Impact of Brexit on data protection: EU Home Affairs Sub-Committee hears evidence
The EU Home Affairs Sub-Committee continues to hear evidence from various experts on the implications of Brexit on the “EU data protection package”. Particularly notable are the comments of Elizabeth Denham, the UK’s Information Commissioner, regarding her hopes for the UK post-Brexit.
Unsurprisingly for Denham and perhaps reassuringly for business, “the right way forward… is to fully adopt the general data protection regulation”. However should the UK do so, questions persist as to the ICO’s role, particularly in relation to its standing with the European Data Protection Board (EDPB). Denham was keen to emphasise that the Government should do anything it can to ensure the ICO has “some status” on the EDPB. Should it not, the UK will be at the mercy of the Board’s decisions, but be without influence over its policy.
Lord O’Neil of Clackmannan, a Labour peer, was quick to point out the political obstacles that stand in the way of the ICO gaining such status: “anything that is sullied by close proximity to the European Court of Justice… is the anathema to a number of Brexiteers”. As policy decisions of the EDPB, if challenged, will ultimately end up at the ECJ, the ICO’s post-Brexit standing with the EDPB therefore remains uncertain.
The Sub-Committee transcripts are publically available here and make for an interesting read on the many complexities of Brexit from a data protection standpoint. Datonomy will continue to monitor progress in this area.
EDPS publishes opinion on the proposed “Directive on contracts for supply of digital content”
The European Data Protection Supervisor, led by Giovanni Buttarelli, recently published its Opinion on the “Proposal for a Directive on certain aspects for the supply of digital content” (the “Proposal”). The Directive, proposed in 2015 as part of the Digital Single Market, would harmonise consumer protection laws for online content. The Opinion highlights two major areas of concern surrounding data protection:
- The Proposal will be applicable both where a price is paid for digital content and where digital content is supplied in exchange for a counter-performance other than money in the form of personal data or any other data. By introducing the explicit possibility of using personal data as a counter-performance, the Proposal interferes with Article 8 (2) of the EU Charter and the data protection principles set out in the GDPR and “e-Privacy Directive”. This has alarmed the EDPS and in the Opinion it specifically warns against any new provision that introduces the idea that people can pay with their personal data in the same way they do with money.
- As the GDPR is not yet fully applicable and the proposal for new e-Privacy legislation is currently under discussion, the EDPS is keen for the EU to avoid any new proposals that upset the careful balance negotiated by the EU legislator on data protection rules. The EDPS recommends that the EU apply the GDPR as the means for regulating the use of personal data in the digital economy.
Validity of Model Clauses: Irish High Court reserves judgement in Schrems II
The Irish High Court has reserved judgement on an action by the Irish Data Commissioner to ask the ECJ to decide the validity or otherwise of the standard contractual clauses (“SCC”). Should the SCCs be ruled invalid there are potentially enormous adverse consequences for trade, business and economic interests in the EU, US and beyond. There is however a long way to go before any such decision is made. Datonomy is closely following this case and will keep you up to date with any developments.