Following a referendum held on 23 June 2016, it has been announced that the United Kingdom has decided to leave the EU ("Brexit").
This legal briefing provides legal counsel, senior management and other stakeholders with an explanation about what happens next, the implications for data privacy, intellectual property and information technology related matters in the United Kingdom and how your organisation should start to plan to address the developments that may be caused by Brexit. We will provide further, detailed analysis and updates over the coming weeks.
What happens next?
Planning for and negotiations on the United Kingdom's withdrawal from the EU will commence immediately.
Pursuant to Article 50 of the Treaty on European Union, the United Kingdom will have two years in which to conclude its withdrawal agreement from the date on which it notifies the European Council of its intention to withdraw from the Union (unless agreement on an extension can be reached), but the timing of the notification will be a political decision. The UK Government may decide to postpone the notification, and as a result it may take a much longer period of time, at least several years, to negotiate and conclude the United Kingdom's withdrawal.
Until the negotiations are complete and the United Kingdom formally withdraws, it will remain a member of the EU and current EU law (including case law) will continue to apply in the United Kingdom in the same way as it does now. However, the United Kingdom will be excluded from the EU's internal discussions and decisions that relate to the United Kingdom's withdrawal. During the process of negotiating the withdrawal, the UK Parliament will have to decide
which EU laws it wishes to retain in their current (or in any amended) form and those that it wishes to repeal and replace with alternative legislation. It has, for example, been suggested that Parliament may pass a law which keeps all EU legislation at the time of withdrawal in force until such time as Parliament decides to repeal or amend it. Questions are likely to arise in practice in relation to the treatment of future changes to existing EU legislation, new EU legislation, and new jurisprudence of the European Courts.
Following withdrawal, a range of potential models exist for the United Kingdom's future relationship with the EU. These include (but are not limited to) the following:
- The United Kingdom becomes a member of the European Economic Area ("EEA" as, for example, in the case of Norway). In this scenario, the United Kingdom would have full access to the EU single market (with certain exceptions, in particular fisheries and agriculture) in return for retaining existing EU legislation and adopting new EU legislation without having a vote on it. The United Kingdom would not have access to the EU's trade deals with countries outside the Union, but would make significant contributions to EU spending and would have to accept the "four freedoms" (free movement of people, goods, services and capital respectively).
- The United Kingdom agrees to a free trade agreement or a series of bilateral agreements with the EU on an individual basis (as, for example, in the case of Canada or Switzerland respectively). The United Kingdom would need to reach and maintain alignment with the EU by reaching agreement with it on a number of policy areas in order to retain access to the EU single market in those areas. Higher levels of access would entail closer alignment with the EU by accepting free movement and implementing EU legislation in the United Kingdom.
- The United Kingdom is not able to, or does not wish to, reach a specific agreement with the EU and starts to trade with it under the World Trade Organization's rules. The United Kingdom would not be obliged to accept free movement, make budgetary contributions or adopt EU legislation, so UK legislation may start to diverge significantly from EU law.
Data protection and privacy
How will Brexit affect my organisation?
- The Data Protection Act 1998 (which implements the European Data Protection Directive 95/46) will remain in force in the United Kingdom and will continue to apply as it does today unless it is repealed by the UK Parliament or replaced by the General Data Protection Regulation ("GDPR").
- The GDPR (which replaces the Data Protection Directive 95/46) was adopted by the EU in May 2016 and will come into force throughout the EU in May 2018.
- If the United Kingdom is still a member of the EU by May 2018, or has withdrawn from the EU but has become a member of the EEA, the GDPR will come into force in the United Kingdom and organisations conducting business in the United Kingdom will have to comply with it.
- Irrespective of when the United Kingdom withdraws from the EU, the UK Parliament is unlikely to pass legislation that would significantly diverge from European data protection law requirements. The European Data Protection Directive and upcoming GDPR prohibit the transfer of personal data to countries that do not offer adequate data protection unless certain conditions are met. Because of the United Kingdom's extensive trading relationships with other members of the EU, it is highly likely that the UK Parliament will seek to retain current or enact new legislation that will ensure that the United Kingdom remains an "adequate" country to transfer personal data to in the opinion of the European Commission.
