The UK Department for Culture, Media & Sport is planning to present a new Data Protection Bill to the Parliament in early September. This new Bill will replace the current UK Data Protection Act 1998 and will effectively incorporate the EU General Data Protection Regulation (“GDPR”) in the UK legal system.
The new Data Protection Bill is one of the main goals of the recently elected government, as also expressed in the Queen’s Speech in June. Its primary aim is to ensure that the UK upholds the same data protection principles as the rest of the EU once it leaves the Union, which will likely be in March 2019. Besides, implementing the same data protection rules as the EU has been one of the first commitments the UK made soon after the Brexit referendum results.
It is yet unclear whether the Bill will simply incorporate the GDPR, whether it will attempt to use the national derogations that the GDPR allows for national authorities, or whether it will only clarify procedural issues, like the imposition of sanctions by the UK DPA (Information Commissioner’s Office).
This proactive approach follows Germany’s recently passed German Data Protection Act that further refines derogations from the GDPR’s provisions.
The Bill is also connected to ICO’s recent “International Strategy” publication which was steered to help protect UK public’s personal information in a global environment. This first ever international strategy addressed challenges connected to the GDPR, Brexit, and globalization. It commits the ICO to learn about new ideas and developments from other countries, signaling its willingness to collaborate with other countries after the Brexit.
The strategy discusses the main international concerns that ICO has until 2021, and fits with the new Data Protection Bill:
- For ICO to be an effective and influential data protection authority across Europe while the UK remains a member of the EU and after its departure from the EU or any transitional period.
- Maximize ICO’s relevance in an increasingly globalized world.
- Ensure that UK data protection law and practice is a benchmark for high global standards.
- Address issues of adequacy and relevant uncertainty of legal protections for international data flows to and from the EU, after Brexit.
It is expected that the new Data Protection Bill will address these concerns, while implementing the GDPR.