1 / 15

Data Protection and the Impact of Brexit

This talk provides an overview of the legal framework for data protection and discusses the General Data Protection Regulation and its implications in the context of Brexit.

georgiabrooks
Download Presentation

Data Protection and the Impact of Brexit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DATA PROTECTION AND THE IMPACT OF BREXIT29 NOVEMBER 2016Robin WhiteOld Square Chambers

  2. This talk covers: • The legal framework – an outline • The General Data Protection Regulation & Brexit

  3. The legal framework (an outline) • DPA ss.1(1), 2 • Data processor • Data controller • Personal data • Sensitive personal data • Processing

  4. Personal data • Durant v Financial Services Authority • The information relates to the individual, and it must be found to do so in a way which might affect their privacy • The information must have the data subject as its focus and be information of a biographical nature

  5. EU Working Party Opinion 4/2007: a wider interpretation • ICO Technical Guidance Note: trying to reconcile Durant with the EU opinion • R (on the application of Kelway) v The Upper Tribunal • Edem v The ICO & Anor

  6. Data protection principles • Sch. 1, Part I and interpreted in Part II. The first principle states: • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless— • (a) at least one of the conditions in Schedule 2 is met, and • (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

  7. Rights of data subjects • Request under s.7 • s.7(9): (where) the data controller in question has failed to comply with the request in contravention of those provisions, the court may order him to comply with the request. • R (On the Application of Alan Lord) v The Secretary of State for the Home Department [2003]: “The discretion conferred by section 7(9) is general and untrammelled.

  8. Exemptions Includes: NB: S.35: Disclosures required by law or made in connection with legal proceedings • National security • Crime • Tax • Health • Education • Social work • Regulatory activity

  9. GDPR Came into force May 2016 Must be transposed by May 2018

  10. What is it? • A comprehensive re-writing of the rules • Increased obligations on controllers and processors • Definition of personal data more detailed • Accountability requirement

  11. Individuals’ rights • To be informed • Access • Rectification • Erasure (i.e. the right to be forgotten) • Restrict processing • Data portability • Object • Automated decision making and profiling

  12. Hard Brexit Repeal unlikely; but Less control on processing Fewer rights for individuals A different/lower standard of data protection than under GDPR

  13. Soft Brexit EU adequacy requirement Therefore need to comply But – e.g. Art.88 – only follow GDPR where required to do so

  14. Thank you Contact London 10 - 11 Bedford Row London WC1R 4BU DX 1046 London / Chancery Lane T 020 7269 0300 Bristol 3 Orchard Court, St Augustines Yard Bristol BS1 5DP DX 78229 Bristol 1 T 0117 930 5100 E clerks@oldsquare.co.uk W oldsquare.co.uk @OldSqChambers

More Related