In September 2021, the Department for Digital, Culture, Media and Sport consulted on the future of U.K. data protection law. DCMS published its response to this consultation, and a first draft of the new bill is expected imminently. DCMS recommends several changes to U.K. law. None represents a total overhaul in approach — the U.K. will retain “U.K. General Data Protection Regulation,” its existing Data Protection Act and its existing ePrivacy regulations, along with most of their existing prov... Read More

Consent is one of the EU General Data Protection Regulation legal bases that can be used to justify the collection, handling or storage of personal data. For consent to be valid, it must be clearly distinguishable from other matters, intelligible and in clear and plain language, freely given, as easy to withdraw as it was to provide, specific, informed and unambiguous (GDPR Article 6, 7 and Recitals 32, 33 and 43). In the employment context, consent is deemed to be problematic. An actual or per... Read More

The U.K. Department of Health and Social Care published a new data strategy that improves patient access to records and control of their data, including simplified opt-out processes and improved data access. The strategy focuses on seven principles “to harness the data-driven power and innovation seen during the (COVID-19) pandemic to drive transformation in health and care, creating a secure and privacy-preserving system that delivers for both patients and professionals,” the department said.Fu... Read More

In December 2020, the British government presented its national data strategy, outlining its ambition to unlock data value and promote responsible growth by reducing the administrative burden on technology innovators and digital entrepreneurs. The strategy prompted concerns in Brussels that the new U.K. data policy might strive away from the EU General Data Protection Regulation. In early 2020, Prime Minister Boris Johnson announced that the U.K. would establish its own "sovereign" rules in the... Read More

Addressing a room full of privacy professionals at the IAPP Global Privacy Summit 2022, U.K. Information Commissioner John Edwards envisioned many would be looking to regulators to “just tell us what we need to do” to minimize risks, reach compliance and reduce associated costs. “That’s fine,” Edwards said. But he was quick to point out, the most “important thing” about privacy and data protection is “the human story.” “You’re going to see your drug counselor later today. You made that insuran... Read More

The U.K. Information Commissioner's Office submitted a report to U.K. Parliament discussing observations on data protection challenges and practices during the peak of the COVID-19 pandemic. Former Information Commissioner Elizabeth Denham focused the paper on how the flexibility of the data protection legislation could enable the data use while maintaining protections. The paper also looks at best practices for maintaining user trust as organizations deployed more digital and technological solu... Read More

The Luxembourg National Commission for Data Protection published guidance on how Brexit affects international data transfers. The guidance was created to help "companies, public bodies and associations" in Luxembourg transfer information to the U.K. following the European Commission's adequacy decision adoptions, recommending each entity respect the principles of the EU General Data Protection Regulation when sending data.Full Story ... Read More

After years of uncertainty in the wake of the U.K.'s vote in 2016 to leave the EU, there are finally sign posts for privacy pros to look to as both regions aim to secure cross-border data transfers through U.K. adequacy. In a massive trade agreement signed last Christmas Eve, both regions secured a temporary transfer period that provides the U.K. government and European Commission time to complete an adequacy agreement.  But, of course, the clock is ticking.  "We don't see why the U.K. shouldn... Read More