After Brexit​ , the public face of criminal justice will look much the same as it does now. The UK has resisted many of the European Union’s moves towards harmonisation of substantive criminal law and procedure, and it is unlikely to use its new-found freedom from the restraints of EU law to decriminalise things like child pornography, cybercrime and people trafficking. The EU’s greatest impact on criminal justice has been through the multiple agreements and instruments that facilitate the detection, investigation and prosecution of such crimes as terrorism, people trafficking, child pornography, drug-smuggling, cybercrime and fraud across the EU. The best known of these is the European Arrest Warrant (EAW), implemented in 2004.

Between 2012 and 2014, the British government opted in, then out, then in again to a raft of crime, justice and security measures. The UK is now signed up to 35 such measures, flowing ultimately from the Treaty of Maastricht, via Lisbon and Amsterdam. Unless we decide to replace them with 945 different measures (the 35 would have to be agreed with each of the 27 member states), the current agreements will have to be renegotiated with the EU itself. Otherwise they will lapse, and the EAW will go with them. Operational agreements with non-EU Norway have taken between five and twelve years to negotiate.

The government’s Brexit White Paper, published in February, states that the UK will continue to work with the EU for mutual security and to uphold justice. It is enthusiastic about the EAW, information sharing systems and Europol operations. In her most substantial contribution to last year’s referendum campaign, Theresa May gave security as the best reason for remaining in the EU. If we left, she said,

we would still share intelligence about terrorism and crime with our European allies, and they would do the same with us. But that does not mean we would be as safe as if we remain. Outside the EU, for example, we would have no access to the European Arrest Warrant, which has allowed us to extradite more than five thousand people from Britain to Europe in the last five years, and bring 675 suspected or convicted wanted individuals to Britain to face justice. It has been used to get terror suspects out of the country and bring terrorists back here to face justice.

She also set out the benefits of the European Criminal Records Information System, which enables the police to find out if a suspect has committed offences or is wanted elsewhere in the EU. She praised the Prisoner Transfer Framework; the police Joint Investigation Teams and the specialist Financial Intelligence Unit, both set up under the auspices of Europol; the Passenger Name Record directive, which makes aircraft passenger lists available to the police; the Schengen System II, a large database dealing with border control and law enforcement co-operation; and the Prüm Convention, which provides for the sharing of DNA and fingerprint information, and vehicle registrations. Data are shared swiftly, with the minimum of bureaucracy – a security official in a British port can use a hand-held device to get information that a person entering the UK is of interest to the authorities in a member state – but subject to proper legal process. May said her judgment, as home secretary, was that ‘remaining a member of the European Union means we will be more secure from crime and terrorism.’

You would think it is so obviously in the interests of all parties to maintain this level of co-operation and security that new agreements are bound to be made. But not everything will remain the same. For example, as an EU member, the UK sits on the board of management of Eurojust (the body that co-ordinates joint investigations), and can direct its policy and strategy. Outside the EU, it will lose its place. The Swiss belong to Eurojust, and pay for it, but they have no say over its operation.

There is a more fundamental problem for Brexiters who want to retain the present arrangements, but do not want the Court of Justice of the European Union in Luxembourg to have a say in our affairs: data protection. If the UK adopts data protection standards that are inconsistent with those required by the EU, Europe’s law enforcement agencies and courts will be unwilling to, or more likely will be legally prevented from, sharing data for use in criminal investigations and court proceedings. At the moment we leave we will have the same standards, but we will need to maintain them if we want the present arrangements to continue. That in turn means maintaining equivalence with EU law as it evolves, and heeding the spirit at least of relevant European Court decisions.

The EU rules on data protection derive from the privacy rights in Article 8 of the 2009 Charter of Fundamental Rights, which closely resembles the earlier Article 8 of the European Convention of Human Rights. Once we leave the EU, these rights will continue to be the standard by which the lawfulness of rules on data protection is judged. EU law on sharing data for the purposes of criminal justice co-operation was revised in 2016 and the changed rules should be in force by May 2018: the law will continue to develop in parallel with changes in policing and data-gathering methods. Again, legislation does not remain static.

