Netherlands raises concerns on UK data adequacy after EU database copying incident

The UK faces the challenge of convincing Europe that its post-Brexit data protection will be adequate

European Union Parliament Flags

The Netherlands has refused to share criminal convictions data after the UK copied an EU database, sparking concerns whether Britain will be able to win access to European data after Brexit. 

Post Brexit, data flows between the EU and UK will fall to what's known as an adequacy decision. If the European Commission agrees that a non-EU country's data protections are adequate, it can approve the transfer and storage of European citizens' data via that country. With the UK exiting the EU, it will need such approval. 

Advertisement - Article continues below

However, at least two EU countries have raised concerns about British data standards, according to a report in the Guardian. A board meeting record seen by the newspaper reveals opposition from France and the Netherlands to sharing criminal convictions data with the UK, though each country had different motivations. 

“France are currently not engaging for political reasons, and Holland will not engage due to concerns around the UK’s data adequacy status,” the document reveals, according to the report. 

In a statement to the Guardian, the Home Office noted that the discussions in the report were relevant only for a no-deal Brexit. Under the withdrawal agreement now in place for Brexit, the UK will have a transition period until the end of 2020, during which current EU rules will continue to apply, meaning data flows won't be immediately impacted. 

Related Resource

Your guide to overcoming Brexit's data management challenges

Understand Brexit and the data law modifications it may cause

Download now

However, over those 11 months, the UK must negotiate a new agreement. If nothing is agreed by the end of 2020, Britain and its companies will need additional contracts and agreements in place to handle European data. 

Advertisement - Article continues below
Advertisement - Article continues below

This is where an adequacy agreement comes into play. If Britain is deemed "adequate", it will be allowed to handle data just as though it was still an EU country. The European Commission has adequacy agreements with countries including Israel, Canada, and the Isle of Man, as well as the US, though is limited by the Privacy Shield rules. 

While the meeting may have happened when a no-deal Brexit seemed likely, the UK will still face challenges agreeing on an adequacy deal if EU countries dispute its data protection abilities. 

The Dutch government said in a statement to The Guardian that it was concerned about one breach in particular, the illegal copying of the Schengen Information System (SIS) criminal database by British officials, which sparked a complaint from a Dutch MP who accused Britain of "behaving like cowboys".

A Dutch government spokesman told the newspaper that trust was necessary, but suggested it wouldn't necessarily block the UK from an adequacy decision: "The SIS case only serves to underline this. Given its ambitions the Netherlands actively supports the commission’s approach to achieve an adequacy decision with the UK on data protection in the field of security cooperation."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020