U.K. Privacy Chief Urges EU Privacy Link After Brexit

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Ali Qassim

U.K. businesses should comply with the European Union’s new privacy regime even after the U.K. leaves the bloc, U.K. Information Commissioner Elizabeth Denham said March 6.

Given that the U.K. “needs data to flow across borders” to “foster economic growth” once it has formally left the EU, the best way to “make sure that can happen” is “to keep the U.K.'s approach at an equivalent standard to the EU,” Denham said.

The EU General Data Protection Regulation (GDPR) “is a strong data protection law” with new privacy obligations and a “broader and deeper accountability” for handling personal data,” Denham said at the opening of the Data Protection Practitioners’ Conference 2017 in Manchester, reiterating the support she gave for the U.K. to comply with the GDPR less than two weeks ago at a London conference aimed at direct marketers.

The importance of a continued compliance with the GDPR struck a chord with the U.K.’s most influential business lobby, the Confederation of British Industry (CBI). “The future of data protection in the U.K. is crucial to businesses across all sectors,” a CBI spokeswoman told Bloomberg BNA March 6. “The U.K. Government has committed to implementing GDPR and, once we leave the EU, businesses want to retain similar standards so that firms can continue to digitally trade and innovate.”

U.K. Prime Minister Theresa May has pledged to trigger the U.K’s official exit process from the EU by the end of March. As any formal departure will take at least two years, businesses will need to prepare for the GDPR, which takes effect in May 2018.

In the legal landscape after the GDPR implementation, the Information Commissioner’s Office will speak up “for continued protection and rights for consumers, and clear laws for organizations,” Denham said.

James Mullock, data protection partner at Bird & Bird in London, said a post-Brexit finding by the EU that the U.K.'s privacy laws are adequate to protect the privacy of EU citizens “would assist greatly” in continuing data flows. The big question is whether the U.K. can clear that bar, given the scope of the U.K.'s new government surveillance law, he said.

To contact the reporter on this story: Ali Qassim in London at correspondents@bna.com

To contact the editor responsible for this story: Donald G. Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security