Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in International/EU Privacy

UK to Align Itself with the GDPR Despite Brexit

UK Flag“A new law will ensure that the United Kingdom retains its world-class regime protecting personal data”.  This is today’s strong statement by Her Majesty The Queen reflecting the level of priority given by the UK government to privacy and data protection.  Aside from the political controversies surrounding the recent general Election and the prospect of Brexit, the Queen has confirmed that during this Parliament the government intends to pass a new Data Protection Act replacing the existing one.

The stated aim of the new law is to make the UK’s data protection framework suitable for the digital age, allowing citizens to better control their data.  This development is in line with the Conservative Party’s manifesto commitments to give people new rights to “require major social media platforms to delete information held about them at the age of 18” and to “bring forward a new data protection law”.  In addition, the new law is meant to allow police and judicial authorities to continue to exchange information internationally in the fight against terrorism and other serious crimes.

Perhaps more importantly, the UK government has confirmed that the new law will implement the EU General Data Protection Regulation (‘GDPR’) and the new Directive which applies to law enforcement data processing.  This will of course allow the UK to meet its obligations while it remains an EU Member State.  But crucially, the government believes that this approach will help put the UK in the best position to maintain its ability to share data with other EU Member States and internationally after Brexit.

As part of this exercise, the Information Commissioner will be granted new powers, including in relation to sanctions.  In practical terms, the ability of the UK Information Commissioner to function at the same level as her EU counterparts is one of the critical aspects of the operation of the law.  If this is the case, UK companies and organisations may still be able to benefit – at least to a degree – of the ‘one stop shop’ provisions under the GDPR.

It is obvious that the UK government is extremely conscious of the value of international data sharing – which is said to enable 70% of all trade in services – so maintaining an adequate level of data protection is seen as a top political and economic priority.