- Therefore, it is likely that European data protection law requirements will continue to apply in substantially (if not completely) the same form as they do now in the short to medium term following the United Kingdom's withdrawal from the EU. Organisations should continue their preparations for the implementation of the GDPR as it relates to their businesses in the United Kingdom.
What should my organisation do now?
- It is likely that European data protection law requirements will continue to apply in substantially (if not completely) the same form as they do now in the short to medium term following the United Kingdom's withdrawal from the EU. Organisations should continue their preparations for the implementation of the GDPR as it relates to their businesses in the United Kingdom.
- Should the United Kingdom cease to be determined an "adequate" country by the European Commission, organisations should examine the flows of personal data from the EU to the United Kingdom and beyond, and take steps to ensure that those transfers of personal data can take place in accordance with European data protection law requirements.
INTELLECTUAL PROPERTY AND INFORMATION TECHNOLOGY
How will Brexit affect my organisation?
- Many contracts under which your organisation is permitted to use or permits others to use certain goods, services, data, software, materials etc and their related intellectual property rights will define the scope by which your organisation and its third parties can use or benefit from these by reference to territory (including that of the EU or EEA). Depending on how your contracts are drafted, the United Kingdom's withdrawal from the EU may lead to the United Kingdom being removed from the territorial scope of the software licences, service agreements, distribution agreements etc under which your organisation is entitled to use goods and services or exploit data, software, materials and the intellectual property rights in them and/ or appoint third parties to do so. Other terms of the contract that may be affected include your and your third party's obligations to comply with Brexit: How will it affect my business? changes to applicable laws, import/export charges, taxes and controls, the affect of force majeure and the interpretation of jurisdiction, governing law and dispute resolution clauses. The use of change control procedures to agree and implement necessary changes as a result of Brexit may result in additional costs being incurred by the parties.
- If the United Kingdom remains part of the EEA, most UK intellectual property laws are likely to stay closely aligned with EU law. However, if the United Kingdom's future relationship with the EU is outside of the EEA, UK national laws may begin to diverge from EU law over time.
- European community rights, such as design rights and EU trade marks, are unlikely to remain effective in the United Kingdom. It is uncertain what will happen to the UK parts of such rights that were secured before Brexit, for example, whether the "UK portion" of EU trade marks will continue to apply in the United Kingdom or a new, national right will need to be obtained. This could lead to issues relating to the validity of security registered against intellectual property, the terms of licences and the enforcement of rights.
- The United Kingdom will no longer be able to participate in the Unified Patent system and the Unified Patent Court as this is only open to EU member states. Brexit will likely delay the introduction of the Unified Patent system and the current agreement will need to be re-written if the unitary rights are to include the United Kingdom.
- If the United Kingdom is a member of the EEA, there should be no change to exhaustion rules that stop trade mark owners from preventing the sale of goods that have been put onto the market in the EEA with their consent. However, if the United Kingdom does not participate in the EEA, trade mark owners could use exhaustion rules to prevent the import of goods from the United Kingdom into the EU.
- The Trade Secrets Directive has already been adopted and member states of the EU are required to implement it by 2018. It is currently unclear if the United Kingdom will in fact implement national law to enforce it in the United Kingdom by 2018.
What should my organisation do now?
- Consider setting up an internal working group to monitor the Brexit discussion and negotiations in relation to intellectual property rights and associated issues.
- Start taking steps to identify contracts under which your organisation is permitted or permits others to provide or receive material goods, services, data, software, materials and the intellectual property rights in them, so that you can be ready to review them and consider whether Brexit is likely to cause any problems. If you are in the process of negotiating new contracts, consider whether any provisions should be included to cover the transitional period and implementing changes post-Brexit.
- Consider whether you need to develop a communications strategy both internally and externally, in respect of your customers and/or suppliers.
- Consider the impact on any pending business planning/investment decisions. For example, if you are in the process of acquiring or disposing of a business, consider the terms of any licences and the impact on registrations of security over intellectual property of the target.
- If your organisation relies on community rights, you will need to be ready to respond to changes in this area. You can begin by identifying your key intellectual property rights and in particular those which are protected on a community basis.
- Consider whether you need to take steps to make new registrations to ensure that rights are protected in both the United Kingdom and the EU upon Brexit.