outlined the UK’s leading role within the EU on many counter-terrorism initiatives and observed that EU policy tends to reflect UK policy. Anderson touched on how far the EU involves itself in national security given Article 4(2) of the Treaty on European Union, which reserves national security to Member States. He identified two main fault-lines in EU–UK security cooperation: the UK’s wariness of compromising sovereignty and the rest of the EU’s wariness of privacy intrusion, typified by the CJEU’s decision in C-393/12 Digital Rights Ireland Ltd v Minister for Communications. Anderson concluded by suggesting that two key questions post-Brexit are whether the EU’s measures will be sufficiently useful and whether UK participation in them will be satisfactory.
Alison Duncan-Mercy MBE, Deputy Director for Strategy and Communications at the National Counter Terrorism Policing HQ, spoke about EU–UK counter-terrorism policing cooperation and the likely effect of Brexit. She outlined the UK’s counter-terrorism policing network and explained the threat presently posed by, amongst other things, the 850 individuals from the UK and those from elsewhere who have travelled to Syria and Iraq, some of whom have returned. Duncan-Mercy explained the role of the eight (soon to be eleven) UK Counter Terrorism Police Liaison Officers stationed with EU Member States. The critical elements of the strategy they implement are information exchange, investigative support, crisis support and capacity building. Duncan-Mercy stated that the UK’s counter-terrorism relationships were and would remain stronger than ever due to the severe threat.
Georges Baur, Deputy Secretary General of EFTA (previously Deputy Head of the Liechtenstein Mission in Brussels), considered the bespoke relationship of EFTA states to EU security policy. Security is generally outside the scope of EFTA and EFTA states have cooperation agreements with (not full membership of) EUROPOL, but all EFTA member states are Schengen states and use the Schengen Information System. Norway and Iceland are linked to the European Arrest Warrant by agreements on a surrender procedure. Baur suggested that political dialogue means EFTA states adhere de facto to the EU’s Common Foreign and Security Policy. All these were matters to bear in mind for anyone suggesting that EFTA membership might be a post-Brexit option for the UK.
Brick Court’s Jemima Stratford QC addressed the UK’s data protection legislation during and after Brexit. Stratford explained that the General Data Protection Regulation (Regulation (EU) 2016/679), which replaces the Data Protection Directive (Directive 95/46/EC) from May 2018, will have direct application in the UK during Brexit negotiations. New features include mandatory reporting of breaches, higher standards of consent and larger fines (up to £20 million from the current £500,000 maximum). Stratford suggested that the UK’s post-Brexit data protection regime would likely mirror EU law: the UK has very limited room for manoeuvre if it wants a Commission adequacy decision to enable continued UK–EU dataflows. Stratford concluded by observing that divergence between EU and UK data-protection law post-Brexit was likely to create unwelcome uncertainty for business.
Graham Smith of Bird & Bird discussed the mechanics of post-Brexit data-transfers and the data-protection implications of the very recent Investigatory Powers Act 2016 (IPA).&nbnbsp; Smith explained the requirements to obtain a Commission adequacy decision, which would enable EU-UK dataflows post-Brexit. Case C‑362/14 Schrems v Data Protection Commissioner established that state surveillance regimes are relevant to an adequacy determination and that generalised access to content of electronic communications compromises the essence of the right to respect for private life. However, there was a disconnect between the different uses of bulk data, with vastly different levels of privacy intrusion, and the concept of “access” in Schrems. Smith pointed out that the July 2016 EU–US Privacy Shield recognised that bulk powers can be a legitimate interference. Smith suggested that, in terms of UK implications, the IPA is long on safeguards but short on limits to powers, blurs metadata and content, and includes “new” hacking powers; further, it is unclear whether government policies are sufficiently public under the IPA to satisfy human rights requirements.
The Rt Hon Yvette Cooper MP, Chair of the Home Affairs Select Committee, discussed the political dimensions of post-Brexit home affairs cooperation. She remarked that it was difficult to start deciding on details when the government hadn’t articulated the big picture, although security cooperation was likely to remain an area for continued cooperation. Evidence to the Home Affairs Select Committee was that the EUROPOL and SIS2 databases and the European Arrest Warrant were very effective instances of security cooperation. Cooper identified three key political challenges in continuing this cooperation post-Brexit: a bespoke UK data-protection regime preventing continued UK access to EU security databases; the challenges of negotiating long-term arrangements within 18 months (and the likely need for transitional measures); and the possibility of negotiations on security cooperation being squeezed or upset by unrelated politics. Cooper concluded by reiterating that Parliament would vote to trigger Article 50 if and when asked to do so.
The presentations were followed by a lively Q&A session.