The evolving UK data protection scene
We are delighted to publish in this issue the article on UK future data transfers by the Minister for Media and Data, John Whittingdale MP. Now that the UK has powers to make independent UK adequacy arrangements, the data transfer situation may look quite different in years to come. The DCMS is soon to announce which countries it will assess first.
Two near-identical regimes – the GDPR and the UK GDPR - are not without problems. A recent High Court case involves the question of GDPR extra-territoriality in a post-Brexit world. And should we still include data protection liability and indemnity provisions in contracts in light of the GDPR?
The UK may diverge from the GDPR in the future. The Financial Times published an article on 27 February by Culture Secretary, Oliver Dowden MP, who said “we do not need to copy and paste the EU's rule book, the General Data Protection Regulation, word-forword”. He also said that the new Information Commissioner should focus, not just on privacy, but also on the use of data for “economic and social goals” – a policy that no longer sees data as a threat, but as the great opportunity of our time. According to Dowden, businesses are too reluctant to use data because they do not understand data protection law properly, or are scared of breaking the law. Both aspects hamper innovation, he said.
The ICO is now collecting views to understand companies’ awareness of the Age-Appropriate Design Code which will enter into force in September. The regulator has also resumed its work on Adtech. It has announced that there will be a series of audits focusing on data management platforms, and will issue assessment notices to specific companies in the coming months.
Join us in a webinar on 13 April to hear from the DCMS and the Crown Dependencies on how to keep personal data flowing freely between the UK, Jersey, Guernsey and the Isle of Man – see the link for this and other PL&B events.
Editor, Privacy Laws & Business