On 21 June 2017, in the Queen's Speech (which traditionally sets out the agenda for the next parliamentary year), the UK government has confirmed "delivering Brexit" as a priority. However, the Queen's Speech also marks progress in the UK government's position on data protection after the UK leaves the EU, with the announcement that "a new law will ensure that the United Kingdom retains its world-class regime protecting personal data". This complements the proposal for a new digital charter, which will create a new framework to balance users' and businesses' freedom and security online.
THE DATA PROTECTION BILL
The Data Protection Bill (details of which can be found here) would serve as a successor to the current Data Protection Act 1998 and proposes to:
- make the UK's data protection framework suitable for the new digital age, allowing citizens to better control their data;
- implement the EU General Data Protection Regulation (GDPR) in order to meet the UK's obligations while it is an EU member state and help put the UK in the best position to maintain its ability to share data with other EU member states and internationally, after it leaves the EU;
- modernize and update the regime for data processing by law enforcement agencies, covering both domestic processing and cross-border transfers of personal data; and
- update the powers and sanctions available to the UK's Information Commissioner.
PREPARATIONS FOR GDPR NOT IN VAIN
As anticipated, the UK will implement the GDPR next May (when the UK will still be an EU member state). This commitment to retaining the highest standards in data protection to protect individuals post-Brexit serves as a welcome reassurance to organizations across the UK which are working hard to prepare for the GDPR regimethat their efforts will not be in vain.
The announcement reflects the Information Commissioner's previous comments that the UK must seek to keep up with the EU data protection regime, even after Brexit, although it remains to be seen how closely the Bill will track the requirements of the GDPR. Further, it is still possible that the Queen's Speech could get voted down or amended; however, we do not expect the proposals regarding data protection to radically differ from those made in the Queen's Speech.