Standard YouTube Licence
On 14 Sept 2017, the Government introduced The Data Protection Bill into the House of Lords. The purpose of the Bill is to
"Make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information; to make provision for a direct marketing code of conduct; and for connected purposes."The Bill is needed to implement Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA which comes into force on the 5 May 2018 and to maintain in force the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) ("the GDPR") after we leave the EU.
The need to continue the provisions of the GDPR was spelt out in the Commission's Position Paper on the Use of Data and Protection of Information Obtained or Processed before the Withdrawal Date which I discussed in Commission Position Paper on Data Protection and Protection of Information obtained or processed before the Withdrawal Date 15 Sep 2017 NIPC Brexit:
"It is recalled that the United Kingdom's access to networks, information systems and databases established by Union law is, as a general rule, terminated on the date of withdrawal.The conditions set out in the Position Paper will be implemented by the GDPR and continued by the Bill when it comes into law.
The United Kingdom or entities in the United Kingdom may keep and continue to use data or information received/processed in the United Kingdom before the withdrawal date and referred to below only if the conditions set out in this paper are fulfilled. Otherwise such data or information (including any copies thereof) should be erased or destroyed.
The principles set out in this paper should also apply, mutatis mutandis, to personal data, data or information which was received /processed by the United Kingdom or entities in the United Kingdom after the withdrawal date pursuant to the Withdrawal Agreement."
The Bill consists of 194 clauses and 18 Schedules. Clause 1 contains an overview:
"1 Overview (1) This Act makes provision about the processing of personal data.The Department of Culture, Media and Sport has published the press release Data laws to be made fit for digital age and fact sheets containing an Overview of the Bill, General Data Processing, Law Enforcement Data Processing, National Security Data Processing and The Information Commissioner and Enforcement. There are also Explanatory Notes.
(2) Most processing of personal data is subject to the GDPR.
(3) Part 2 supplements the GDPR (see Chapter 2) and applies a broadly equivalent regime to certain types of processing to which the GDPR does not apply (see Chapter 3).
(4) Part 3 makes provision about the processing of personal data by competent authorities for law enforcement purposes and implements the Law Enforcement Directive.
(5) Part 4 makes provision about the processing of personal data by the intelligence services.
(6) Part 5 makes provision about the Information Commissioner.
(7) Part 6 makes provision about the enforcement of the data protection legislation.
(8) Part 7 makes supplementary provision, including provision about the application of this Act to the Crown and to Parliament."
The Bill has already had its first reading in the House of Lords and will have its second on the 10 Oct 2017. I will follow the Bill as it makes its way through Parliament and analyse its provisions. I will also analyse the GDPR and the Directive as the day for their implementation approaches.
Should anyone wish to discuss the Bill or the GDPR and Directive, he or she should call me during office hours on +44 (0)20 7404 5252 or send me a message through my contact form.