The government is ready to start talking through data protection arrangements with the EU for when the UK is no longer in the European Union. In a speech delivered at a security conference on 17 February, Prime Minister Theresa May said that we must also recognise the importance of comprehensive and robust data protection arrangements.
“The UK’s Data Protection Bill will ensure that we are aligned with the EU framework. But we want to go further and seek a bespoke arrangement to reflect the UK’s exceptionally high standards of data protection. And we envisage an ongoing role for the UK’s Information Commissioner’s Office, which would be beneficial in providing stability and confidence for EU and UK individuals and businesses alike,” Mrs May said.
While the UK Bill will implement both the so-called Police Directive and the General Data Protection Regulation (GDPR), it already looks evident that there will be some differences compared to the Regulation. The date for the second reading at the House of Commons is not known yet but it is expected that the Data Protection Bill could have Royal Assent by Easter.
Mrs May also confirmed that the UK aims to remain in Europol, and said that when participating in EU agencies, the UK will respect the remit of the European Court of Justice.
Previously, Data Protection Minister, Matt Hancock, has said that an adequacy decision would be the most likely way forward for the UK for data transfers to and from other adequate countries, but, contrary to what the PM now says, that the UK would not accept direct application of the decisions by the Court of Justice of the European Union.
See the speech at the Munich Security Conference: 17 February 2018 at https://www.gov.uk/government/speeches/pm-speech-at-munich-security-conference-17-february-2018