The Queen’s Speech was delivered 21 June 2017, setting out the government’s legislative plans. Key proposals from a data protection perspective include:
- The introduction of a new Data Protection Bill, which will incorporate the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), and the new Directive which applies to law enforcement data processing into UK law; and
- A new Digital Charter, to ensure that the United Kingdom is the safest place to be online.
These proposals will cover a two-year period, as the Queen’s Speech has been cancelled for next year to allow both Houses of Parliament more time to discuss Brexit legislation.
Data Protection Bill
A new law is being proposed to ensure the UK “retains its world-class regime protecting personal data” with a data protection framework that is suitable for our new digital age, and to cement the UK’s position at the forefront of technological innovation, international data sharing and protection of personal data.
The Data Protection Bill will replace the Data Protection Act 1998, and is intended to incorporate the GDPR into national UK law so that the rules continue to apply in the UK post-Brexit. This will help to put the UK in the best position to maintain its ability to share data with other EU member states and internationally after leaving the EU. The Bill will also modernise and update the regime for data processing by law enforcement agencies, and will cover both domestic processing and cross-border transfers of personal data.
The Bill will include new rules to strengthen rights and empower individuals to have more control over their personal data, including:
- A right to be forgotten when individuals no longer want their data to be processed, provided that there are no legitimate grounds for retaining it; and
- The ability to require major social media platforms to delete information held about individuals at the age of 18.
The Bill will also update the powers and sanctions available to the Information Commissioner’s Office.
A new Digital Charter is being proposed with two core objectives – making the UK the best place to start and run a digital business, and the safest place in the world to be online.
The government has indicated that it will work with technology companies, charities, communities and international partners to develop the Charter, and that it will be underpinned by a regulatory framework which balances users’ and businesses’ freedom and security online. It has also stressed that it will make sure that technology companies do more to protect their users and to improve safety online.
The proposal for this new data protection law means that businesses currently preparing for the GDPR should continue to do so, as they will need to comply with the same rules under UK legislation after the UK leaves the EU.