Three months on from the landmark Brexit vote 23 June, the Information Commissioner’s Office is setting out its position regarding data protection laws in a post-Brexit UK. Elizabeth Denham, the new Information Commissioner, told the BBC that she believed the UK should adopt the General Data Protection Regulation (GDPR) regardless of Brexit.
Denham stressed that the UK will want to continue to do business with Europe, and to do so it will need to comply with EU data protection laws as, “In order for British businesses to share information and provide services for EU consumers, the law has to be equivalent.”
Not afraid to tread the somewhat charged political ground, Denham made her views clear that leaving the EU did not mean leaving behind European regulations where they concern data protection. In an unmistakeable reference to Prime Minister Theresa May’s catchphrase “Brexit means Brexit,” Denham has pointedly stated, “I don’t think that Brexit should mean Brexit when it comes to standards of data protection.”
With May recently revealing her plan to trigger Article 50 by March 2017, and the GDPR scheduled to come into effect in May 2018, the UK will have to abide by the GDPR from at least May 2018 until its EU exit. In that regard, the commissioner raised concerns about a start-and-stop regulatory environment before emphasising the integral role that the UK played in the formation of the GDPR.
Additionally, Denham confirmed that an investigation had been launched into the controversial plans announced by WhatsApp to share its users’ data with its parent company Facebook, given that in 2014 when Facebook bought WhatsApp, there had been a commitment between the two that they would not share information.
While the new commissioner appears to be in tune with the public’s anger on these issues, it remains to be seen what actions, if any, will be taken.