At the beginning of February, the Minister of State responsible for digital and culture policy, Matt Hancock, reaffirmed the UK’s commitment to implementing legislation mirroring the General Data Protection Regulation (GDPR), and ensuring the uninterrupted flow of personal data between the UK and EU post Brexit.
Reaffirmed Commitment to the GDPR
The UK government has been clear about its intention to implement the GDPR, which will come into effect in the UK on 25 May 2018. Mr Hancock stated that legislation would be brought forward in the next parliamentary session to amend the existing Data Protection Act 1998. The government’s recently released White Paper further confirms this, and emphasises the importance of maintaining the stability of data transfer between the UK and the EU. Of the United Kingdom’s exit from and new partnership with the European Union, the government states:
“The stability of data transfer is important for many sectors – from financial services, to tech, to energy companies. EU rules support data flows amongst Member States. For example, the EU data protection framework outlines the rights of EU citizens, as well as the obligations to which companies must adhere when processing and transferring this data. There is also an ongoing consultation regarding the free flow of data, including considering whether legislation is necessary to limit Member States’ requirements for data to be stored nationally.”
Speaking to the Home Affairs Sub-Committee on 1 February 2017, Mr Hancock stressed that the GDPR was a “good piece of legislation in and of itself” and that matching the GDPR was a means of ensuring the “unhindered flow of data between the UK and the EU post-Brexit.” On data flows between the UK and the U. S., Mr Hancock stated he was confident that an agreement could be put in place between the two nations to ensure the unhindered flow of data.
Honing the UK’s International Strategy
In January, the ICO held a conference for international experts in privacy and data protection regulation. Attendees included many current and former data protection commissioners from Europe and Canada. The focus of the conference was the development of the ICO’s emerging international strategy.
The ICO has announced its intention to step up its international engagement, and to that effect it has formed its new International Strategy and Intelligence department. The department will be charged with increasing the organisation’s international focus. In a blog posted on 2 February, incumbent Information Commissioner Elizabeth Denham stated that the ICO’s information rights strategy should be published before the new financial year commences, and that this strategy will include a clear international element. She commented:
“The simple fact is we want to learn. Our international strategy is fast emerging, but we want to learn how it can be better. To ask other jurisdictions to critique our plans is, I think, indicative of the approach we’re taking more broadly.”
Ms Denham further stated that, in terms of privacy and data protection, it was important that the UK have a clear international outlook in our increasingly global economy:
“As a regulator and data protection authority, it’s important we have an international outlook. That’s long been the case, given the borderless nature of the digital economy, but it’s especially true today, as the UK reassesses its place in the world.”