Following the commencement of the Brexit negotiations earlier this week, the Queen announced in her Speech [yesterday] a new law that will “ensure the United Kingdom retains its world-class regime protecting personal data”.
This Bill will replace the current Data Protection Act 1998 in the UK. One of the main reported benefits of the Bill is that it will implement the General Data Protection Regulation (GDPR) (and the new Directive applying to law enforcement data processing), meeting the UK’s obligations while it remains an EU Member State. Crucially, the intention is for the Bill to help put the UK in the best position to maintain its ability to share data with other EU Member States, and internationally after the UK leaves Europe.
Other stated benefits of the Bill include:
-
Giving people new rights to “require major social media platforms to delete information held about them at the age of 18”
-
Ensuring that the UK’s data protection framework is suitable for the new digital age and cement the UK’s position at the forefront of technological innovation, international data sharing, and protection of personal data
-
Allowing police and judicial authorities to continue to exchange information quickly and easily with its international partners in the fight against terrorism and other serious crimes
The other main elements of the Bill include an update to the powers and sanctions available to the UK Information Commissioner. It is unclear whether this means additional powers over and above those provided for in the GDPR (i.e., 2/4% worldwide turnover or €10/20 million).
Interestingly, the announcement of the new Bill came under the heading of “making our country safer and more united” in the Queen’s Speech.
The Bill is not yet available. We assume the government will seek to have it finalised in the next few months, before the GDPR is effective come May 2018.