The government has promised to reform data protection laws in the UK. They want to create a “first-rate data rights regime”. So, one which is even better than the “highly complex and prescriptive” General Data Protection Regulation that the UK agreed to before Brexit.
The Queen’s Speech (written by the government and read out by Prince Charles) is heavy on rhetoric and light on detail. That’s understandable as you wouldn’t expect Prince Charles to read out all the information. Sadly, even the background briefing notes are light on content too with guff about “tak[ing] advantage of the benefits of Brexit to create a world class data rights regime” and “modernis[ing] the Information Commissioner’s Office … to take stronger action against organisations who breach data rules”. The benefits of this reform are also caged in political mumbo jumbo:
- increasing the competitiveness and efficiencies of UK businesses by reducing burdens
- making sure that data can be used to empower citizens and improve their lives
- creating a clearer regulatory environment
- ensuring that the regulator takes appropriate action against organisations who breach data rights and that citizens have greater clarity on their rights
I’ll spare you any more of this vapid nonsense. It’s all in the background briefing notes if you have the stomach for it (PDF). In truth, presumably they’ll base the reform on the results of the consultation they undertook recently.
We await to see if they are able to make all these changes while protecting personal data to a “gold standard” like they promise. My fear is they will achieve the opposite. They’ll dilute standards in the name of reform, thus putting the UK’s adequacy status at risk. That would mean data transfers to and from the EU would have to be under standard contractual clauses or a new UK-style privacy shield. Still, let’s not get ahead of ourselves. Let’s wait to see what the bill contains once they publish it.
If you need advice, contact me firstname.lastname@example.org or +44 (0) 20 7611 2338.