The Brexit white paper on digital: a very short post

Estimated reading time: 3 minutes
For more on Brexit and tech policy, visit my dedicated side blog at

And so we had the government’s Brexit white paper, a document so vapid that it inspired my MP to tweet that it reminded her of a high school student stretching out an essay to meet the required word count.

Eagle-eyed readers spotted the date stamps on many pages of the PDF version indicating that the paper had been finished between 3 and 4 AM on the day it was due to be published. That stunt was funny when I pulled it in uni. It isn’t funny when it is the work of a government supposedly setting out “a vision of an independent, truly global UK and an ambitious future relationship with the EU.”

As always, I read the document to see what it said about specific policies relating to tech and digital. As always, it was a very quick read.

Existing digital laws

1.1 To provide legal certainty over our exit from the EU, we will introduce the Great Repeal Bill to remove the European Communities Act 1972 from the statute book and convert the ‘acquis’ – the body of existing EU law – into domestic law. This means that, wherever practical and appropriate, the same rules and laws will apply on the day after we leave the EU as they did before.

We knew that.

Digital Single Market

8.18 The Single Market for services is not complete. It seeks to remove barriers to businesses wanting to provide services across borders, or to establish a company in another EU Member State, through a range of horizontal and sector-specific legislation. This includes the mutual recognition of professional qualifications. The EU’s Digital Single Market measures are designed to ensure the regulatory environment keeps pace with the evolving digital economy.

That answer would be like me asking “what is the future of the library I am writing in at the moment” and being told “a library is a building which holds books.” Someone stayed up all night to write that.

Data protection (GDPR)

8.38 The stability of data transfer is important for many sectors – from financial services, to tech, to energy companies. EU rules support data flows amongst Member States. For example, the EU data protection framework outlines the rights of EU citizens, as well as the obligations to which companies must adhere when processing and transferring this data. There is also an ongoing consultation regarding the free flow of data, including considering whether legislation is necessary to limit Member States’ requirements for data to be stored nationally.
8.39 The European Commission is able to recognise data protection standards in third countries as being essentially equivalent to those in the EU, meaning that EU companies are able to transfer data to those countries freely.
8.40 As we leave the EU, we will seek to maintain the stability of data transfer between EU Member States and the UK.

This means that we will be going into GDPR, as we have already been told. The question is what happens after GDPR. I and many others have concerns that Theresa May – the most surveillance-mad Prime Minister ever to hold the office in peacetime – would seek to water down data protection, or even scorn EU-compliant data protection standards, for the sake of a US-style self-regulatory approach which satisfies her authoritarian appetites.

And that’s yer white paper lot.

For their part, TechUK published a diplomatic response to the paper politely thanking the government for its complete lack of clarity and its ongoing commitment to leaving the industry suspended in uncertainty.

It’s gonna be a long couple of years.

The Author

I’m a UK tech policy wonk based in Glasgow. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. The content and opinions on this site are mine alone and do not reflect the opinions of any current or previous team.