The House of Lords Library, which provides research and information services to Members of the House of Lords, has published a briefing on the Data Protection Bill (“Bill”) which sets out an overview of and reactions to the Bill (“Briefing”). The Briefing was prepared in advance of the Bill’s second reading in the House of Lords, which took place 10 October.

Some of the key points to note from the Briefing are as follows:

The Bill in the context of Brexit

The Briefing highlights the recommendations of the House of Lords European Union Committee that the government should:

  • Pursue and maintain regulatory equivalence with the EU for data protection to ensure unhindered data flows between the UK and EU post-Brexit
  • Seek an adequacy decision from the European Commission

The Committee noted that “stakes are high” because any post-Brexit arrangement that results in greater friction around data transfers between the UK and the EU could present a non-tariff trade barrier, putting the UK at a competitive disadvantage. It could also hinder police and security cooperation.

This is particularly relevant considering the estimate cited in the Department for Exiting the European Union’s government position paper that 75 percent of the UK’s cross-border data flows are with EU countries.
Continue Reading House of Lords publishes briefing on Data Protection Bill

On 14 September 2017, the Government published the long-awaited draft of the Data Protection Bill (the Bill). The Bill will incorporate the General Data Protection Regulation (EU) 2016/679 into UK law. While the Bill will repeal the existing Data Protection Act 1998 (the DPA), it preserves many of the tailored exemptions which continue to exist

The government has released a Statement of Intent (“the Statement”) for a new Data Protection Bill (“the Bill”). The Bill was originally announced in the Queen’s Speech earlier this year (see our previous blog on this). This Statement provides further detail on the government’s proposed reforms to data protection laws in the UK.

The Bill is intended to “bring EU law into domestic law” – referring to both the General Data Protection Regulation (“GDPR”) and the Data Protection Law Enforcement Directive (“DPLED”), which come into force next year. Essentially, the Bill helps the UK to prepare for post-Brexit and facilitate the uninterrupted flow of data between the UK and the EU.

The Bill will repeal the Data Protection Act 1998 (“DPA”). It will remove inconsistencies and avoid any confusion as to which data protection standards apply. The Bill will apply to “all general data”, not just areas of EU competence – this is to ensure that businesses have a single standard which they can operate.

The Proposals

Like the GDPR, the Statement introduces new measures for organisations which process personal data. For example, these include:

  • Tougher rules on consent
  • Enhanced rights for individuals
  • Increased powers for the UK Information Commissioner’s Office (“ICO”)

In relation to the ICO’s powers, the Bill will allow the ICO to issue fines of up to £17 million, or 4% of global turnover, which is in line with the GDPR. The Information Commissioner, Elizabeth Denham, has commented on these proposed increased fines, stating she intends to use these powers “proportionately and judiciously” (see the recent ICO blog). She added that it would be “scaremongering” to make early examples of organisations for minor infringements, or for these maximum fines to become the norm. Businesses might take some comfort from these initial views of the ICO.
Continue Reading Government announces proposals for a new Data Protection Bill

The Queen’s Speech was delivered 21 June 2017, setting out the government’s legislative plans. Key proposals from a data protection perspective include:

  • The introduction of a new Data Protection Bill, which will incorporate the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), and the new Directive which applies to law enforcement data processing into UK law; and
  • A new Digital Charter, to ensure that the United Kingdom is the safest place to be online.

These proposals will cover a two-year period, as the Queen’s Speech has been cancelled for next year to allow both Houses of Parliament more time to discuss Brexit legislation.
Continue Reading The Queen’s Speech 2017: The future for UK data protection regulation