Following the commencement of the Brexit negotiations earlier this week, the Queen announced in her speech on Wednesday a new law that will “ensure the United Kingdom retains its world-class regime protecting personal data”.
This bill will replace the current Data Protection Act 1998 in the UK. One of the bill’s main reported benefits is the implementation of the General Data Protection Regulation (GDPR) (and the new directive applying to law enforcement data processing), meeting the UK’s obligations while it remains an EU Member State. Crucially, the intention is for the bill to help put the UK in the best position to maintain its ability to share data with other EU Member States, and internationally after the UK leaves Europe.
The bill’s other stated benefits include:
- Giving people new rights to “require major social media platforms to delete information held about them at the age of 18”
- Ensuring that the UK’s data protection framework is suitable for the new digital age and cement the UK’s position at the forefront of technological innovation, international data sharing, and protection of personal data
- Allowing police and judicial authorities to continue to exchange information quickly and easily with its international partners in the fight against terrorism and other serious crimes
The other main elements of the bill include an update to the powers and sanctions available to the UK Information Commissioner. Whether this means additional powers over and above those provided for in the GDPR (i.e., 2/4% worldwide turnover or 10/20 million ) remains unclear.
Interestingly, the announcement of the new bill came under the heading of “making our country safer and more united” in the Queen’s Speech.
The text of the bill is not yet available. The government likely will seek to have it finalised in the next few months, before the GDPR is effective come May 2018.