On Thursday, April 20th, the UK government launched a “Call for Views” regarding the UK’s options for the implementation of the new EU General Data Protection Regulation (GDPR) at national level.  The consultation deadline is May 10th, at mid-day UK time.

Although the GDPR was an effort to bring greater harmonization to data protection regimes throughout the EU, it nevertheless contains a number of areas in which national laws can deviate from its default position – for instance to permit researchers to store and use health data without having to repeatedly seek consents, or to ensure that freedom of expression is not unfairly curtailed by the “right to be forgotten.”

The UK consultation therefore asks for input about how those national “derogations” should be exercised (if at all), grouping them into the following 15 “Themes”:

  1. Supervisory authority powers and procedures
  2. Sanctions
  3. Demonstrating compliance (e.g. codes of conduct and record-keeping)
  4. Data protection officers
  5. Archiving and research
  6. Third country transfers (exports of personal data to non-EEA countries)
  7. Sensitive personal data and exceptions
  8. Criminal convictions
  9. Rights and remedies (e.g. protection against algorithm-driven decision-making, and the availability of collective redress mechanisms)
  10. Processing of children’s personal data by online services (e.g. age under which apps and website must obtain consent from a parent)
  11. Freedom of expression in the media (e.g. exceptions from the “right to be forgotten” by media organisations, and from the right to information about their sources)
  12. Processing of data (a broad “theme” everything from basic fairness and “further processing” conditions, through to HR data processing, via topics as broad as information security, data protection impact assessments, and use of third party “data processors”).
  13. Restrictions (the setting aside of GDPR rules that conflict with a public interest, for instance national security)
  14. Rules surrounding churches and religious associations
  15. Additional (overarching) question: “in the context of the derogations above, what steps should the Government take to minimise the cost or burden to business of the GDPR?”
Print:
EmailTweetLikeLinkedIn
Photo of Phil Bradley-Schmieg Phil Bradley-Schmieg

Philippe Bradley-Schmieg’s practice covers a range of commercial, regulatory and intellectual property matters affecting the IT, e-health, internet media and telecoms sectors, often with a multi-jurisdictional scope.  He advises on intellectual property, compliance and policy matters such as online consumer rights, liability for…

Philippe Bradley-Schmieg’s practice covers a range of commercial, regulatory and intellectual property matters affecting the IT, e-health, internet media and telecoms sectors, often with a multi-jurisdictional scope.  He advises on intellectual property, compliance and policy matters such as online consumer rights, liability for third party content, patent, copyright and database right licensing, privacy and data protection, medical confidentiality, cybersecurity, data breach responses, and law enforcement data disclosure.  Mr. Bradley-Schmieg advises on UK, EU and international law, and has worked in London and Brussels.