On November 3, 2016, the High Court handed down its much anticipated ruling in Santos and Miller v. the Secretary of State for Exiting the European Union. The Court rejected the UK Government’s contention that it has the power under the Crown’s prerogative to give notice pursuant to Article 50 of the Treaty on European Union for the UK to withdraw from the EU, holding instead that Parliament must give prior approval to the triggering of the withdrawal process. The High Court agreed with the claimants that the European Communities Act 1972 (ECA), which gave effect to EU law in the UK, gives UK citizens certain rights which will be lost once Article 50 is triggered.  The Court reiterated that in the UK Parliament is sovereign and that meant that the Government could not override the rights given by the ECA by use of its prerogative powers.  Only Parliament could take away what Parliament had given.

The UK Government has announced it will appeal the decision to the Supreme Court.  The appeal before the Supreme Court is due to begin on 5 December, with judgment expected in early January.

This ruling could have a substantial, long-term impact on the Brexit timetable. If the Supreme Court upholds the High Court’s decision, then it may well be up to Parliament whether Brexit actually happens or not or, at the very least, when it happens.

What does this mean for implementation of the General Data Protection Regulation (GDPR) in the UK? The GDPR comes into force proper in May 2018.  The Information Commissioner’s Office (“ICO”) and the Secretary of State for Culture, Media and Sport has recently confirmed that the UK will implement the GDPR whatever happens on Brexit.  This means that organizations should continue to prepare for the coming of the GDPR. The ICO is expected to publish guidance on GDPR requirements throughout the coming months.

Zerina Curevac is co-author of this article.