The UK’s new information commissioner reckons that a post-Brexit Britain should adopt data protection laws similar to those of, er... the EU.
Elizabeth Denham made the comments during her first speech (transcript here) as UK information Commissioner at an event in London last week. Denham said the EU’s General Data Protection Regulation (GDPR) directive will almost certainly come into force in the UK before Brexit is effected. Something similar will be needed to replace it even after the UK leaves the EU, she argued.
More ReadingBrexit will happen. The EU GDPR will happen. You can't avoid eitherUK membership of Council of Europe has implications for data protection after BrexitEU cybersecurity directive will reach Britain, come what MayEU GDPR compliance still a thing for UK firms even after BrexitWho'll guard your personal data post-Brexit?
“The fact is, no matter what the future legal relationship between the UK and Europe, personal information will need to flow. It is fundamental to the digital economy,” Denham said. “In a global economy we need consistency of law and standards. The GDPR is a strong law, and once we are out of Europe, we will still need to be deemed adequate or essentially equivalent.
“Whatever data protection law we have post-Brexit, I expect to see organisations taking responsibility for their actions, no matter how quick the technological change,” she added.
The GDPR will introduce tougher breach disclosure rules and much higher fines for security screwups – of up to four per cent of a business’s annual turnover. Denham put a positive spin on the tougher regulations, arguing that compliance ought to act as a catalyst for positive change.
“We believe that future data protection legislation, post-Brexit, should be developed on an evolutionary basis, to provide a degree of stability and clear regulatory messages for data controllers and the public,” she explained. “GDPR is an incentive to improve your practices, to sharpen things up, and encourage organisations to look at things afresh.
“Legislative change does bring nervousness, but it also brings opportunity. These changes – stronger data protection law and enforcement – are aimed at inspiring public trust and confidence,” she concluded.
Janine Regan, a data protection specialist at law firm Charles Russell Speechlys, said: “These comments from the ICO are not surprising; the digital single market is worth billions and streamlined EU data protection laws is a fundamental component of that. Brexit from data protection will mean that the UK will lose significant influence over policy, strategy and a piece of the incredibly profitable digital single market pie.
“The UK needs to mirror EU law post Brexit in order to be an effective place to offer data analytics, data centres and international data management services,” she added. ®