Two harbingers of what lies ahead: the Schrems and Watson cases. Max Schrems, an Austrian law graduate resident in Ireland, wanted the Irish Data Protection Commissioner to act against Facebook (which has its European headquarters in Ireland) for making personal data available to the US government’s mass surveillance programme, Prism, in breach of EU law. When the Irish courts refused to act, he took his case to Luxembourg. The court upheld his claim in 2015, and ruled that unless non-EU countries had equivalent data protection regimes to the EU’s, such transfers were unlawful. The EU’s Safe Harbour system – which allowed companies to transfer personal data from the EU to the US – was declared invalid. In November last year a campaign group called Digital Rights Ireland launched a challenge to Safe Harbour’s successor, known as ‘Privacy Shield’.

The Labour deputy leader, Tom Watson, together with David Davis, the Conservative MP who withdrew when he became Brexit minister, challenged the now repealed Data Retention and Investigatory Powers Act 2014 in the EU court, relying again chiefly on the privacy rights in Article 8 of the Charter. Davis claimed that the government was ‘treating the entire nation as suspects’ by intercepting private communications. Late last year the court announced its judgment, holding that general and indiscriminate data retention was not in accordance with EU law; data can be kept only if they will be used to fight ‘serious crime’. Just before the ECJ made its ruling, the 2014 Act was replaced by the Investigatory Powers Act 2016, which requires companies to keep a record of everyone’s web browsing history for a year and gives police and government agencies more access to the data. This legislation is bound to face similar challenges, at least while UK citizens still have recourse to the ECJ.

The UK’s demand to quit the ECJ’s jurisdiction comes at a price: the further we pull away from standards set by EU law, as interpreted from time to time by the court, the harder it will be for the UK and the EU to transact business, be it in trade or medicine or security arrangements, or anything else. Watson’s British successors will be denied access to the court. Its rulings will have little if any legal weight here. The UK government and its citizens will have no control over laws and standards made in Brussels and interpreted in Luxembourg. And yet we won’t be able to pretend they don’t exist – or will we? Most UK politicians have failed, in the current general election campaign as last summer, to set out a comprehensible cost-benefit analysis of Brexit, preferring untestable claims and unfulfillable promises. In the field of security and crime, at least, the evidence of the potential cost of Brexit is plain to see.

Send Letters To:

The Editor
London Review of Books,
28 Little Russell Street
London, WC1A 2HN

Please include name, address, and a telephone number.


Vol. 39 No. 12 · 15 June 2017

Alan Finlayson claims that the new EU regulations on personal data, agreed in 2016 and due to come into effect in 2018, will not do so in the UK, because by then the UK will be ‘free of such shackles’ (LRB, 18 May). Three pages later, Francis FitzGibbon notes that the rules will come into force by May 2018. He is right, since the UK will not leave the EU until April 2019 at the earliest.

Tom Crewe mistakenly writes that the Lib Dems defeated ‘Tory Zac Goldsmith’ in the Richmond Park by-election last year, helped by the Greens standing down. Goldsmith is undoubtedly a Tory, but in the by-election he stood as an independent, which helps explain how he mislaid nearly half the 34,000 votes he had attracted as a Conservative in the 2015 general election. Now that (however improbably) he has been reselected by the local Conservatives, the chances of the Lib Dems retaining the seat are low.

David Elstein
London SW15

send letters to

The Editor
London Review of Books
28 Little Russell Street
London, WC1A 2HN

Please include name, address and a telephone number

Read anywhere with the London Review of Books app, available now from the App Store for Apple devices, Google Play for Android devices and Amazon for your Kindle Fire.

Sign up to our newsletter

For highlights from the latest issue, our archive and the blog, as well as news, events and exclusive promotions.

Newsletter Preferences