11th August 2017
This week, Digital Minister Matt Hancock announced the Government’s proposals for a new set of data protection laws, meaning the Data Protection Act 1998 will be succeeded by a Bill which will impose more stringent requirements on companies holding personal data, and keep the UK in line with Europe’s new General Data Protection Regulation (GDPR). What is interesting is that after much debate during the EU referendum around the huge volume of burdensome regulations coming from Brussels, this new Bill is now bringing some of the most ambitious and challenging EU rules for businesses into UK law, meaning it will have effect after Brexit.
Nearly 20 years after the Data Protection Act was first enacted, the imperative of providing an online service has led to most companies retaining customers’ personal details on their databases. The problem arises when companies are permitted to share this information with other companies, resulting for example in targeted marketing activities that have been unwittingly agreed to via pre-ticked boxes or opt-outs, designed to target specific personal interests. Even in the event of removing personal information from the internet, it is still possible for it to be held by companies within their databases.
The European Court of Justice instated the ‘right to be forgotten’ in May 2014 as a way for citizens to take back control of their personal data. The supposed solution created new problems: how wide-spread should this ‘forgetting’ of information be? Google is currently locked in a legal battle with France on this very issue, arguing that deletion of data should only be held to one country, otherwise states with harsher guidelines can implement their state-wide censorship on the global population.
While Matt Hancock has made a point of saying that the Bill will “support businesses in their use of data” and “prepare Britain for Brexit” by ensuring UK companies are compliant with EU data requirements so that data can continue to flow freely across borders, it also imposes enormous burdens on British businesses. One of the biggest impacts of the new data protection legislation on companies is that users will now have to explicitly consent to their content being shared, rather than simply fail to opt out. There is also the prospect of far larger fines for non-compliance — up to 4 per cent of global annual turnover, or £17m, whichever is greater.
The Bill is undoubtedly a popular measure that will allow citizens to retain their privacy in an increasingly data driven world. But as the UK leaves the EU, it is one of many instances where the UK will have to remain compliant with stringent EU law in order to continue doing business with the bloc, even after our departure.
19th March 2018
Where now for Wales? The EU Continuity Bill and the Future of Devolution
With the Assembly approving the General Principles of the Law Derived from the European Union (Wales) Bill, otherwise known as the EU Continuity Bill, the battle lines have been drawn over the...Read More
15th March 2018
How ‘exciting’ should politicians be?
Fay Jones, Account Director, considers the problem of being boring On International Women’s Day last week, the Prime Minister was asked the question: “Tell me how you let your hair down?” If you...Read More
14th March 2018
Creating a campaign in 24 hours – Young Lions
Kevan Barber, Senior Account Manager from Grayling's Consumer PR team shares his Young Lions - Cannes Lions 2018 entry, and top tips for tight turnarounds! This year saw Grayling UK enter two...Read More