The UK Government has released a “Future Partnership” paper setting out its vision for UK-EU data flows post-Brexit. In particular, the paper anticipates seeking an early UK-EU agreement that each area’s data protection laws provide equivalent protection, which would allow data to continue to flow between the EU, the UK and other third countries post-Brexit. Continue Reading UK Government seeks EU equivalency for UK data protection law post-Brexit
With holiday season upon us, earlier this week Matt Hancock, the UK Government’s Digital Minister, announced proposals for a new UK data protection law. Previously covered on this blog here and here, little new of substance was announced, but in a slow news week, the announcement garnered significant UK media coverage and attention. Continue Reading UK’s Digital Minister announces changes to UK data protection law
Following the Government’s decision to include a revised data protection law in the Queen’s Speech last month, the House of Lords EU Home Affairs Sub-Committee reviewed the potential implications on national security, stability and public safety of the UK exiting the European Union without an agreement to ensure there is unhindered data flow between the two sides. The Committee issued a stark warning that it was “struck by the lack of detail” on how the Government would ensure that the UK data protection regime continues to allow data transfer with the European Union in a post-Brexit world.
A revised data protection law forms part of the new government’s legislative agenda for the UK. Key points in the Queen’s Speech on 21 June 2017 were that a new UK Data Protection Bill (the Bill) will replace the current Data Protection Act 1998; the new Bill will implement the EU General Data Protection Regulation (GDPR) in the UK (a fact that the party manifestos were silent on before the election); and the government intends to put the UK in the best position to maintain data sharing across the EU and internationally. These points remained unchallenged in the subsequent parliamentary debates, and the government’s express intention to implement the GDPR through national law in the UK was welcomed by many businesses. Continue Reading Proposal for a new UK Data Protection law
The European Commission’s January 2017 Communication on Building an European Data Economy (‘Communication‘) proposes a principle of free movement of data within the EU. Whilst the coming into force of the General Data Protection Regulation (‘GDPR‘) on 25 May 2018, significantly changes and tightens the rules relating to the collection and use of personal data in Europe, those changes need to be read alongside the Communication (and the accompanying staff working paper) to fully understand the regulatory environment for data in Europe. The Communication examines actual or potential blockages to the free movement of data and presents options to remove unjustified and or disproportionate data location restrictions in the EU. It also considers the barriers around access to and transfer of non-personal machine-generated data, data liability, as well as issues related to the portability of non-personal data, interoperability and standards. Continue Reading European data economy: the free movement of data principle and other tall tales…
On 10 May 2017, the European Commission published its mid-term review of the implementation of Europe’s Digital Single Market strategy. Launched in 2015, the ambitious strategy covered 16 actions under the three pillars: (1) improving access to digital goods and services for consumers and businesses across Europe; (2) creating the right conditions and a level playing field for digital networks and innovative services to flourish; and (3) maximising the growth potential of the digital economy. Despite a lot of activity, the Commission was only able to highlight one actual delivered improvement in its review – the abolition of retail roaming charges – although it looks forward to the imminent implementation of cross-border content portability in early 2018 and the expected approval of a proposal to address unjustified geo-blocking.
In January 2017, the European Commission published the proposed text of a new draft e-Privacy Regulation (ePR) as part of its ongoing drive to advance one of its key initiatives, the Digital Single Market.
Whilst the impending introduction of the GDPR has been dominating headlines for the past months, the ePR has somewhat gone under the radar. We set out the key points to look out for with regard to the ePR and who it is likely to apply to.
In 2015, the European Commission published a study (written by IDC) which provides an overview of Europe’s IoT digital ecosystem, its current status and anticipates a suggested vision of the same ecosystem in 2020. That study found:
The IoT (Internet of Things) is a pervasive innovative technology building on the universal connectivity of things and people, now moving in Europe from the pioneer phase to widespread adoption. In combination with cloud computing and Big Data the IoT is opening the new age of the hyper-connected society and acting as a powerful driver of business innovation, but also facing equally strong barriers in terms of security risks, concerns about privacy protection, and resistance to organizational change.”
On 30 March 2017, the UK’s Department for exiting the European Union published a white paper outlining its proposals for a Great Repeal Bill (GRB). Whilst superficially, this appears to bring clarity to the legal position after Brexit, on closer examination the GRB proposal over-simplifies the position and glosses over the very significant legislative (and consequential business) problems that will arise from the UK’s departure from the EU in the absence of a comprehensive and detailed free trade agreement between the UK and EU to enable many of the existing business arrangements to continue. Whilst much of the press commentary has focused on the impact of Brexit on the financial services sector, the same issue, disruption of existing business models as a result of leaving the single market, arises in almost every other sector of the economy, and certainly in the telecoms, media and technology sectors.
Regular readers will be aware that current data protection (privacy) laws will be replaced in Europe by the new General Data Protection Regulation (or GDPR) from May 2018. This change is driving a lot of preparatory regulatory activity – see this article for a recent summary. Whilst the impact of Brexit on data protection law in the UK is not yet finally settled, the UK regulator ICO is proceeding on the basis that the GDPR (or something very like it) will take effect in the UK and as a result is starting to consult on implementation. Continue Reading UK’s Information Commissioner launches first consultation on GDPR implementation