Insights

/ Insights / Do new data protection laws show the real power of the EU post-Brexit?

Free thinking from Grayling people

Do new data protection laws show the real power of the EU post-Brexit?

11th August 2017


This week, Digital Minister Matt Hancock announced the Government’s proposals for a new set of data protection laws, meaning the Data Protection Act 1998 will be succeeded by a Bill which will impose more stringent requirements on companies holding personal data, and keep the UK in line with Europe’s new General Data Protection Regulation (GDPR).  What is interesting is that after much debate during the EU referendum around the huge volume of burdensome regulations coming from Brussels, this new Bill is now bringing some of the most ambitious and challenging EU rules for businesses into UK law, meaning it will have effect after Brexit.

Nearly 20 years after the Data Protection Act was first enacted, the imperative of providing an online service has led to most companies retaining customers’ personal details on their databases. The problem arises when companies are permitted to share this information with other companies, resulting for example in targeted marketing activities that have been unwittingly agreed to via pre-ticked boxes or opt-outs, designed to target specific personal interests. Even in the event of removing personal information from the internet, it is still possible for it to be held by companies within their databases.

The European Court of Justice instated the ‘right to be forgotten’ in May 2014 as a way for citizens to take back control of their personal data. The supposed solution created new problems: how wide-spread should this ‘forgetting’ of information be? Google is currently locked in a legal battle with France on this very issue, arguing that deletion of data should only be held to one country, otherwise states with harsher guidelines can implement their state-wide censorship on the global population. 

While Matt Hancock has made a point of saying that the Bill will “support businesses in their use of data” and “prepare Britain for Brexit” by ensuring UK companies are compliant with EU data requirements so that data can continue to flow freely across borders, it also imposes enormous burdens on British businesses. One of the biggest impacts of the new data protection legislation on companies is that users will now have to explicitly consent to their content being shared, rather than simply fail to opt out. There is also the prospect of far larger fines for non-compliance — up to 4 per cent of global annual turnover, or £17m, whichever is greater.

The Bill is undoubtedly a popular measure that will allow citizens to retain their privacy in an increasingly data driven world. But as the UK leaves the EU, it is one of many instances where the UK will have to remain compliant with stringent EU law in order to continue doing business with the bloc, even after our departure.


Grayling Team

Latest Insights

12th October 2017


Does the SNP have new purpose?

The SNP met in unusual circumstances for their 82nd national conference at Glasgow’s SECC. No elections. No referendums. No leadership contests. It all felt very strange. Scotland being knocked out...

Read More

9th October 2017


Conservative Conference 2017 - The Grayling View

Theresa May’s speech to this year’s Conservative Party Conference was the Prime Minister’s best opportunity to rally her party and secure her position as Parliament returns for the Autumn. After...

Read More

29th September 2017


Is Corbyn on the brink of entering No 10?

Listening to Jeremy Corbyn’s speech at Labour Party Conference in Brighton, you would be forgiven for assuming that his party were on the cusp of forming the next Government.The Labour Party...

Read More