Guest blog: Ashley Winton, partner at law firm Paul Hastings and chair of the UK Data Protection Forum, says there could be a tension between the promised digital charter and the GDPR
At the back of the new Conservative Manifesto, there is promise of a new digital charter that “balances freedom with protection for users, and offers opportunities alongside obligations for businesses and platforms”, alongside a new Data Use and Ethics Commission which will advise regulators, including the ICO, and Parliament on the nature of data use.
We are due a fundamental revision of data protection law in May 2018 with the General Data Protection Regulation (GDPR), and many commentators had assumed that upon Brexit the Great Repeal Bill would contain a cut and paste of the GDPR into English law so that we could maintain the same standards of data protection with our friends on the continent.
But is this what is being offered here? The Conservatives are offering to give people new rights to ensure they are in control of their own data, including the ability to require major social media platforms to delete information held about them at the age of 18, the ability to access and export personal data and an expectation that personal data held should be stored in a secure way.
These rights look more like the rights we currently have under UK data protection law rather than the more expansive rights under the GDPR, and the Data Use and Ethics Commission looks like a body that is taking over some of the future function of the European Data Protection Board.
If the UK does not maintain the same standards of data protection as prescribed by the GDPR, the transfer of personal data between continental Europe and the UK will become more difficult, and this could have implications upon businesses and their service providers who need a free flow of personal data across Europe.
As to the future of the GDPR in the UK, it looks like we will see more cut and less paste.