U.K. Introduces Bill to Implement EU Privacy Regime Post-Brexit

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Ali Qassim

A government bill to harmonize U.K. privacy law with the new European Union privacy regime—regardless of Brexit—has been introduced in Parliament, the government announced Sept. 14.

The proposed legislation should help assure U.K. businesses that they will still be able to easily transfer data with the EU after the scheduled March 2019 departure of the U.K. from the bloc. The EU allows transfers of data to countries deemed to have adequate data laws to protect the privacy of EU citizens’ personal data.

The U.K. Data Protection Bill, which was introduced in the House of Lords Sept. 13, would incorporate the majority of the EU General Data Protection Regulation’s provisions. The GDPR, among other things, brings strict new consent requirements, mandatory data breach notice, and adopts the right to be forgotten principle to allow individuals to request that online links to personal data be removed.

The legislation “will give people more control over their data, support businesses in their use of data, and prepare Britain for Brexit,” Culture Secretary Karen Bradley said in a statement launching the proposed legislation.

But if the bill is enacted, there is no chance of U.K. businesses escaping the GDPR’s new privacy and data security requirements. The GDPR, set to take effect in March 2018, would be in effect for EU businesses for nearly a year before the scheduled Brexit—and even after Brexit, the new U.K. law would have largely the same privacy principles as the GDPR.

“If you are still in denial and relying on Brexit to relieve you from the GDPR, then think again,” Vic Bange, a partner in the information technology, telecoms and competition group at London-based Taylor Wessing LLP, told Bloomberg BNA. The U.K. bill clarifies that the government intends “to upgrade to a GDPR baseline.”

Business Support

“There’s no getting around the fact that U.K. businesses need to prepare themselves for a GDPR compliant future,“ Phil Lee, a privacy, security, and information partner at Fieldfisher LLP, London, told Bloomberg BNA.

That reality may help ease the passage of the U.K. legislation.

Companies from all sectors will support smooth passage of the bill to ensure they have time to comply, Tom Thackray, innovation director at the Confederation of British Industry, said in a statement. The group is the largest business group in the U.K., representing 190,000 businesses that employ approximately a third of the U.K.'s private sector workforce.

To contact the reporter on this story: Ali Qassim in London at correspondents@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Full text of the bill is available at http://src.bna.com/sxO.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security