En route to closer alignment between the UK and the EU

Sentiment in the United Kingdom against the European Union has shifted considerably in the years since the EU referendum in June 2016 and subsequent Brexit, completed in January 2020.

The benefits have been mainly a mirage and there now is broad consensus that the economic downsides have been substantial in terms of reduced investment, trade barriers, non-tariff trade barriers and more factors leading to reduced GDP per capita. Even the Reform (former Brexit) Party rarely mentions it.

At each stage of planning and adopting the Data Use and Access Act 2025 both previous Conservative and the current Labour governments, have taken care to ensure that they have taken enough steps to keep the European Commission informed, and to keep divergence within a tolerable margin to ensure an EU data protection adequacy declaration. Some points in the new UK law have attracted quiet support among EU Member State Data Protection Authorities who now express their views in interpretation of the GDPR rather than a wish to completely revise it.

Close alignment on children’s issues

There is close alignment between the UK’s leading role and many other countries on children’s issues. It was announced on 25 March that a global sweep by 27 data protection and privacy authorities from around the world, examined almost 900 websites and apps that are used by children. While some are specifically designed for children’s use, others are used by adults but are popular with children. Meanwhile, the campaign against the use of mobile phones in schools is becoming a “clear legal requirement” in the UK.

UK-EU reset

Like any other law, data protection law operates in a societal context. Six weeks ago, in a statement published on 16 March, Rachel Reeves, the Chancellor declared “the UK will work closely with the EU and consider aligning with rules where it boosts long term growth and benefits consumers … and provides stable, forward looking certainty for business.”(1) This public reset in the UK’s relationship with the EU has had a liberating effect. Closer cooperation in the privacy law field can now be pursued more confidently in public rather than quietly behind metaphorically closed doors.

Both sides can learn from each other in this post-Brexit era.

The UK’s Smart Data initiative

On 26 March 2026, the UK government published its Smart Data 2035(2) strategy which in some ways is parallel to aspects of the EU’s Digital Regulation package. The UK document explains: “Smart data is the secure, consented, sharing of customer or business data with Authorised Third Parties (ATP).” (See “driving data equity” PL&B International Report April 2026).

The strategy document explains smart data’s relevance to specific sectors: “Smart data is about ensuring that individual consumers and businesses reap the benefits from their own data, in a safe, secure and interoperable system…” and refers to priority areas including “banking (payments), financial services, road fuels, energy, property, retail, digital markets, transport, telecommunications, and agrifood.” The aspect most relevant to data protection law is “digital verification of identities.”

The government’s first point in its 2025 to 2035 strategy is: “the Data (Use and Access) Act provides powers to implement smart data.” International cooperation is certainly on the government’s agenda because the fifth point is “international and UK data-policy partnership building.”

There is reference to Part 1 of the Data (Use and Access) Act which gives government powers to introduce legal requirements for the creation and governance of data sharing schemes in any sector. The strategy document then refers to the rights of portability, consent, and the principle of interoperability.

The European Commission’s Review of the Digital Markets Act

On 26 April 2026 the European Commission published its Review of the Digital Markets Act (DMA).(3)

The review reported that “in the first two years of its application, the DMA remains fit for purpose and has opened up new opportunities for businesses and developers, while giving users more control over their experiences and devices, as well as access to more diverse and innovative digital products and services.”

In particular, the DMA has provided Europeans with: “the ability to transfer their data when switching between services and devices; the choice to select alternative search engines and web browsers instead of default providers; and meaningful choice about whether to allow gatekeepers to combine their personal data across services, preventing unauthorised profiling.”

Agustín Reyna, Director General of BEUC, commented: “Thanks to the Digital Markets Act, consumers already benefit from more choice … However, Big Tech companies are too often circumventing the rules, preventing consumers from experiencing the full benefits of the DMA.”

Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy declared “we will continue to work to ensure its strong enforcement to open up more opportunities in the EU digital markets.”

The advantages of the UK and the EU acting together

It is clear that the UK and the EU together would deploy stronger regulatory power and victim redress if they act together in tackling common problems, such as deepfake image-based sexual abuse. The UK’s Online Safety Act has been strengthened, but our correspondents make it clear that it has several fundamental weaknesses. By contrast, the EU Digital Services Act covers similar ground but includes a private right of action. EU judgments are no longer binding in the UK but they are sometimes cited in the English courts. They open up new avenues for tackling problems. For example, the Grand Chamber of the CJEU confirmed in December 2025 that platforms which host and facilitate the sharing of abusive content can be considered joint controllers under the GDPR, and are therefore liable in law.

The EU AI Act has extraterritorial effect in the UK, as it applies to providers wherever they are located.

Destination Digital Regulation

My view is that there is indeed a blue EU bus driving down Whitehall with its destination “Digital Regulation”. Despite some differences of emphasis and nuance, it is broadly going in the same direction as a red London bus.

The UK’s reset in its relationship with the EU has advantages for business and consumers. But the UK has no place in EU decision-making.

With Ireland holding the EU Presidency from July to December this year, it has a uniquely influential position of having two Irish nationals, Michael McGrath, the EU Commissioner for Justice, and Jim O’Callaghan, the President of the Council of Justice Ministers, in Brussels. Their roles are neutral by design but Ireland (with its substantial tech and life sciences EU HQ business community) will hold an influential position when progressing the EU Digital Omnibus package and, later in the year, the Digital Fairness Act.

I am pleased that we are giving you a unique opportunity in PL&B’s Ireland Conference on 14 May in Dublin, Ireland and EU privacy/digital laws: New horizons, to meet and put questions to both EU Commissioner, Michael McGrath and the Chair of Ireland’s Data Protection Commission, Dr Des Hogan. Join us in Dublin where you will learn about the impact of evolving EU digital regulation on your business.

PL&B’s 39th International Conference 6-8 July in Cambridge, Digital Regulation: the fundamental things apply will have 60+ speakers from 14 countries.

We look forward to welcoming you to both events.

Stewart Dresner
Publisher, Privacy Laws & Business

May 2026