FACEBOOK has not been far from the headlines around the world for the past couple of weeks, but personal data has always been a complex issue with a lot of unintended consequences.

In the 1930s the Dutch authorities, for the best reason of ensuring people were buried properly according to their religion, started recording the faiths of citizens in their public records, then this data was really useful to the Nazis after the occupation. More recently the role of data harvested by various means from the social network in influencing the results in the US Presidential election and the UK EU referendum has had a significant impact on public views of the company and its share price, with a lot more to come to full public attention yet.

But within the context of the UK, setting aside the revelations about election spending which I see as a separate and equally important scandal, while I’ll admit I am very uneasy with the actions of Cambridge Analytica and the rest, I am yet to see a smoking gun showing that they broke the law.

Part of this is because the law was never designed for the internet age. Legislatures around the world are running to play catch-up to ensure citizen’s rights are protected. As a society we are spending increasingly large amounts of our time and money online. Fake news and online micro-targeting of voters in the past few years is just the next generation of what parties have always done, it is just the tools available are now more powerful and intrusive than ever. I think it is a safe bet the various co-ordinated Leave campaigns broke the law (and trust me there’s plenty more to come on that) but there is a wider question: what do we as a society want to accept is reasonable to happen to our data? The Leave campaign is just one example of how it can be used for ill, there’s plenty more.

Much of this defensive work is being done by the EU. The creation of a digital single market is the next great project for Europe and one which, to give credit, Catherine Stihler Labour MEP for Scotland has done a power of work on. However, there is more to this than economic growth, as the recent Facebook headlines have revealed. This is a choice about what kind of society we want to have. Who will control information about you? How can it be used? What rights do you have to remove information about you from the internet?

The EU has begun the process of giving control of data back to individuals. The GDPR regulations that are coming into effect shortly are crucial to this. Yes, some companies are complaining but many recognise their significance. This is because there are effectively three grand competing models of the Internet: the American, the Chinese and the European, with the amount of censorship and the privacy rights of individuals being the flashpoints between them.

This, inevitably, brings me to Brexit. Facebook’s actions this week have shown how this process works, and how regulation can change the internet for the better.

On Tuesday Facebook Chief Executive Mark Zuckerberg gave a telephone interview in which he said that he intended for Facebook to apply “in spirit” the principles of GDPR to the entirety of Facebook’s users, wherever they came from. Yesterday, he went even further: “We intend to make the same settings available everywhere, not only in Europe”.

This is global reach of the EU which is now setting privacy standards world-wide for the largest social network on earth. It is worth emphasising how important this is. Billions of people’s lives will be improved not just across the EU. It is, however, also a brutal display of realpolitik. The EU is big enough to have real say in how things are done. In this case, the principles it has stood up for on the internet, namely privacy and control of data, chimed with the ongoing crisis Facebook faces in the US after the presidential election. The only obvious solution was for Facebook to give everybody the highest levels of protection currently in law.

The bottom line is simple: there is no way that the internet giants like Facebook, Google, Apple and Microsoft are going to bend to an individual market the size of the UK. Nor Scotland if it comes to it, but we’re already more comfortable with the benefits of acting in concert with our friends and neighbours in the EU.

All of which makes the UK’s intention to leave the EU look all the more backward.

Data Protection is one of the areas still to be agreed in the withdrawal agreement because to maintain the free flow of data with the EU there must be a legal process to control it. This obviously brings us back to the European Court of Justice or some other arbitration mechanism which seems to always cause a series of tantrums from the Brexit ultras. However, if the UK is sensible and ignores these ridiculous outbursts a deal could be done on this and we could continue to enjoy EU protections. To my mind this is clearly the best deal giving protection to individuals and allowing the tech sector of Scotland to access the markets they need.

Unfortunately, unless something changes we will have to be rule takers but given the choices on offer the EU model is infinitely preferable over the China or US. The issue strikes at the heart of Brexit because we are about to give up the seat at the table that gives us a voice on this. The GDPR regulations were created with the UK whilst any future regulations will, at best, be applied to us without our involvement.

If we are to address the last few weeks outcry in anything like a satisfactory manner, then the law must catch up. Legal or not, peoples’ data was used in ways they never envisaged and in response control must be returned to the people. It is therefore ironic that leaving the EU is depriving the UK of the single greatest tool to make that possible. As with so many areas it returns to a simple question: why leave?