The UK must maintain data protection regulations in line with those of the European Union once it leaves the union if it is to remain competitive in the global digital economy, a Labour MP has said.
Daniel Zeichner was speaking in the House of Commons on Monday – Photo credit: PA
Daniel Zeichner, MP for Cambridge and chair of the All Party Parliamentary Group on data analytics, raised the issue of data protection in Monday’s adjournment debate in the House of Commons.
He said that the growth of big data presents “significant opportunities” for research and personalised services, but that there were “equally big implications” for privacy that are no longer addressed by the “outdated” Data Protection Act.
Although the EU’s General Data Protection Regulation will supersede this act when it comes into force in May 2018, Zeicher noted that “very little” had been said about what data protection law would look like after Brexit.
“The GDPR will apply directly, without needing to be transposed into national legislation, so when the UK leaves the EU our main data protection law will still be the Data Protection Act 1998, which is now not fit for purpose,” he said.
“Falling back on the old system will not be good enough; we need to be moving forward into the 21st century in data protection, not backward into the last century.”
Related content
Information commissioner says first GDPR guidance due this year
Councils sought to trial data-consent auditing service ahead of GDPR
Whitepaper: Transforming public sector productivity
Zeichner said that if the UK wanted to “remain a major player on the digital stage” it would need to adopt data protection rules “at least equivalent” to those of the EU, adding that this was particularly important for companies.
“Many businesses and services operate across borders, and international data flows are essential to UK business operations across multiple sectors,” Zeichner said. “The danger is that, to paraphrase, when it comes to data, Brexit could mean exit for tech.”
Responding to Zeichner’s speech, Matt Hancock, minister for digital and culture, said that it was right for the UK to update its data protection regime in preparation for the GDPR not only because the UK would still be in the EU in May 2018, “but because it is time to update it”.
At the moment, he said, the UK needed to “press ahead” with preparations for the GDPR, but agreed that there was work to be done to ensure that “data flows with the EU are not interrupted after we leave”.
Hancock said: “The government are considering all options for the most beneficial way of ensuring that the UK’s data protection regime continues to build a culture of data confidence and trust that safeguards citizens and supports businesses in a global data economy.”
Zeichner had also called on Hancock to explain why the Digital Economy Bill – which is due for its second reading in the House of Lords today – and the Investigatory Powers Act – which received Royal Assent last month – made “little mention” of how they would adhere to the GDPR.
However, Hancock argued that this was simply a matter of how the legislative process works.
The Digital Economy Bill, he said, had been drafted according to the current law – the Data Protection Act – because it was expected to come into force before the GDPR, and that it was not possible to draft legislation in anticipation of future legislation.
“If and when legislation is proposed to amend an existing system such as the Data Protection Act, one would expect it to include an amendment to the Digital Economy Bill, should this Parliament enact it, in order to make it consistent,” Hancock said.
“It is neither possible nor logically sensible to legislate in anticipation of future legislation, even if we fully expect it to come into force.”