""

 

United Kingdom

United Kingdom

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in the United Kingdom. The IAPP Resource Center also includes a “Europe” topic page, which can be accessed here.

Featured Resources

UK Data Protection Reform

This chart aims to provide a snapshot of all the proposals the government is planning to proceed with in some way as it attempts to “establish the UK as the most attractive global data marketplace.”
Read More

UK responds to data reform consultation

The U.K.’s post-Brexit reform of its data protection laws took another step forward June 17 with the government’s final response to its data consultation. IAPP Editorial Director Jedidiah Bracy, CIPP, reports on the release and gets early reaction to the changes.
Read More

Convo with Information Commissioner John Edwards

The Privacy Advisor Podcast host Jedidiah Bracy, CIPP, caught up with Edwards to discuss his priorities, how he foresees working with other data protection authorities, his thoughts on transborder data flows and the U.K.’s potential changes to it data protection law.
Read More


""

Latest News and Resources

UK data protection reform: What is in the government’s proposals?

In September 2021, the Department for Digital, Culture, Media and Sport consulted on the future of U.K. data protection law. DCMS published its response to this consultation, and a first draft of the new bill is expected imminently. DCMS recommends several changes to U.K. law. None represents a total overhaul in approach — the U.K. will retain “U.K. General Data Protection Regulation,” its existing Data Protection Act and its existing ePrivacy regulations, along with most of their existing prov... Read More

Consent as legal basis for EU and UK employment

Consent is one of the EU General Data Protection Regulation legal bases that can be used to justify the collection, handling or storage of personal data. For consent to be valid, it must be clearly distinguishable from other matters, intelligible and in clear and plain language, freely given, as easy to withdraw as it was to provide, specific, informed and unambiguous (GDPR Article 6, 7 and Recitals 32, 33 and 43). In the employment context, consent is deemed to be problematic. An actual or per... Read More

New UK health data strategy creates ‘secure,’ ‘privacy-preserving system’

The U.K. Department of Health and Social Care published a new data strategy that improves patient access to records and control of their data, including simplified opt-out processes and improved data access. The strategy focuses on seven principles “to harness the data-driven power and innovation seen during the (COVID-19) pandemic to drive transformation in health and care, creating a secure and privacy-preserving system that delivers for both patients and professionals,” the department said.Fu... Read More

The UK data policy and possible divergences with the European Union

In December 2020, the British government presented its national data strategy, outlining its ambition to unlock data value and promote responsible growth by reducing the administrative burden on technology innovators and digital entrepreneurs. The strategy prompted concerns in Brussels that the new U.K. data policy might strive away from the EU General Data Protection Regulation. In early 2020, Prime Minister Boris Johnson announced that the U.K. would establish its own "sovereign" rules in the... Read More

UK, German DPAs talk regulatory priorities, privacy complexities

Addressing a room full of privacy professionals at the IAPP Global Privacy Summit 2022, U.K. Information Commissioner John Edwards envisioned many would be looking to regulators to “just tell us what we need to do” to minimize risks, reach compliance and reduce associated costs. “That’s fine,” Edwards said. But he was quick to point out, the most “important thing” about privacy and data protection is “the human story.” “You’re going to see your drug counselor later today. You made that insuran... Read More

