The Retained EU Law (Revocation and Reform) Bill was introduced to Parliament on 22 September 2022. The Bill sets a "sunset date" of 31 December 2023 by which all remaining retained EU Law will either be repealed, unless expressly assimilated into UK domestic law. The sunset may be extended for specified pieces of retained EU Law until 2026. A large number of UK laws which cover "information rights" appear to be caught by the Bill.
Mishcon de Reya has written an open letter to the Minister of State at the Department for Digital, Culture, Media & Sport, Julia Lopez, to highlight the risk to these laws.
Dear Ms Lopez
Many of the UK’s data protection, data security and access to information laws have their roots in European Union law. In some cases (for instance in respect of data protection law, where the UK had a Data Protection Act 1984, well before the EU passed its 1995 Data Protection Directive) the UK was a key contributor to the European Union laws themselves.
The effect of The Retained EU Law (Revocation and Reform) Bill (the "Revocation Bill"), introduced into Parliament on 22 September 2022, would, however, be to remove from English law (among other laws)
- the UK GDPR
- the Privacy and Electronic Communications (EC Directive) Regulations 2003
- the Environmental Information Regulations 2004
- the Network and Information Systems Regulations 2018
- the INSPIRE Regulations 2009
- the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016
- the Re-use of Public Sector Information Regulations 2015
Together, these laws, along with some domestic laws, constitute the corpus of the UK’s statutory regime for protection of and respect for information rights.
Unless their importance is recognised, and unless therefore they are identified as retained EU laws which warrant preserving, each of these will, if the Bill is enacted, expire on 31 December 2023. This would have, frankly, a disastrous effect on UK citizens’ rights to protection of personal information and access to public information, as well as potentially compromising the security of networks and other information systems.
We are hoping that you can reassure us that necessary steps will be taken at the earliest opportunity to preserve each of these laws as part of UK law.
We are copying this open letter to the Information Commissioner, who is currently tasked with enforcing many of the laws cited.
Yours sincerely
Mishcon de Reya LLP