U.K. May Face Opposition to Implementation of EU Privacy Regime

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Ali Qassim

The U.K. government intends to follow the European Union’s new privacy law regardless of Brexit, privacy professionals told Bloomberg BNA June 22.

But the privacy pros said legislation proposed by the government that aims to fully replicate the EU’s General Data Protection Regulation (GDPR) in the U.K. could face fierce opposition from pro-Brexit parliamentarians who oppose GDPR provisions with strong business compliance obligations.

Annabel Gillham, Of Counsel at Morrison & Foerster in London, agreed that the government’s legislative intentions would provide more certainty for U.K.-based businesses. “There is a commitment to retaining the highest standards in data protection to protect individuals” which “will survive Brexit,” she said in a June 22 statement.

Over 70 percent of all U.K. trade in services are enabled by data flows, meaning that data protection is critical to international trade for the U.K., according to the government’s June 21 briefing notes. The digital sector contributes some 118 billion pounds ($149.7 billion) a year to the U.K. economy.

The government’s data privacy legislative plans were outlined in Queen Elizabeth II’s June 21 speech to Parliament.

The government bill has the backing of the U.K.'s Information Commissioner’s Office, the nation’s data privacy regulator. “We’re pleased the government recognizes the importance of data protection, and its central role in technological innovation and trust in the digital economy,” a spokesman for the ICO told Bloomberg BNA.

Full Implementation?

The GDPR is set to take effect in May 2018, just under a year before the deadline for the U.K. to leave the EU.

Emma Drake, associate at London-based Bird & Bird’s Privacy and Data Protection Group, told Bloomberg BNA that it is unclear whether the government “will try to replicate the GDPR in the U.K. in its entirety.”

Drake said the lack of a large majority of Conservatives under Prime Minister Theresa May may make adopting the GDPR fully into U.K. law more difficult. GDPR requirements for companies to hire data protection officers, keep detailed data processing records, and carry out privacy impact assessments may face challenges, she said.

The government may need opposition support to pass the legislation and that would be a major test, Drake said.

Debbie Heywood, senior data protection lawyer at London-based Taylor Wessing, told Bloomberg BNA that the government “doesn’t make explicit” that the GDPR will apply in the U.K. before Brexit takes effect.

“Technology companies will be watching for any laws which are more stringent in the U.K. than elsewhere,” Heywood said. “The government will need to strike a balance between protecting users and continuing to attract tech businesses to the U.K.,“ she said.

To contact the reporter on this story: Ali Qassim in London at correspondents@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

The briefing notes are available at http://src.bna.com/p8j.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security