Is the UK still drifting away from the EU?
Is UK data protection policy still drifting away from the EU after Brexit, or travelling in the same direction on a parallel path?
We will know the answer only when the Bill to reform the Data Protection Act 2018, which started its passage through Parliament on 18 July, reaches its final form, probably in the first quarter of 2023. The Bill has now been given the name the Data Protection and Digital Information Bill. Matt Warman MP is the Minister leading the government’s initiative. This bill indicates this government’s current thinking, but is not the last word for the next Prime Minister.
It was clear during PL&B’s Memo to the Minister Roundtable on 14 July that the audience of company managers and law firms took the view of the government’s proposals less as “Yes Minister” but more a case of “Yes but, Minister.” Some issues are still to be resolved.
EDPB and UK government work on the same principles
At our Winds of Change conference in Cambridge earlier this month, an important point was made by Wojciech Wiewiórowski, the European Data Protection Supervisor. He said that in the European Data Protection Board (EDPB), there are 30 national opinions and 30 approaches to an issue. To reach agreement, compromise is essential. The EDPB works on the principles of Impartiality, Integrity, Transparency and Pragmatism.
Brexit, with the consequence that the ICO had to leave the EDPB was most unfortunate. In the past, the ICO with its skilled staff and its substantial resources, had taken an important role leading several working groups.
The UK government’s reform is following the same four principles in its legislative programme. Now, 10 years after the GDPR was launched in 2012, the UK is pursuing its own path. This passage of time gives everyone room for a new perspective. Wiewiórowski said that Brexit should not be seen as a disaster for the EU but an opportunity to see, from the EU perspective, whether the GDPR can be interpreted in a flexible way, with the UK still retaining its EU adequacy status. European Economic Area Member States might be influenced by this trend. He said that some new interpretations are possible and should be acceptable.
Despite the UK-EU painful divorce, cooperation is possible and continues in several areas. Examples include bilateral cooperation between the ICO and other national DPAs, exchanges of experience on sandboxes and codes of conduct, and cooperation with the competition authorities and other regulators.
Wiewiórowski concluded: “It is beneficial to consider what is working, what is not, and what could work better.” If the UK’s reform enables it to retain its EU adequacy status, it shows how interpretation of the GDPR can be developed even though the text itself will not be revised in the remaining two years of the current European Commission.
New UK data protection law ahead
The DCMS policy staff at our Memo to the Minister Roundtable were adamant that data protection standards would not drop in future UK legislation. However, a change of emphasis is clear in recognising that the ICO is explicitly also an economic regulator. The phrase “the devil is in the detail” applies here.
The output from this Roundtable will be a substantive Memo to the Minister drafted by the host law firm, Norton Rose Fulbright. PL&B UK Report subscribers will have access to this memo when it is ready.
You can be confident that PL&B UK Report will keep you informed of the Bill’s progress. In addition to our reporting, look out for PL&B future events on this subject.
Only at the end of the legislative process next year will anyone be able to conclude whether the UK is still drifting away from the EU, or travelling in the same direction on a parallel path.
Publisher, Privacy Laws & Business