According to the UK’s new information commissioner, Elizabeth Denham, who was interviewed by the BBC, the UK “should adopt forthcoming EU data protection laws, despite its plan to leave the Union”.
The new EU data protection regulations are designed to strengthen the rights individuals have over their data. The rules make it mandatory for large companies to employ a data protection officer and data breaches must be reported within 72 hours.
The legislation will take effect in each Member State on 25 May 2018 and will apply to any company that handles personal data collected from people in the EU, even if that company is not based in Europe or the processing of that personal data takes place outside the EU in circumstances where goods or services are offered to people in the EU or the behaviour of people in the EU is monitored.
Denham’s view is that the UK is going to want to continue to do business with Europe and, in order for British businesses to share information and provide services for EU consumers, the law has to be equivalent.
She also confirmed that questions need to be asked of web giant Yahoo, which has admitted 500 million user accounts were breached in what it suggested was a state-sponsored attack. It is thought eight million accounts belonged to UK users. Furthermore, Ms Denham said she would probe WhatsApp’s controversial plan to share more of its users’ data with its parent company Facebook and stated that
“we [the Information Commissioner’s Office (ICO)] have launched an investigation into the data sharing, remembering that in 2014 when Facebook bought WhatsApp, there was a commitment made that between the two companies they would not share information.
“We are in a dialogue with Facebook and WhatsApp. It’s an active and important investigation. You will hear from us very shortly.”