Obligations Imposed on Private Parties by the GDPR and UK Data Protection Law: Blurring the Public-Private Divide

Abstract

A profound shift across European public law has occurred as public authorities and private actors are increasingly interconnected in the exercise of public functions. This article explains the differences between the obligations imposed on private parties and public authorities by the European Union General Data Protection Regulation and UK Data Protection Bill, which is currently before the UK Parliament. It considers whether such a divide is justifiable, especially in light of private parties increasingly performing public functions, and makes recommendations for the interpretation and development of the public-private divide in the future. Although the structure adopted in the UK Data Protection Bill has the ability to achieve a coherent and appropriate public-private divide, it will present a considerable administrative challenge and must be monitored closely in the future.