Data protection issues on and around Brexit

It has not been discussed much in the general media what a detrimental impact a no-deal Brexit would have on data transfers and international business, even if it was recognised as one of the top issues in the negotiations between the EU and the UK. However, in the Operation Yellowhammer papers, the government also highlights the worst possible scenario for data flows; it warns that an adequacy assessment could take years, and law enforcement data and information sharing between the EU and UK will be disrupted.

A leaked government document suggests that the prime minister has instructed government departments to share data they collect about usage of the GOV.UK portal, without informing individuals. This data would feed into Brexit preparations.

A government spokesperson has told Buzzfeed, which broke the story, that “individual government departments currently collect anonymised user data when people use GOV.UK. The Government Digital Service is working on a project to bring this anonymous data together to make sure people can access all the services they need as easily as possible. No personal data is collected at any point during the process, and all activity is fully compliant with our legal and ethical obligations.”

In this issue we report on work that Friends of the Earth has done to make sure that its privacy policy is understandable to everyone and why Onfido has embarked on the ICO’s Sandbox programme. Another ICO initiative is its grants programme – read about privacy issues with smart homes.

The ICO’s new cookies policy has raised some questions – not least among international business as there are some differences between that and guidance from France’s regulator, the CNIL. Our correspondents also look at issues about consent, contractual necessity and legitimate interests when using AI and how to assess data protection risk.

Laura Linkomies
Editor, Privacy Laws & Business

September 2019