Insights

/ Insights / Do new data protection laws show the real power of the EU post-Brexit?

Free thinking from Grayling people

Do new data protection laws show the real power of the EU post-Brexit?

11th August 2017


This week, Digital Minister Matt Hancock announced the Government’s proposals for a new set of data protection laws, meaning the Data Protection Act 1998 will be succeeded by a Bill which will impose more stringent requirements on companies holding personal data, and keep the UK in line with Europe’s new General Data Protection Regulation (GDPR).  What is interesting is that after much debate during the EU referendum around the huge volume of burdensome regulations coming from Brussels, this new Bill is now bringing some of the most ambitious and challenging EU rules for businesses into UK law, meaning it will have effect after Brexit.

Nearly 20 years after the Data Protection Act was first enacted, the imperative of providing an online service has led to most companies retaining customers’ personal details on their databases. The problem arises when companies are permitted to share this information with other companies, resulting for example in targeted marketing activities that have been unwittingly agreed to via pre-ticked boxes or opt-outs, designed to target specific personal interests. Even in the event of removing personal information from the internet, it is still possible for it to be held by companies within their databases.

The European Court of Justice instated the ‘right to be forgotten’ in May 2014 as a way for citizens to take back control of their personal data. The supposed solution created new problems: how wide-spread should this ‘forgetting’ of information be? Google is currently locked in a legal battle with France on this very issue, arguing that deletion of data should only be held to one country, otherwise states with harsher guidelines can implement their state-wide censorship on the global population. 

While Matt Hancock has made a point of saying that the Bill will “support businesses in their use of data” and “prepare Britain for Brexit” by ensuring UK companies are compliant with EU data requirements so that data can continue to flow freely across borders, it also imposes enormous burdens on British businesses. One of the biggest impacts of the new data protection legislation on companies is that users will now have to explicitly consent to their content being shared, rather than simply fail to opt out. There is also the prospect of far larger fines for non-compliance — up to 4 per cent of global annual turnover, or £17m, whichever is greater.

The Bill is undoubtedly a popular measure that will allow citizens to retain their privacy in an increasingly data driven world. But as the UK leaves the EU, it is one of many instances where the UK will have to remain compliant with stringent EU law in order to continue doing business with the bloc, even after our departure.


Grayling Team

Latest Insights

11th August 2017


Emerging Trends in the Property and Infrastructure Sector

There is no escaping the fact that in terms of public profile the next few years will be critical for property and infrastructure, not least because it’s back on the political and media agenda in a...

Read More

7th August 2017


What does the HMS Queen Elizabeth mean for Portsmouth’s Naval history?

HMS Queen Elizabeth, the most powerful warship ever built for Britain's famous Royal Navy Fleet, is set to sail into its new home of Portsmouth for the first time between the 17th and the 22nd...

Read More

3rd August 2017


Can current competition regulation keep up with the internet age?

Over recent decades, the UK has seen the Competition and Markets Authority (CMA), select committees, and the Government, question and intervene in a number of corporate mergers. When such an...

Read More