TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | New UK Minister’s Data Protection To-Do List Related reading: Commission Hears It From All Sides


It has been a momentous couple of weeks in the world of data protection. In Luxembourg, the Court of Justice of the European Union issued landmark judgments in the cases of Weltimmo and Schrems.

In Brussels, the Justice and Home Affairs Council of the EU agreed to a general approach on the draft data protection directive for police and judicial cooperation in criminal matters. Furthermore, European Parliament Rapporteur, Jan Philipp Albrecht, reported at a hearing of the LIBE Committee that the GDPR is on track for December.

Meanwhile, in London, there was another notable development, but this appears to have slipped beneath the radar. The online profile of Baroness Neville-Rolfe DBE CMG - Parliamentary Under Secretary of State at the Department for Business, Innovation and Skills (jointly with the Department of Culture, Media and Sport) and Minister for Intellectual Property - was updated to say that she was “assuming responsibility for Data Protection on 2nd October 2015.”

This was due to a machinery of government change in the UK that confirmed that “policy responsibility for data protection policy, sponsorship of the Information Commissioner’s Office (ICO), and sponsorship of The National Archives will transfer from the Ministry of Justice to the Department for Culture, Media and Sport.”

There was no press release or tweet to signify this transfer of responsibility for data protection to Baroness Neville-Rolfe. On balance, the addition of data protection and sponsorship of the ICO seems like a significant expansion of a ministerial portfolio that already includes intellectual property, EU single market, company law and better regulation.

If there was a chance to get the words ‘data protection’ or ‘privacy’ into the minister’s job title as is the case for Dara Murphy in Ireland and Bart Tommelein in Belgium, then that opportunity appears to have been missed.

However, Baroness Neville-Rolfe does have extensive experience in the UK civil service and more recently in business, having previously been an executive director of supermarket group Tesco Plc and President of EuroCommerce, a European federation of retailers and trading companies.

All this experience will stand the minister in good stead as her data protection to-do list starts to build up. Immediate issues for consideration will include absorbing the implications of the above-noted CJEU cases, and supporting the UK’s policy approach towards the final rounds of GDPR negotiations and the future of Safe Harbor.

The minister will also have to start thinking about how the ICO will be funded after notification fees are abolished under the GDPR, given her department’s sponsorship of the national supervisory authority.

Looking further ahead, an approach to managing the UK’s presidency of the Council of the EU in the second half of 2017 will need to be developed. The timing here is significant, as the UK will be chairing DAPIX working group meetings and the Justice and Home Affairs Council in the run up to the GDPR going live, possibly in early 2018.

At the same time, the government will be grappling with the wider question of the UK’s membership in the EU following the planned in/out referendum in either 2016 or 2017. Depending on the result of the referendum, this could present serious questions around the application of the GDPR and other related legislation to the UK.

So there is much for Baroness Neville-Rolfe to contemplate with regards to data protection and she will also find that there will be no shortage of advice available from stakeholders. The UK data protection community will however welcome her appointment and will be keen to hear of her policy priorities during this critical but exciting time.

photo credit: The Palace of Westminster 2. Night Shot. Nikon D3100. DSC_0574. via photopin (license)


If you want to comment on this post, you need to login.