Privacy & Information Security Law Blog

On January 31, 2017, the Times of London reported that UK Prime Minister Theresa May plans to invoke Article 50 of the Treaty on European Union on March 9, 2017, meaning that formal Brexit negotiations with the EU could begin thereafter. This coincides with a two-day European Council summit in Malta which the leaders of all 28 EU Member States will be attending. The report in the Times of London states that the government informed the House of Lords yesterday that it intends to secure the approval of the European Union (Notification of Withdrawal) Bill (the “Bill”)—which would give the Prime Minister the legislative power to trigger Article 50—on March 7, 2017, just two days before the summit.

The news comes as the House of Commons begins two days of debate on the Bill, which has been drafted in response to the Supreme Court’s recent judgment that Parliament must approve the triggering of the Brexit process. In its current form, the Bill contains only two sentences that allow the Prime Minister to (1) invoke Article 50 and declare the UK’s intention to leave the EU, and (2) override any contrary provisions in laws such as the European Communities Act 1972—the legislation that allowed the UK to accede to the EU. From a data protection perspective, the UK Information Commissioner’s Office has made clear that the GDPR will apply in the UK when it comes into force on May 25, 2018, and this will not be impacted by Brexit.