Forthcoming legislation to bring data protection act into line with EU law for 2018
The Government’s determination to keep UK data protection law in line with that of the EU after Brexit was outlined by the minister responsible today - but with few details of how it will be achieved.
Matt Hancock (pictured), minister of state for digital and culture, told a House of Lords committee that he would bring forward legislation in the next parliamentary session to amend the Data Protection Act 1998 to implement the General Data Protection Regulation (GDPR) as required by May 2018.
However, he noted that the changes will coincide with negotiations for leaving the EU under the Article 50 process.
Hancock told the EU Home Affairs Sub-Committee that the overriding priority would be “unhindered” data flows, without interruption “on the morning we leave the EU”. This would be achieved by implementing the GDPR, including new data rights and penalties for breaches, in full, he said.
Hancock’s enthusiasm for the measure was a marked contrast from the position of the UK Government when the GDPR was floated. Howeve,r he told the committee that he backed the law for two reasons.
“First, thanks to significant negotiation successes, we think it’s a good piece of legislation in itself. Secondly, we are keen to secure an unhindered flow of data with the EU post-Brexit.”
The question raised by several committee members was what kind of agreement would be required to give the remaining EU members confidence that the UK would continue to abide by the GDPR once it had emerged from the jurisdiction of the Court of Justice of the European Union.
Hancock’s responses toed the prime minister’s “no running commentary” line.
“We are keen to ensure that data flows are unhindered. I’m not going to get into details of how we do that while negotiations are yet to begin,” he said. But he was confident that negotiations with the EU would begin from comfortable territory, with the GDPR part of UK law.
How long would to take? “We brought in the (EU-US) Privacy Shield in nine months. We’ll be starting from a point of harmonisation so it will be much easier.”
The real challenge will come if and when EU and UK data protection regimes diverge after 2019. The goal then will be global relationships rather than ones “being dictated by the European system”.
On this, he painted a picture of harmony with the most significant player, noting that the EU-US umbrella agreement on law enforcement data cooperation came into force today thanks to the US Judicial Redress Act.
One elephant did not surface in the room. Hancock was questioned as debate rages over whether the EU-US privacy shield has been killed off by President Trump’s public safety executive order, which requires enhanced data sharing between federal agencies in the US. If the divergence continues, sooner or later, a post-Brexit UK will have to decide on which side it sits.
The question did not arise today, but we can expect it to resurface.
Image from GOV.UK, Open Government Licence v3.0