| Author (Corporate) | United Kingdom: House of Commons: Library |
|---|---|
| Series Title | Briefing Paper |
| Series Details | No.7838 (10.10.17) |
| Publication Date | 10/10/2017 |
| Content Type | Journal | Series | Blog |
|
This House of Commons Library briefing paper issued in December 2016 (and subsequently periodically updated) discussed the ongoing reform of EU data protection law, the interaction with UK law, and the potential consequences of Brexit in this area. The basis of EU data protection law is the 1995 Data Protection Directive (95/46/EC), which was implemented into UK law by the Data Protection Act 1998. This general Data Protection Directive has been complemented by other legal instruments, such as the e-Privacy Directive for the communications sector. There are also specific rules for the protection of personal data in police and judicial cooperation in criminal matters (Framework Decision 2008/977/JHA). Since 1995 technological progress and globalisation have profoundly changed the way data is collected, accessed and used. In addition, EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. In January 2012 the European Commission therefore proposed a new legislative framework for data protection. In its now finalised form, this has two elements: + The General Data Protection Regulation (GDPR; Reg 2016/679). This is now in force, but there is a two-year transition period for implementation, meaning that the UK is not obligated to apply it until 25 May 2018. + The Directive on data transfers for policing and judicial purposes (2016/680/EU). This is now in force and EU Member States are required to transpose it into their national law by May 2018. The Regulation has attracted far more attention than the Directive. The Regulation includes new provisions covering + Increased territorial scope (extra-territorial applicability) It enhances data subjects’ rights with new provisions covering + Breach notification On present estimates it is unlikely that the UK will have left the European Union by May 2018. The GDPR will therefore apply from that date until “Brexit” occurs and UK businesses are being advised to prepare accordingly. There is a dedicated EU GDPR portal and general guidance is available on the Information Commissioner’s website. Concerns have been expressed as to what will happen after 'Brexit', particularly whether the UK’s domestic data protection regime will be considered 'adequate' by the EU and whether recent UK legislation is compatible with the GDPR. The Government has said that it is working 'to make sure that we achieve a coherent data protection regime and that data flows with the EU are not interrupted after we leave'. |
|
| Source Link | http://researchbriefings.files.parliament.uk/documents/CBP-7838/CBP-7838.pdf |
| Related Links |
|
| Countries / Regions | United Kingdom |
