In a matter of three days, Parliament passed a bill granting emergency powers to the government to deal with the COVID-19 outbreak. The Queen granted Royal Assent on 25 March 2020, bringing into force the Coronavirus Act 2020 (the Act) (the Act).

The Act, amongst other things, gives the government wide-ranging powers to restrict events and social gatherings, shut down premises and isolate or detain ‘potentially infectious persons’. The Act also provides means for extending time limits for retention of fingerprints and DNA profiles (which would have been taken under various police and terrorism legislation) for up to 12 months if necessary and in the interests of national security. Whilst these measures have been implemented to help curb the spread of COVID-19, the enforcement of such measures could impact individuals’ rights to privacy and data protection.

Continue Reading A whistle-stop tour of the potential data protection implications of the new Coronavirus Act

In a written statement to Parliament, Baroness Neville-Rolfe confirmed the UK Government’s view that the Treaty on the Functioning of the European Union (“TFEU”) means that Article 48 of the GDPR does not apply to the UK. Article 48 of the GDPR states that any judgment or tribunal decision – or decision of an administrative authority – requiring the transfer of personal data to a third (i.e., non-EU) country may only be recognised or enforceable if based on an international agreement, such as a mutual legal assistance treaty in force between the requesting third country and the EU member state in question. 
Continue Reading UK relies on EU Treaty exception to avoid “anti-FISA” data transfers clause in European General Data Protection Regulation (“GDPR”)