Security experts have warned that Brexit could lead to data flows between the UK and European Union being "substantially curtailed".
The community is amping up the pressure on government to ensure there is a legal basis for data transfer ahead of British Prime Minister Theresa May's speech at the Munich security conference tomorrow.
In a briefing note, the Royal United Services Institute (RUSI) said that it might be difficult to maintain current levels of cooperation on terrorism and organised crime without such agreements.
At the moment, police and intelligence services can share data – including personal data, passenger name records or arrest warrants – with their EU counterparts through real-time database access.
RUSI said that this real-time access is possible because of the unique nature of the union, security cooperation between members goes "far beyond" existing arrangements with so-called third countries like the US or Switzerland.
This means that once the UK leaves the bloc, there needs to be a new legal basis for data sharing – or "current levels of information sharing could be substantially curtailed". The UK, meanwhile, would be "largely excluded from future developments in EU policy and practice".
Central to the existing process, the think tank said, is that the EU has a single judicial system that is overseen by the European Court of Justice.
RUSI's deputy director general Malcolm Chalmers said that, given the UK government is "clearly reluctant" for the ECJ to retain its authority after Brexit, it will need to come up with a new system.
Speaking on the Today programme this morning, Chalmers said that there might be a "third way" that allows the ECJ to have some oversight on data sharing, but that would be a matter of negotiation.
"That's why the conversation has to be started at this stage, as the clock is beginning to run out," he said.
RUSI's views echo those of former MI6 boss John Sawers, who said this week that his main concern about intelligence and security was data exchange.
"Data is now central to the way in which security services in particular monitor threats and track people who might pose a threat to UK security. And the rules on exchange of data are going to be set in the EU," he told Prospect magazine.
The European Commission has made it abundantly clear that once the UK leaves the bloc it will become a third country – unless there is a ratified withdrawal agreement in place.
The two options for such countries to carry on exchanging data are an adequacy deal – where the EU agrees the nation provides the right standards of protection – or appropriate safeguards, which have to be signed up to by individual organisations.
The UK has expressed its desire for an adequacy agreement, as this is an across-the-board deal, but this is reliant on more than just data protection regulations.
It also considers other data retention and surveillance measures – namely the controversial Investigatory Power's Act, which the government has already had to admit doesn't comply with European laws.
The pressure is mounting on the government ahead of the three-day Munich Security Conference, which starts today. It will hear from world leaders, security experts and tech bosses, including former Google chairman Eric Schmidt, Microsoft president Brad Smith and Facebook's chief security officer Alex Stamos.
May is scheduled to give her speech tomorrow morning, and Chalmers said that, at the very least, he wanted it to acknowledge the problem of data.
"What I'm looking for from the Prime Minister on Saturday is a hint at least that she realises this is a problem and she needs to work with the EU to address it." ®
Sponsored: Webcast: Simplify data protection on AWS