U.K. Government National Data Strategy
(UK Government, April 2022)
UK Government: The Digital, Data and Technology Playbook
(UK Government, March 2022)
Data transfers, UK GDPR reform top of mind at DPI: UK
(IAPP, March 2022)
In first public speech as UK information commissioner, Edwards offers certainty in uncertain times
(IAPP, March 2022)
UK’s post-Brexit international data transfer agreement enters into force
(IAPP, March 2022)
UK government rolls out global AI standards initiative
(IAPP, January 2022)
Edwards discusses new beginning as UK commissioner
(IAPP, January 2022)
The way the third-party cookie crumbles: Part 1 – EU and UK developments
(IAPP, December 2021)
UK launches algorithmic transparency standard for government
(IAPP, December 2021)
Denham ‘deeply concerned’ with UK data reforms
(IAPP, November 2021)
UK Supreme Court halts billion-dollar privacy class action against Google
(IAPP, November 2021)
Changing direction? UK consults reforms to its data protection law
(IAPP, October 2021)
LinkedIn Live: “UK International Data Transfers Consultation”
(IAPP, October 2021)
ICO issues data protection guide for media, journalists
(IAPP, October 2021)
UK details plans for national AI strategy
(IAPP, September 2021)
The UK’s new plans for data transfers: An interview with Joe Jones
(IAPP, September 2021)
EU warns UK could lose adequacy by drifting away from GDPR
(IAPP, August 2021)
Denham discusses potential for global privacy standard
(IAPP, September 2021)
UK launches wide-ranging data reform initiative
(IAPP, September 2021)
Children’s Data Privacy Protections in the U.K.: What to Know and How to Comply
(Davis Wright Tremaine, September 2021)
UK announces independent adequacy decisions; Edwards named ICO top candidate
(IAPP, August 2021)
ICO publishes direct marketing guidance for public sector
(IAPP, August 2021)
ICO unveils AI and Data Protection Risk Toolkit
(IAPP, July 2021)
ICO: Freedom of information self-assessment toolkit
(UK ICO, July 2020)
UK government publishes ‘Plan for Digital Regulation’
(IAPP, July 2021)
European Commission adopts UK adequacy decisions
(IAPP, June 2021)
UK CMA’s role in Privacy Sandbox ‘changes the dynamic’
(IAPP, June 2021)
UK health department, NHS publish draft health data strategy
(IAPP, June 2021)
Report: UK MPs suggest tossing GDPR, creating new standard
(IAPP, June 2021)
UK Court of Appeals deems Data Protection Act ‘immigration exemption’ unlawful
(IAPP, June 2021)
ICO addresses data protection in UK digital identity scheme
(IAPP, April 2021)
Elizabeth Denham reflects on the pandemic year and road ahead
(IAPP, April 2021)
ICO discusses common UK GDPR compliance issues
(IAPP, April 2021)
NIS representation in the EU and UK — Was the March 31 deadline a turning point?
(IAPP, April 2021)
GDPR representatives in EU and UK after Brexit
(IAPP, February 2021)
Draft UK adequacy decisions — A somewhat lukewarm embrace?
(IAPP, February 2021)
European Commission releases draft UK adequacy decisions
(IAPP, February 2021)
UK government publishes draft rules on use of digital identities
(IAPP, February 2021)
Government leaders discuss state of play for UK adequacy, data transfers
(IAPP, January 2021)
Data brokers under the spotlight: A commentary on the ICO vs. Experian case
(IAPP, January 2021)
UK, EU reach interim data flow agreement
(IAPP, January 2021)
Online Harms White Paper — UK Government
(UK Government, December 2020)
New Economic Foundation — The Cost of Data Inadequacy: The Economic Impacts of the UK Failing to Secure an EU Data Adequacy Decision
(New Economics Foundation and University College London’s European Institute, November 2020)
ICO Accountability Framework
(UK ICO, September 2020)
View More Resources

ICO Resources

The Information Commissioner’s Office is the UK’s independent data protection authority. Linked below are resources from the ICO.


ICO report reviews COVID-19 data protection challenges

The U.K. Information Commissioner's Office submitted a report to U.K. Parliament discussing observations on data protection challenges and practices during the peak of the COVID-19 pandemic. Former Information Commissioner Elizabeth Denham focused the paper on how the flexibility of the data protection legislation could enable the data use while maintaining protections. The paper also looks at best practices for maintaining user trust as organizations deployed more digital and technological solu... Read More

ICO Annual Track Survey

The U.K. Information Commissioner's Office released the findings of its 2021 Annual Track survey. The survey consists of data from the ICO polling individuals to gauge their awareness of their data protection rights and trust in organizations that use their information. Click To View (PDF) ... Read More

Brexit

Luxembourg DPA publishes Brexit data transfer guidance

The Luxembourg National Commission for Data Protection published guidance on how Brexit affects international data transfers. The guidance was created to help "companies, public bodies and associations" in Luxembourg transfer information to the U.K. following the European Commission's adequacy decision adoptions, recommending each entity respect the principles of the EU General Data Protection Regulation when sending data.Full Story ... Read More

Web Conference: ‘Brexit Means Brexit’ — Unpacking the Reality. UK Data Protection Law After 2020

Original broadcast date: 24 March 2021  The Brexit transition period has ended. How does that affect you? Join us to explore the impact on U.K., EU and non-European businesses. See what's happening with EU adequacy for the U.K. and learn how the U.K.'s new international transfers regime will impact data flows. We will discuss how the EU and U.K. can manage regulatory divergence and risks to data protection in a connected world. And, we will examine how businesses should prepare for different and potentially diverging regimes in the U.K. and the EU. Read More

LinkedIn Live: ‘Privacy Implications of Brexit’

Published: January 2021 In this Linkedin Live, Covington & Burling Senior Counsel Jetty Tielemans, European Commission Head of International Data Flows and Protection Bruno Gencarelli, and Department for Digital, Culture, Media & Sport Head of U.K. International Transfer Regime Joe Jones talk about the privacy implications of Brexit. To view this video on LinkedIn, click here. To access all IAPP LinkedIn Live videos, click here. Access the IAPP's LinkedIn profile here.... Read More

Government leaders discuss state of play for UK adequacy, data transfers

After years of uncertainty in the wake of the U.K.'s vote in 2016 to leave the EU, there are finally sign posts for privacy pros to look to as both regions aim to secure cross-border data transfers through U.K. adequacy. In a massive trade agreement signed last Christmas Eve, both regions secured a temporary transfer period that provides the U.K. government and European Commission time to complete an adequacy agreement.  But, of course, the clock is ticking.  "We don't see why the U.K. shouldn... Read More