Data in the News – February 2020
As of January 31st the United Kingdom left the European Union. A questions on the lips of many is “what is the impact of Brexit on GDPR”?
Nothing changes overnight. The UK is now in a transition period and has until 31 December 2020 to negotiate its future relationship with the EU. During the transition period, EU laws, including the EU GDPR (General Data Protection Regulation) will continue to apply in the UK.
What happens after the transition period is clearly explained by IT Governance;
“The EU GDPR will no longer apply directly in the UK … However, UK organisations must still comply with its requirements after this point. This is because the DPA 2018 enacts the EU GDPR’s requirements in UK law. The UK government has issued a statutory instrument – the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. This amends the DPA 2018 and merges it with the requirements of the EU GDPR to form a data protection regime that will work in a UK context after Brexit. This new regime will be known as ‘the UK GDPR’.”
There is very little material difference between the EU GDPR and the proposed UK GDPR. So, organisations that process personal data should continue to comply with the requirements of the EU GDPR.
In spite of the legal stance laid out above, UK Prime Minister, Boris Johnson, has said the UK will seek to diverge from EU data protection rules and establish their own ‘sovereign’ controls in the field. His comments came despite the EU affirming that the UK should “fully respect EU data protection rules.”
In a written statement to the House of Commons published on 3rdFebruary, the Prime Minister said that the United Kingdom will “develop separate and independent policies” in a range of fields, including data protection, adding that the government would seek to maintain high standards in so doing.
Moreover, speaking to reporters on Monday, Johnson said that the UK has no need to bind itself to an agreement with the EU. “We will restore full sovereign controls over our borders, immigration, competition, subsidy rules, procurement, data protection,” he said.
EU Startups reports that UK startup Mine, the first company to ever give people back ownership of their personal data online, has launched in the UK after raising a €2.7 million seed round backed by Battery Ventures and Saban Ventures. The tech startup empowers users to discover what the internet knows about them, as well as giving users a choice where their data should or shouldn’t be.
Founded in 2019, Mine’s mission is to build a new global privacy standard by helping people worldwide to make more informed choices about their personal data while enjoying the wonderful internet. The AI-based platform enables every digital user to discover, understand and effectively manage what the internet knows about them: their digital footprint, which has been left from signing up to online services and downloading apps, to making online purchases.
Mine then gives users ownership over their data by leveraging global privacy regulations, specifically the GDPR “right to be forgotten” clause, which allows users to request that online services delete their data. For an everyday person, there is no simple way to enforce the “right to be forgotten” which is one of the key reasons why Mine was built. If a user wants a digital service to forget them, Mine sends a reclaim request to each company on the users’ behalf, asking them to delete all records of the person’s data from their systems.
Organisers of the RideLondon cycling event are "urgently looking into" a data breach involving potential participants' personal details.
It is unclear how many applicants have been affected by the issue which saw entrants receive other people's ballot results. The events, due to be held in August, is open to 80,000 applications and last year 28,032 riders completed it.
Prudential RideLondon has apologised for the error, which has seen envelopes addressed to competitors containing letters which contained someone else's full name, address and date of birth.