Category: Data Protection

The political kerfuffle over the Government’s Brexit machinations makes it timely to point out that the European Commission’s negotiating document on Brexit states that the UK’s implementation of the GDPR is an issue of importance in any negotiations. Indeed, the Commission’s document states that the content of the UK’s Data Protection Bill (“DPBill”), now before the House of Commons, is unfinished business from the first phase of these negotiations. I had mistakenly assumed that stage one of these Brexit talks

Mrs May, at the last Prime Minister’s Questions before the Xmas recess, said in response to a question from a Conservative MP: “We are very clear that we (the UK) will be leaving the EU on 29 March 2019 at 11 pm”. As Government policy is for the UK to become a Third Country on this date, what does this imply? First, any assessment of UK adequacy by the European Commission (if one is to be made) has to be undertaken before

The Data Protection Bill (“DPBill”) based on the General Data Protection Regulation (“GDPR”) will, hopefully, call time on what always has been a problem. Controllers who believe that the delivery of health, education and social work public sector services have to rely on “data subject consent” for the processing of personal data related to those services. When the DPBill is enacted, any reliance on consent creates a problem because when a data subject withdraws consent, there is an expectation that

Under the current Data Protection Act (“DPA”), controllers need a Schedule 2 legal basis/ground to process personal data. Schedule 2 lists six main groupings and a controller has to select at least one from the list. If a controller does not have a legal basis/ground for the processing, then the controller cannot process the personal data – end of argument. So, it is surprising to discover that Clause 8 of the Data Protection Bill (“DPBill”), through the use of the word “includes”, can

The Government has added a completely new immigration control exemption to the Data Protection Bill (“DPBill”). This exemption does not appear in the Data Protection Act 1984 nor in the Data Protection Act 1998 so the question immediately arises as to “why an immigration exemption is now suddenly needed?”. The exemption is very broad; it is from all data subject’s rights (e.g. of access, information about the processing) if satisfying these rights would prejudice “the maintenance of effective immigration control” or “the

Unless the European Union (Withdrawal) Bill is modified, the new Data Protection Bill that implements the UK’s version of the GDPR (expected tomorrow) can be modified or even repealed using Ministerial powers that are not subject to detailed scrutiny.  Indeed, I will go so far to say that the European Commission would be advised not to grant the UK the status of offering an adequate level of protection until further legislative guarantees are enacted by the UK. So bad is